openssl与cryptoAPI交互AES加密解密
继上次只有CryptoAPI的加密后,这次要实现openssl的了
动机:利用CryptoAPI制作windows的IE,火狐和chrome加密控件后,这次得加上与android的加密信息交互
先前有说openssl移植到android的过程,这里就不再提android如何调用openssl了,
而那一篇第9条提到的openssl与cryptoAPI兼容的两种方式感觉实现都不太好用,这里再次提出一种AES加密的实现方式
写这边文章的最主要的原因,用过CryptoAPI的都知道,很多东西都封装了,如果要与其他加密组件交互,得用其他组件来实现CryptoAPI的思路
环境:windows visual studio 2010,openssl windows(x86)动态库
在CryptoAPI中进行AES加密解密,有一种实现方式是调用CryptDeriveKey通过提供的字节数组的hash值获取key
先来看下CryptoAPI实现AES,来个简单点的版本
- void cryptoAPI_encrypt(string text,unsigned char* pwd,unsigned char** encryptText,int &out_len)
- {
- HCRYPTPROV hCryptProv = NULL;
- HCRYPTKEY hKey = 0;
- HCRYPTHASH hHash = 0;
- int dwLength = 0;
- if(!CryptAcquireContext(&hCryptProv,
- NULL,
- CSP_NAME,//CSP_NAME
- PROV_RSA_AES,
- CRYPT_VERIFYCONTEXT))
- {
- DWORD dwLastErr = GetLastError();
- if(NTE_BAD_KEYSET == dwLastErr)
- {
- return;
- }
- else{
- if(!CryptAcquireContext(&hCryptProv,
- NULL,
- CSP_NAME,
- PROV_RSA_AES,
- CRYPT_NEWKEYSET))
- {
- return;
- }
- }
- }
- if(!CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &hHash))
- {
- return;
- }
- BYTE *pPwd = pwd;
- if(!CryptHashData(hHash, pPwd, 16, 0))
- {
- return;
- }
- if(!CryptDeriveKey(hCryptProv, CALG_AES_128, hHash, CRYPT_EXPORTABLE, &hKey))
- {
- return;
- }
- int len = text.length();
- BYTE *pData ;
- pData = (BYTE*)malloc(len*4);
- memcpy(pData,text.c_str(),len);
- DWORD dwLen = len;
- if(!CryptEncrypt(hKey, NULL, true, 0, pData, &dwLen, len*4))
- {
- return;
- }
- cout <<"--------------------------" << endl << "cryptoAPI encrypt"<<endl;
- printBytes(pData,dwLen);
- *encryptText = pData;
- out_len = dwLen;
- CryptDestroyHash(hHash);
- CryptDestroyKey(hKey);
- CryptReleaseContext(hCryptProv,0);
- }
这里将传进来的字节数组密钥先进行MD5摘要后,再通过CryptoDeriveKey来得到最后用来加密的密钥
openssl要以同样的方式做一次这个步骤,首先是MD5摘要,相对比较简单
- unsigned char* openssl_md5(unsigned char*sessionKey,size_t n)
- {
- unsigned char *ret = (unsigned char*)malloc(MD5_DIGEST_LENGTH);
- MD5(sessionKey,n,ret);
- return ret;
- }
然后再来实现CryptoDeriveKey,先来看下MSDN上对于这个函数的说明
主要看remarks里面的实现步骤:
- Let n be the required derived key length, in bytes. The derived key is the first n bytes of the hash value after the hash computation has been completed by CryptDeriveKey. If the hash is not a member of the SHA-2 family and the required key is for either 3DES or AES, the key is derived as follows:
- 1.Form a 64-byte buffer by repeating the constant 0x36 64 times. Let k be the length of the hash value that is represented by the input parameter hBaseData. Set the first k bytes of the buffer to the result of an XOR operation of the first k bytes of the buffer with the hash value that is represented by the input parameter hBaseData.
- 2.Form a 64-byte buffer by repeating the constant 0x5C 64 times. Set the first k bytes of the buffer to the result of an XOR operation of the first k bytes of the buffer with the hash value that is represented by the input parameter hBaseData.
- 3.Hash the result of step 1 by using the same hash algorithm as that used to compute the hash value that is represented by the hBaseData parameter.
- 4.Hash the result of step 2 by using the same hash algorithm as that used to compute the hash value that is represented by the hBaseData parameter.
- 5.Concatenate the result of step 3 with the result of step 4.
- 6.Use the first n bytes of the result of step 5 as the derived key.
非常简单的英文,不做翻译了...
