17

我会尽量使这个简洁。

我希望能够使用我以前做过的 OpenSSL 加密和解密简单的字符串。

但是,必须满足以下条件:

  • 简单的密码短语使用(无密钥)
  • 没有输入/输出文件
  • 不提示输入密码(通过命令行选项指定任一方向)

我有 50% 在那里。我可以通过以下方式成功执行加密:

echo 'someTextIWantToEncrypt' | openssl enc -e -aes-256-cbc -nosalt -pass pass:mySecretPass

输出结果为:

(??b}n??v???>??G??.?B??~?

好,很好。现在我想解密那个字符串。所以我这样做:

echo -n '(??b}n??v???>??G??.?B??~?' | openssl enc -d -aes-256-cbc -pass pass:mySecretPass

甚至作为替代方案:

openssl enc -d -aes-256-cbc -pass pass:mySecretPass <<< '(??b}n??v???>??G??.?B??~?'

但我得到了这样的回应:

bad magic number

虽然我不想使用输入/输出文件,但该方法确实 100% 有效:

# encrypt to file
echo -n 'someTextIWantToEncrypt' | openssl enc -e -nosalt -out test.txt -aes-256-cbc -pass pass:mySecretPass 

# decrypt from file
openssl enc -d -nosalt -in test.txt -aes-256-cbc -pass pass:mySecretPass

# result of decryption (is successful):
someTextIWantToEncrypt

那么......如何在使用任何输入/输出文件的情况下实现上述解密过程?我觉得我很接近,但缺少一些小细节。

提前致谢。

4

3 回答 3

33

The problem is that encryption uses the entire ASCII character set, including unprintable characters. If you want to be able to cut and paste the encrypted data, you need to convert it to only printable characters. You can do this with the -base64 (or -a) option:

echo 'someTextIWantToEncrypt' | \
  openssl enc -base64 -e -aes-256-cbc -nosalt -pass pass:mySecretPass

KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=

Then decrypt it the same way:

echo "KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=" | \
  openssl enc -base64 -d -aes-256-cbc -nosalt -pass pass:mySecretPass

WARNING: If you're using openssl, I can only assume the confidentiality of the data, and therefore the password, is important to you. If that's the case, you should never supply a password on the command line, because it can be exposed to anyone with the privilege to run ps.

A better solution is to store the password in an environment variable and have openssl read it from there:

export passwd="mySecretPass"
echo "KPkBkGJ9bs4YHvh24xz7m9jTlYWm1LcIFcWR0DwY4PU=" | \
  openssl enc -base64 -d -aes-256-cbc -nosalt -pass env:passwd
于 2013-06-15T01:57:41.493 回答
0

解密

#!/bin/bash
clear 
# encrypt to file
echo "enter choice "
echo "1-dakr"
echo "2-gakr"
read choice 
case $choice in
1 )
echo "text?"
read text
echo "pass?"
read pass

echo -n '$text' | openssl enc -e -nosalt -out test.txt -aes-256-cbc -pass pass:$pass 
;;
2 ) 
# decrypt from file
echo "pass?"
read pass
echo "path?"
read path
openssl enc -d -nosalt -in $path -aes-256-cbc -pass pass:$pass
;;
* )
echo "shcd"
;;
esac

Decrypt 的输出是 $text 如何解决?

于 2018-04-07T17:42:39.587 回答
0

我知道这很旧,但其他人刚刚向我展示了这个问题。我有一个 TCL 脚本可以轻松实现这一点,并且可以修改为与您正在使用的任何 shell 一起使用,它包含以下几行:

if {[catch {set lines [exec echo -n $tte | openssl enc -$cipher -a -pbkdf2 -iter $iterations -pass pass:$fkey]} msg]} {
     tk_messageBox -message $msg
     return
}

其中$tte= 要加密的文本,$cipher并且$iterations是不言自明的,并且$fkey是传递给 openssl 的密码。只需添加一个-d开关即可解密。

于 2022-02-21T15:42:42.727 回答