Fatal编程技术网
  • python/
  • 仅使用OpenSSL解密用Python加密的文件

仅使用OpenSSL解密用Python加密的文件

python openssl cryptography

仅使用OpenSSL解密用Python加密的文件,python,openssl,cryptography,aes,rsa,Python,Openssl,Cryptography,Aes,Rsa,我有一个用Python和pycryptodome加密的文件,如下所示: from Crypto.PublicKey import RSA from Crypto.Random import get_random_bytes from Crypto.Cipher import AES, PKCS1_OAEP key = RSA.generate(2048) secret_key = key.exportKey(passphrase='letmein', pkcs=8, protection='s

我有一个用Python和
pycryptodome
加密的文件,如下所示:

from Crypto.PublicKey import RSA
from Crypto.Random import get_random_bytes
from Crypto.Cipher import AES, PKCS1_OAEP

key = RSA.generate(2048)
secret_key = key.exportKey(passphrase='letmein', pkcs=8, protection='scryptAndAES128-CBC')
public_key = key.publickey().exportKey()

rsa_key = RSA.importKey(public_key)
session_key = get_random_bytes(16)
cipher_rsa = PKCS1_OAEP.new(rsa_key)
cipher_aes = AES.new(session_key, AES.MODE_EAX)
ciphertext, tag = cipher_aes.encrypt_and_digest(data)

dst.write(cipher_rsa.encrypt(session_key))
dst.write(cipher_aes.nonce)
dst.write(tag)
dst.write(ciphertext)

rsa_key = RSA.importKey(secret_key, 'letmein')

enc_session_key, nonce, tag, ciphertext = [
    src.read(x) for x in (rsa_key.size_in_bytes(), 16, 16, -1)
]

cipher_rsa = PKCS1_OAEP.new(rsa_key)
session_key = cipher_rsa.decrypt(enc_session_key)
cipher_aes = AES.new(session_key, AES.MODE_EAX, nonce)

decoded = cipher_aes.decrypt_and_verify(ciphertext, tag)
我可以这样解码:

from Crypto.PublicKey import RSA
from Crypto.Random import get_random_bytes
from Crypto.Cipher import AES, PKCS1_OAEP

key = RSA.generate(2048)
secret_key = key.exportKey(passphrase='letmein', pkcs=8, protection='scryptAndAES128-CBC')
public_key = key.publickey().exportKey()

rsa_key = RSA.importKey(public_key)
session_key = get_random_bytes(16)
cipher_rsa = PKCS1_OAEP.new(rsa_key)
cipher_aes = AES.new(session_key, AES.MODE_EAX)
ciphertext, tag = cipher_aes.encrypt_and_digest(data)

dst.write(cipher_rsa.encrypt(session_key))
dst.write(cipher_aes.nonce)
dst.write(tag)
dst.write(ciphertext)

rsa_key = RSA.importKey(secret_key, 'letmein')

enc_session_key, nonce, tag, ciphertext = [
    src.read(x) for x in (rsa_key.size_in_bytes(), 16, 16, -1)
]

cipher_rsa = PKCS1_OAEP.new(rsa_key)
session_key = cipher_rsa.decrypt(enc_session_key)
cipher_aes = AES.new(session_key, AES.MODE_EAX, nonce)

decoded = cipher_aes.decrypt_and_verify(ciphertext, tag)
是否有一种方法可以使用带有
openssl
的命令行对文件进行解密?或者我应该如何修改代码以使其成为可能

您可以对单独的组件进行base64编码,然后使用分隔符将其拆分。命令行主要是基于文本的,因此在Bash中编程会更容易

EAX模式不受直接支持,因此尝试CBC模式会更容易。OpenSSL命令行目前似乎不支持任何AEAD密码,因此您将失去它可能提供的真实性

最后,似乎不支持OAEP和密码的组合,因此您可能必须处理二进制结果并将其转换为对称密码,例如以十六进制表示