直接上openssl代码实现
- //参见 http://msdn.microsoft.com/en-us/library/aa379916(v=vs.85).aspx remarks步骤
- unsigned char* derivedKey(unsigned char*sessionKey/*hash后的值*/,size_t n/*密钥长度*/)
- {
- /**step 1*/
- unsigned char* buffer = (unsigned char*)malloc(64);
- for(int i = 0 ; i < 64;i++)
- {
- buffer[i] = 0x36;
- }
- int k = n;
- for(int i = 0 ; i < k ; i++)
- {
- buffer[i] = buffer[i] ^ sessionKey[i];
- }
- /*step 2*/
- unsigned char* buffer2 = (unsigned char*)malloc(64);
- for(int i = 0 ; i < 64;i++)
- {
- buffer2[i] = 0x5C;
- }
- for(int i = 0 ; i < k ; i++)
- {
- buffer2[i] = buffer2[i] ^ sessionKey[i];
- }
- /*step 3*/
- unsigned char* ret1 = openssl_md5(buffer,64);
- /*step 4*/
- unsigned char* ret2 = openssl_md5(buffer2,64);
- unsigned char* ret = (unsigned char*)malloc(128);
- for(int i = 0 ; i < 128;i++)
- {
- if(i<64)
- ret[i] = ret1[i];
- else
- ret[i] = ret2[i-64];
- }
- return ret;
- }
最麻烦的地方解决了...剩下再按照CryptoAPI的实现顺序实现吧
- void openssl_aes_encrypt(string text,unsigned char** SessionKey_out/*这里主要用作将产生的对称密钥输出*/,unsigned char* sEncryptMsg,int &len)
- {
- OpenSSL_add_all_algorithms();
- //产生会话密钥
- *SessionKey_out = (unsigned char*)malloc(MD5_SIZE);
- RAND_bytes(*SessionKey_out,MD5_SIZE);//产生随机密钥,输出之后可以给其他方法是用了
- unsigned char* SessionKey = openssl_md5(*SessionKey_out,MD5_SIZE);
- SessionKey = derivedKey(SessionKey,MD5_SIZE);
- const unsigned char* sMsg = (const unsigned char*)text.c_str();
- int cbMsg = text.length();
- int cbEncryptMsg;
- //加密
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- if(EVP_EncryptInit_ex(&ctx,EVP_get_cipherbynid(NID_aes_128_cbc),NULL,SessionKey,NULL))
- {
- int offseti=0;//in
- int offseto=0;//out
- int offsett=0;//temp
- for(;;)
- {
- if(cbMsg-offseti<=MAX_ENCRYPT_LEN)
- {
- EVP_EncryptUpdate(&ctx, sEncryptMsg+offseto, &offsett, sMsg+offseti, cbMsg-offseti);
- offseto+=offsett;
- break;
- }
- else
- {
- EVP_EncryptUpdate(&ctx, sEncryptMsg+offseto, &offsett, sMsg+offseti, MAX_ENCRYPT_LEN);
- offseti+=MAX_ENCRYPT_LEN;
- offseto+=offsett;
- }
- }
- EVP_EncryptFinal_ex(&ctx, sEncryptMsg+offseto, &offsett);
- offseto+=offsett;
- cbEncryptMsg=offseto;
- }
- EVP_CIPHER_CTX_cleanup(&ctx);
- std::cout << "openssl encrypt:" << std::endl;
- printBytes(sEncryptMsg,cbEncryptMsg);
- len = cbEncryptMsg;
- }
加密的搞定了,可以尝试下了,同样的密钥和同样的明文,密文输出结果是一样的就对了
下面是CrytpoAPI的解密:
- void cryptAPI_decrypt(unsigned char* text,int len,unsigned char* pwd)
- {
- HCRYPTPROV hCryptProv = NULL;
- HCRYPTKEY hKey = 0;
- HCRYPTHASH hHash = 0;
- int dwLength = 0;
- if(!CryptAcquireContext(&hCryptProv,
- NULL,
- CSP_NAME,//CSP_NAME
- PROV_RSA_AES,
- CRYPT_VERIFYCONTEXT))
- {
- DWORD dwLastErr = GetLastError();
- if(NTE_BAD_KEYSET == dwLastErr)
- {
- return;
- }
- else{
- if(!CryptAcquireContext(&hCryptProv,
- NULL,
- CSP_NAME,
- PROV_RSA_AES,
- CRYPT_NEWKEYSET))
- {
- return;
- }
- }
- }
- if(!CryptCreateHash(hCryptProv, CALG_MD5, 0, 0, &hHash))
- {
- return;
- }
- BYTE *pPwd = pwd;
- if(!CryptHashData(hHash, pPwd, 16, 0))
- {
- return;
