2. it
  3. openssl aes加解密的使用

openssl aes加解密的使用

mac2024-03-29  33

1、先写一个用于生产二进制文件的工具 使用说明:新建main.c,将代码拷贝到main.c中,在linux环境下执行gcc main.c -o x,输出可执行文件x

#include <stdio.h> int write_the_same_datas(char *name,unsigned int len,char value) { FILE *fp; int i; fp = fopen(name,"w"); if(NULL == fp) { printf("fopen %s failed\n",(name)); return -1; } for(i=0;i<len;i++) fputc(value,fp); fclose(fp); } int write_the_increase_datas(char *name,unsigned int len,char start,char end) { FILE *fp; int i,x; fp = fopen(name,"w"); if(NULL == fp) { printf("fopen %s failed\n",(name)); return -1; } if(start > end) { printf("start is smaller end!! error!!\n"); } x=start; for(i=0;i<len;i++) { fputc(x,fp); if(x == end) x = start; else x++; } fclose(fp); } int write_the_decrease_datas(char *name,unsigned int len,char start,char end) { FILE *fp; int i,x; fp = fopen(name,"w"); if(NULL == fp) { printf("fopen %s failed\n",(name)); return -1; } if(start < end) { printf("start is bigger end!! error!!\n"); } x=start; for(i=0;i<len;i++) { fputc(x,fp); if(x == end) x = start; else x--; } fclose(fp); } int main(int argc, char *argv[]) { unsigned int len; char *cmd,*filename; unsigned int value,start,end; filename = argv[1]; cmd = argv[2]; // increase decrease same sscanf(argv[3],"0x%x",&len); if (memcmp(cmd,"increase",8) == 0) { sscanf(argv[4],"0x%x",&start); sscanf(argv[5],"0x%x",&end); write_the_increase_datas(filename,len,(unsigned char)(start & 0xff),(unsigned char)(end & 0xff)); return 0; } else if (memcmp(cmd,"decrease",8) == 0) { sscanf(argv[4],"0x%x",&start); sscanf(argv[5],"0x%x",&end); write_the_decrease_datas(filename,len,(unsigned char)(start & 0xff),(unsigned char)(end & 0xff)); return 0; } else if (memcmp(cmd,"same",4) == 0) { sscanf(argv[4],"0x%x",&value); write_the_same_datas(filename,len,(unsigned char)(value & 0xff)); } }

2、生产加解密使用的源文件 (1) 生成输入文件 (如生成一个长度为16bytes的文件,文件内容全是0x3) ./x “in-16.data” same 0x10 0x3

(2) 生成输入key文件 (如生成一个长度为16bytes的文件,文件内容全是0x0-0xf递增) ./x “key-16.data” increase 0x10 0x0 0xf

3、使用openssl命令,执行加密操作 (如ECB加密,key-256) openssl enc -aes-256-ecb -in in-16.data -K 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F -out enc.log && md5sum enc.log

enc.log中的内容,就是ECB加密后的内容了,注意该输出文件enc.log在尾端会多产生16bytes,可以使用如下命令去尾端: name=“enc.log”;a=ls $name -l | awk '{print $5}';b= [ [ [a-16];head -c $b $name>out.log

这样out.log中的数据,就是加密后的数据了

hash计算: openssl sha -sha256 filename SHA256(filename)= e3fdd945d31029a1d0937cd8f0d23407

$ openssl sha -h unknown option ‘-h’ options are -c to output the digest with separating colons -r to output the digest in coreutils format -d to output debug info -hex output as hex dump -binary output in binary form -hmac arg set the HMAC key to arg -non-fips-allow allow use of non FIPS digest -sign file sign digest using private key in file -verify file verify a signature using public key in file -prverify file verify a signature using private key in file -keyform arg key file format (PEM or ENGINE) -out filename output to filename rather than stdout -signature file signature to verify -sigopt nm:v signature parameter -hmac key create hashed MAC with key -mac algorithm create MAC (not neccessarily HMAC) -macopt nm:v MAC algorithm parameters or key -engine e use engine e, possibly a hardware device. -md4 to use the md4 message digest algorithm -md5 to use the md5 message digest algorithm -ripemd160 to use the ripemd160 message digest algorithm -sha to use the sha message digest algorithm -sha1 to use the sha1 message digest algorithm -sha224 to use the sha224 message digest algorithm -sha256 to use the sha256 message digest algorithm -sha384 to use the sha384 message digest algorithm -sha512 to use the sha512 message digest algorithm -whirlpool to use the whirlpool message digest algorithm

2、使用RSA密钥进行签名验证操作 https://www.linuxidc.com/Linux/2016-04/130492.htm /摘要算法选取sha256,密钥RSA密钥,对file.txt进行签名/ linuxidc@linuxidc:~/test$ openssl dgst -sign RSA.pem -sha256 -out sign.txt file.txt /使用RSA密钥验证签名(prverify参数),验证成功/ linuxidc@linuxidc:~/test$ openssl dgst -prverify RSA.pem -sha256 -signature sign.txt file.txt Verified OKt /从密钥中提取公钥/ linuxidc@linuxidc:~/test$ openssl rsa -in RSA.pem -out pub.pem -pubout writing RSA key /使用RSA公钥验证签名(verify参数),验证成功/ linuxidc@linuxidc:~/test$ openssl dgst -verify pub.pem -sha256 -signature sign.txt file.txt Verified OK

最新回复(0)