I have several strings that were encrypted using OpenSSL. For instance:
$ echo "original string" | openssl aes-256-cbc -p -a -pass pass:secret
salt=B898FE40EC8155FD
key=4899E518743EB0584B0811AE559ED8AD9F0B5FA31B0B998FEB8453B8E3A7B36C
iv =EFA6105F30F6C462B3D135725A6E1618
U2FsdGVkX1+4mP5A7IFV/VcgRs4ci/yupMErHjf5bkT5XrcowXK7z3VyyV1l2jvy
I would like to decrypt these things using Python. I'm attempting to use PyCrypto. Here's an exmaple script using the above data:
from base64 import b64decode, b64encode
from hashlib import md5
from Crypto.Cipher import AES
secret = 'secret'
encoded = 'U2FsdGVkX1+4mP5A7IFV/VcgRs4ci/yupMErHjf5bkT5XrcowXK7z3VyyV1l2jvy'
encrypted = b64decode(encoded)
salt = encrypted[8:16]
data = encrypted[16:]
key = md5(secret + salt).hexdigest()
iv = md5(key + secret + salt).hexdigest()[0:16] # which 16 bytes?
dec = AES.new(key, AES.MODE_CBC, iv)
clear = dec.decrypt(data)
try:
salt_hex = ''.join(["%X" % ord(c) for c in salt])
print 'salt: %s' % salt_hex
print 'expected: %s' % 'B898FE40EC8155FD'
print 'key: %s' % key.upper()
print 'expected: %s' % '4899E518743EB0584B0811AE559ED8AD9F0B5FA31B0B998FEB8453B8E3A7B36C'
print 'iv: %s' % iv
print 'expected: %s' % 'EFA6105F30F6C462B3D135725A6E1618'
print 'result: %s' % clear
except UnicodeDecodeError:
print 'decryption failed'
Here's the output:
salt: B898FE40EC8155FD
expected: B898FE40EC8155FD
key: 4899E518743EB0584B0811AE559ED8AD
expected: 4899E518743EB0584B0811AE559ED8AD9F0B5FA31B0B998FEB8453B8E3A7B36C
iv: 17988376b72f4a81
expected: EFA6105F30F6C462B3D135725A6E1618
decryption failed
You can see that the salt matches, and the key matches the first half of what OpenSSL shows, so I seem to be on the right track, but there are two main questions:
- Why are the values for
keyandivfrom OpenSSL twice as long as PyCrypto (and presumably AES256) allows? - How do I generate the correct values? The technique I'm using was taken from a blog, but if the IV is always supposed to match the block size (16 bytes), MD5 will never work. And even if I could figure out where the other half of the key comes from, PyCrypto would refuse it for being too long.
I realize I'll need to remove the padding as well, but I left that out for brevity.
You have three problems:
- You use AES256 (32 byte key) in OpenSSL and AES128 (16 byte key) in your python code.
- The IV computation is wrong. Each step in the OpenSSL's key derivation function uses the the MD5 digest computed last.
- You mix up binary and hexadecimal representation. Keep any conversion to hexadecimal as the last step, before visualization.
The following code should be correct:
from base64 import b64decode, b64encode
from binascii import hexlify
from Crypto.Cipher import AES
from Crypto.Hash import MD5
secret = 'secret'
encoded = 'U2FsdGVkX1+4mP5A7IFV/VcgRs4ci/yupMErHjf5bkT5XrcowXK7z3VyyV1l2jvy'
encrypted = b64decode(encoded)
salt = encrypted[8:16]
data = encrypted[16:]
# We need 32 bytes for the AES key, and 16 bytes for the IV
def openssl_kdf(req):
prev = ''
while req>0:
prev = MD5.new(prev+secret+salt).digest()
req -= 16
yield prev
mat = ''.join([ x for x in openssl_kdf(32+16) ])
key = mat[0:32]
iv = mat[32:48]
dec = AES.new(key, AES.MODE_CBC, iv)
clear = dec.decrypt(data)
try:
salt_hex = ''.join(["%X" % ord(c) for c in salt])
print 'salt: %s' % salt_hex
print 'expected: %s' % 'B898FE40EC8155FD'
print 'key: %s' % hexlify(key).upper()
print 'expected: %s' % '4899E518743EB0584B0811AE559ED8AD9F0B5FA31B0B998FEB8453B8E3A7B36C'
print 'iv: %s' % hexlify(iv).upper()
print 'expected: %s' % 'EFA6105F30F6C462B3D135725A6E1618'
print 'result: %s' % clear
except UnicodeDecodeError:
print 'decryption failed'
来源:https://stackoverflow.com/questions/8806481/how-can-i-decrypt-something-with-pycrypto-that-was-encrypted-using-openssl