我手头有一个问题要解密遵循规范的 AES 加密密文密文包括: · 256 个字节的 RFC2898 派生的盐,后面是使用密码、“密码”和 AES 加密的消息派生四。示例消息是“这是我的秘密字符串,lorem ipsum”,密码是“密码”,使用 C# 代码加密此消息可以使用以下 c# 代码进行解密
private static readonly int SALT_SIZE = 256;
public static void Decrytor(){
// Encrypted Message
var cipherText = "i+EKwmlAF0VYh4GwDd+bGf3+yreYsPJW2Oq/w9FXjsp7RI3VqRiqtnqiAD4n6U0JJSTe2ct4B7lgrG+dHxeGcXYEYIERXvU0xnUdH+z3mRwmgYOqCU9HRUKy/z3GKISTm8qH030KTYm3YMBjnKpU8gaRcoDPP/nCiB3o5fPdyspgJgT/qt5BuvwYq7n0qg6ez/Wi4447gq/qHwG3wuuYLSBUCfmIkgGaO1KXqv3SsR8EAhrmMBmPDJfjc3sydNqs5B8J9/JvZFEZULTb8rLQZKQvgHhH9/53Bzs3zmoq0RFbgSueUbyeWb9rLAzYieTz8Yj0srG4GtwPrTPoItc6/hvx5stZ6pX8tgyk9Y3baT0JFMtGgxve7yduy8idTCQdAwRc5NOo4+CBk7P/sIw6+Q==";
var key = "password";
// Extract the salt from our cipherText
var allTheBytes = Convert.FromBase64String(cipherText);
var saltBytes = allTheBytes.Take(SALT_SIZE).ToArray();
var cipherTextBytes = allTheBytes.Skip(SALT_SIZE).Take(allTheBytes.Length - SALT_SIZE).ToArray();
var keyDerivationFunction = new Rfc2898DeriveBytes(key, saltBytes);
// Derive the previous IV from the Key and Salt
var keyBytes = keyDerivationFunction.GetBytes(32);
var ivBytes = keyDerivationFunction.GetBytes(16);
// Create a decrytor to perform the stream transform.
// Create the streams used for decryption.
// The default Cipher Mode is CBC and the Padding is PKCS7 which are both good
var aesManaged = new AesManaged();
var decryptor = aesManaged.CreateDecryptor(keyBytes, ivBytes);
var memoryStream = new MemoryStream(cipherTextBytes);
var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
var streamReader = new StreamReader(cryptoStream);
// Return the decrypted bytes from the decrypting stream.
Console.WriteLine("\n{0}\n", streamReader.ReadToEnd());
}
输出是:“这是我的秘密字符串,lorem ipsum”
但是当我尝试通过遵循 Python2.7 等效实现来解密消息时,它没有正确解密前几个字符
import base64
from Crypto.Cipher import AES
from Crypto.Protocol import KDF
def p_decrypt( self, text ):
text_dec = base64.b64decode(text)
salt = text_dec[:256]
enc_txt = text_dec[256:]
key_bytes = KDF.PBKDF2(self.key, salt, dkLen=32)
iv = KDF.PBKDF2(self.key, salt)
cipher = AES.new(key_bytes, AES.MODE_CBC, iv)
return cipher.decrypt(enc_txt)
输出为:"�增��"j�����"t string, lorem ipsum"
预期输出:“这是我的秘密字符串,lorem ipsum”
我试图找到问题所在,当我使用 C# RFC2898DeriveBytes 方法生成的 keyBytes 和 IV 时,该方法也可以正常工作 python 代码,但 python 代码没有使用 PBKDF2 生成的 keyBytes 和 IV 正确解密整个消息。
C# RFC2898DeriveBytes 和 python PBKDF2 都使用 HMACSHA1 散列算法生成 keyBytes,但 C# RFC2898DeriveBytes 方法生成不同的 keyBytes 和 IV,而 Python PBKDF2 为 IV call 返回生成的前 16 个字节的 keyBytes。
请给我一些有用的指导。
谢谢,穆默