- }
- if(!CryptDeriveKey(hCryptProv, CALG_AES_128, hHash, CRYPT_EXPORTABLE, &hKey))
- {
- return;
- }
- BYTE *pData = text;
- DWORD dwLen = len;
- if(!CryptDecrypt(hKey, NULL, true, 0, pData, &dwLen))
- {
- return;
- }
- cout <<"--------------------------" << endl << "cryptoAPI decrypt"<<endl;
- char* plainText = (char*)malloc(dwLen + 1);
- memcpy(plainText,pData,dwLen);
- plainText[dwLen] = '\0';
- cout << plainText << endl;
- CryptDestroyHash(hHash);
- CryptDestroyKey(hKey);
- CryptReleaseContext(hCryptProv,0);
- }
尝试用这个方法解密CryptoAPI的加密和openssl的加密吧,都能输出明文的
再来最后一个,openssl的解密
- void openssl_aes_decrypt(unsigned char* text,int len,unsigned char* SessionKeyP)
- {
- unsigned char* decryptMsg = (unsigned char*)malloc(len);
- OpenSSL_add_all_algorithms();
- unsigned char* SessionKey = openssl_md5(SessionKeyP,MD5_SIZE);
- SessionKey = derivedKey(SessionKey,MD5_SIZE);
- const unsigned char* sMsg = text;
- int cbMsg = len;
- int cbEncryptMsg;
- //解密
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- if(EVP_DecryptInit_ex(&ctx,EVP_get_cipherbynid(NID_aes_128_cbc),NULL,SessionKey,NULL))
- {
- int offseti=0;//in
- int offseto=0;//out
- int offsett=0;//temp
- for(;;)
- {
- if(cbMsg-offseti<=MAX_ENCRYPT_LEN)
- {
- EVP_DecryptUpdate(&ctx, decryptMsg+offseto, &offsett, sMsg+offseti, cbMsg-offseti);
- offseto+=offsett;
- break;
- }
- else
- {
- EVP_DecryptUpdate(&ctx, decryptMsg+offseto, &offsett, sMsg+offseti, MAX_ENCRYPT_LEN);
- offseti+=MAX_ENCRYPT_LEN;
- offseto+=offsett;
- }
- }
- EVP_DecryptFinal_ex(&ctx, decryptMsg+offseto, &offsett);
- offseto+=offsett;
- cbEncryptMsg=offseto;
- }
- EVP_CIPHER_CTX_cleanup(&ctx);
- std::cout << "openssl decrypt:" << std::endl;
- char* ret = (char*)malloc(cbEncryptMsg + 1);
- memcpy(ret,decryptMsg,cbEncryptMsg);
- ret[cbEncryptMsg] = '\0';
- std::cout << ret << endl;
- }
测试下:
- int _tmain(int argc, _TCHAR* argv[])
- {
- string text = "texttexttexttexttext";
- unsigned char* key;
- unsigned char* sEncryptMsg = (unsigned char*)malloc(text.size() + MD5_SIZE);
- int len;
- openssl_aes_encrypt(text,&key,sEncryptMsg,len);
- unsigned char** sEncryptMsg_crypto = (unsigned char**)malloc(sizeof(unsigned char*));
- int len_crypto;
- cryptoAPI_encrypt(text,key,sEncryptMsg_crypto,len_crypto);
- cout << "-----------------------------" << endl<<"cryptoAPI decrypt openssl"<<endl;
- //cryptAPI_decrypt(sEncryptMsg,len,key);
- cout << "-----------------------------" << endl<<"cryptoAPI decrypt cryptoAPI"<<endl;
- //cryptAPI_decrypt(*sEncryptMsg_crypto,len_crypto,key);
- cout << "-----------------------------" << endl<<"oepnssl decrypt openssl"<<endl;
- //openssl_aes_decrypt(sEncryptMsg,len,key);
- cout << "-----------------------------" << endl<<"oepnssl decrypt cryptoAPI"<<endl;
- //openssl_aes_decrypt(*sEncryptMsg_crypto,len_crypto,key);
- return 0;
- }
openssl与cryptoAPI交互AES加密解密的更多相关文章
- ruby AES加密解密
		最近和京东合作做一个项目,在接口对接传递参数时,参数需要通过AES加密解密. 本来想到用gem 'aescrypt'处理,但是aescrypt的编码方式用的base64,而京东那边用的是16进制.所以 ... 
