AES - 使用 Crypto (node-js) 加密/使用 Pycrypto (python) 解密
问题描述
我写这个问题+答案是因为我很挣扎(可能是因为缺乏经验),迷失在使用 node 或 python 加密/解密事物的许多不同方式中.
I'm writing this question + answer because I struggled a lot (maybe because of a lack of experience), got lost in many different ways of encrypting/decrypting things with node or python.
我想也许我的案例可以帮助未来的人们.
I thought maybe my case could help people in the future.
我需要做什么:
- 从表单中获取数据,使用 Crypto (node-js) 对其进行加密
- 在 Python 中传递加密数据并使用 PyCrypto 解密.
我选择使用 AES 加密.
I chose to use the AES encryption.
我是这样开始的(我不会经历我尝试过的所有事情):
Here is how I started (I'm not gonna go through everything I tried):
我遵循了 this 末尾的示例页面
在我的情况下给出了:
(这可能是 javascript 和 coffeescript 的一个非常糟糕的组合)
(this might be a very bad mix between javascript and coffeescript)
crypto = require "crypto"
[...]
key = "mykeywhatever"
cipher = crypto.createCipher('aes192', key)
cipher.update('string i want to encode', 'binary', 'hex')
encoded_string = cipher.final('hex')
[...]
这可以很好地编码我的字符串.
This worked pretty fine to encode my string.
然后我编写了我的 python 脚本来解密这个字符串,使用 PyCrypto 的 github 页面上的自述文件:
Then I wrote my python script to decrypt this string, using the readme on PyCrypto's github's page:
from Crypto.Cipher import AES
[...]
my_string = data_coming_from_rabbitmq
obj = AES.new('mykeywhatever', AES.MODE_CBC)
obj.decrypt(ciphertext)
[...]
这显然不起作用:在自述文件中有一个 IV,但由于我没有在节点脚本中给出一个,为什么我要在 python 中给出一个?
This obviously didn't work: in the readme there is an IV but since I didn't gave one in the node script, why would I give one in the python one?
经过更多谷歌搜索,我了解到 node 的 Crypto 使用 OpenSSL,而 PyCrypto 显然没有.所以我调查了一下,发现了那些页面:
After more googling, I learnt that node's Crypto uses OpenSSL, while PyCrypto apparently doesn't. So I looked into that and found those pages:
- 我怎样才能解密一些东西使用 OpenSSL 加密的 PyCrypto?
- 库中的 AES 是否相同 PyCrypto &Node.JS 加密
- 还有更多...
所以事情变得复杂了,没有人做同样的事情来解密数据,我迷路了,寻求帮助.
So things got complicated, no one is doing the same thing to decrypt data, I got lost, and asked for help.
答案是我和我的同事想出的(嗯,主要是我的同事).
The answer is what my coworker and I came up with (well, mostly my corworker).
解决方案
所以我们从我如何解密... OpenSSL"的答案开始.
So we started from the "How can i decrypt... OpenSSL" 's answer.
我们需要修改加密脚本:
We needed to modify the encryption script which gave:
crypto = require "crypto"
[...]
var iv = new Buffer('asdfasdfasdfasdf')
var key = new Buffer('asdfasdfasdfasdfasdfasdfasdfasdf')
var cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
cipher.update(new Buffer("mystring"));
var enc = cipher.final('base64');
[...]
iv 需要 16 字节长,key 是 32 字节.我们将 createCipher
更改为 createCipheriv
.
iv needs to be 16bytes long, key is 32bytes. And we changed createCipher
to createCipheriv
.
回到python解密脚本:
Back to the python decryption script:
Process 只是阅读 PyCrypto 的文档,并将 与我们开始使用的代码进行比较.
Process was simply reading PyCrypto's documentation, and compare with the code we started from.
然后我们决定只 坚持API,从头开始.它给出了:
Then we decided to just stick to the API, and start from scratch. And it gave:
from base64 import b64decode
from Crypto.Cipher import AES
[...]
iv = 'asdfasdfasdfasdf'
key = 'asdfasdfasdfasdfasdfasdfasdfasdf'
encoded = b64decode('my_encrypted_string')
dec = AES.new(key=key, mode=AES.MODE_CBC, IV=iv)
value = dec.decrypt(encoded)
就这么简单...希望对大家有所帮助!
And it was as simple as that... Hope it'll help some of you!
正如 Perseids 在其回答的评论中所写,IV 必须是随机的,并且对于每条消息都不同
As Perseids wrote in the comments of his answer, the IV has to be random and different for every message
相关文章