- 你真的了解字典(Dictionary)吗?  C# Memory Cache 踩坑记录  .net 泛型  结构化CSS设计思维  WinForm POST上传与后台接收  高效实用的.NET开源项目  .net 笔试面试总结(3)  .net 笔试面试总结(2)  依赖注入  C# RSA 加密  C#与Java AES 加密解密
		你真的了解字典(Dictionary)吗? 从一道亲身经历的面试题说起 半年前,我参加我现在所在公司的面试,面试官给了一道题,说有一个Y形的链表,知道起始节点,找出交叉节点.为了便于描述,我把上面 ... 
- 非对称技术栈实现AES加密解密
		非对称技术栈实现AES加密解密 正如前面的一篇文章所述,https协议的SSL层是实现在传输层之上,应用层之下,也就是说在应用层上看到的请求还是明码的,对于某些场景下要求这些http请求参数是非可读的 ... 
- C#中使用DES和AES加密解密
		C#中使用DES和AES加密解密 2008-01-12 09:37 using System;using System.Text;using System.Security.Cryptography; ... 
- C#, Java, PHP, Python和Javascript几种语言的AES加密解密实现[转载]
		原文:http://outofmemory.cn/code-snippet/35524/AES-with-javascript-java-csharp-python-or-php c#里面的AES加密 ... 
- java使用AES加密解密 AES-128-ECB加密
		java使用AES加密解密 AES-128-ECB加密 import javax.crypto.Cipher; import javax.crypto.spec.SecretKeySpec; impo ... 
- AES加密解密——AES在JavaWeb项目中前台JS加密,后台Java解密的使用
		一:前言 在软件开发中,经常要对数据进行传输,数据在传输的过程中可能被拦截,被监听,所以在传输数据的时候使用数据的原始内容进行传输的话,安全隐患是非常大的.因此就要对需要传输的数据进行在客户端进行加密 ... 
- AES加密解密 助手类 CBC加密模式
		"; string result1 = AESHelper.AesEncrypt(str); string result2 = AESHelper.AesDecrypt(result1); ... 
- php与java通用AES加密解密算法
		AES指高级加密标准(Advanced Encryption Standard),是当前最流行的一种密码算法,在web应用开发,特别是对外提供接口时经常会用到,下面是我整理的一套php与java通用的 ... 
随机推荐
- c++学习笔记4:如何写好注释
			1.单行注释一般放在语句的上方: // cout and endl live in the iostream library std::cout << "Hello world! ... 
- MyBatis对应的xml的数据类型
			MyBatis对应的xml的数据类型 JDBC Type Java TypeCHAR StringVARCHAR StringLONGVARCHAR StringNUMERIC java.math.B ... 
- Hierarchical Token Bucket
			例子一: # tc qdisc add dev eth0 root handle 1: htb default 30 # tc class add dev eth0 parent 1: classid ... 
- CMOS、BIOS
			CMOS主要的功能为记录主板上面的主要参数,包括系统时间.CPU电压与频率.各项设备的I/O地址与IRQ等,由于这些数据的记录要花费电力,因此主板上面才有电池. BIOS为写入到主板上某一块闪存或EE ... 
- Spring 框架获取 datasource对象的方法
			1,使用org.springframework.jdbc.datasource.DriverManagerDataSource 2.使用org.apache.commons.dbcp.BasicDa ... 
- 230. Kth Smallest Element in a BST
			Given a binary search tree, write a function kthSmallest to find the kth smallest element in it. Not ... 
- 隐马尔科夫模型(HMM)的概念
			定义隐马尔科夫模型可以用一个三元组(π,A,B)来定义:π 表示初始状态概率的向量A =(aij)(隐藏状态的)转移矩阵 P(Xit|Xj(t-1)) t-1时刻是j而t时刻是i的概率B =(bij) ... 
- 转ORA-28002: the password will expire within 7 days 解决方法
			最后一步要改密码,否则还会报错. 1. 查看用户的profile设置: SELECT username,profile FROM dba_users; 一般用户的profile设置都为DEFAULT. ... 
- 文件的搜寻【转vbird】
			which (寻找『运行档』) [root@www ~]# which [-a] command 选项或参数: -a :将所有由 PATH 目录中可以找到的命令均列出,而不止第一个被找到的命令名称 分 ... 
- php strtotime 和 date 日期操作
			time()得到的数值是1970-1-1到现在的秒数,strtotime("now")也是,两个值是相同的. http://doc.thinkphp.cn/manual/syste ... 
