我有以下查询.可以任何人请建议我一个解决方案.
我是第一次加密和解密文件.
我使用命令通过命令提示符加密文件:
openssl enc -aes-256-cbc -in file.txt -out file.enc -k "key value" -iv "iv value"
我必须以编程方式解密它.所以我已经为它编写了程序,但它抛出了以下错误:
./exe_file enc_file_directory ... error: 06065064: digital envelope routines: EVP_DecryptFInal_ex: bad decrypt: evp_enc.c
下面的程序将输入作为目录路径并搜索加密文件".enc"并尝试将其解密读入缓冲区.
码:
#include#include #include #include #include #include #include #include #include #include void handleErrors(char *msg) { { ERR_print_errors_fp(stderr); printf("%s", msg); abort(); } } void freeMemory(char *mem) { if (NULL != mem) { free(mem); mem = NULL; } } /* Function to decrypt the XML files */ int decryptXML(unsigned char *indata, unsigned char *outdata, int fsize) { int outlen1 = 0, outlen2 = 0; unsigned char iv[] = "b63e541bc9ece19a1339df4f8720dcc3"; unsigned char ckey[] = "70bbc518c57acca2c2001694648c40ddaf19e3b4fe1376ad656de8887a0a5ec2" ; if (NULL == indata) { printf ("input data is empty\n"); return 0; } if (0 >= fsize) { printf ("file size is zero\n"); return 0; } outdata = (char *) malloc (sizeof (char) * fsize * 2); EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); if (! EVP_DecryptInit_ex (&ctx, EVP_aes_256_cbc(), NULL, ckey, iv)) { EVP_CIPHER_CTX_cleanup(&ctx); handleErrors("DInit"); } if (! EVP_DecryptUpdate (&ctx, outdata, &outlen1, indata, fsize)) { EVP_CIPHER_CTX_cleanup(&ctx); handleErrors("DUpdate"); } if (! EVP_DecryptFinal_ex (&ctx, outdata + outlen1, &outlen2)) { EVP_CIPHER_CTX_cleanup(&ctx); handleErrors("DFinal"); } EVP_CIPHER_CTX_cleanup(&ctx); return outlen1+outlen2; } int isDirectory(char *path) { DIR *dir = NULL; FILE *fin = NULL, *fout = NULL; int enc_len = 0, dec_len = 0, fsize = 0, ksize = 0; unsigned char *indata = NULL, *outdata = NULL; char buff[BUFFER_SIZE], file_path[BUFFER_SIZE], cur_dir[BUFFER_SIZE]; struct dirent *in_dir; struct stat s; if (NULL == (dir = opendir(path))) { printf ("ERROR: Failed to open the directory %s\n", path); perror("cannot open."); exit(1); } while (NULL != (in_dir = readdir(dir))) { if (!strcmp (in_dir->d_name, ".") || !strcmp(in_dir->d_name, "..")) continue; sprintf (buff, "%s/%s", path, in_dir->d_name); if (-1 == stat(buff, &s)) { perror("stat"); exit(1); } if (S_ISDIR(s.st_mode)) { isDirectory(buff); } else { strcpy(file_path, buff); if (strstr(file_path, ".enc")) { /* File to be decrypted */ fout = fopen(file_path,"rb"); fseek (fout, 0L, SEEK_END); fsize = ftell(fout); fseek (fout, 0L, SEEK_SET); indata = (char*)malloc(fsize); fread (indata, sizeof(char), fsize, fout); if (NULL == fout) { perror("Cannot open enc file: "); return 1; } dec_len = decryptXML (indata, outdata, fsize); outdata[dec_len] = '\0'; printf ("%s\n", outdata); fclose (fin); fclose (fout); } } } closedir(dir); freeMemory(outdata); freeMemory(indata); return 1; } int main(int argc, char *argv[]) { int result; if (argc != 2) { printf ("Usage: path_of_the_files\n"); return -1; } ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); OPENSSL_config(NULL); /* Checking for the directory existance */ result = isDirectory(argv[1]); EVP_cleanup(); ERR_free_strings(); if (0 == result) return 1; else return 0; }
谢谢.
digital envelope routines: EVP_DecryptFInal_ex: bad decrypt
使用不兼容的openssl版本进行加密和解密时,也会出现此消息.
我遇到的问题是我在Windows上进行了加密,版本为1.1.0,然后在一个1.0.2g的通用Linux系统上进行解密.
这不是一个非常有用的错误消息!
我认为使用命令行进行加密的Key和IV使用你的程序是不一样的.
请注意,当您使用"-k"(不同于"-K")时,给定的输入被视为从中派生密钥的密码.通常在这种情况下,不需要"-iv"选项,因为密钥和密码都将从"-k"选项给出的输入中派生.
从您的问题来看,您不清楚如何确保密钥和IV在加密和解密之间是相同的.
在我的建议中,最好使用"-K"和"-iv"选项在加密期间明确指定密钥和IV,并使用相同的方法进行解密.如果需要使用"-k",则使用"-p"选项打印密钥,使用iv进行加密,并在解密程序中使用相同的密码.
有关详细信息,请访问https://www.openssl.org/docs/manmaster/apps/enc.html
在使用openssl命令行界面时,我遇到了类似的错误回复,同时具有正确的二进制密钥(-K)。选项“ -nopad”解决了该问题:
生成错误的示例:
echo -ne "\x32\xc8\xde\x5c\x68\x19\x7e\x53\xa5\x75\xe1\x76\x1d\x20\x16\xb2\x72\xd8\x40\x87\x25\xb3\x71\x21\x89\xf6\xca\x46\x9f\xd0\x0d\x08\x65\x49\x23\x30\x1f\xe0\x38\x48\x70\xdb\x3b\xa8\x56\xb5\x4a\xc6\x09\x9e\x6c\x31\xce\x60\xee\xa2\x58\x72\xf6\xb5\x74\xa8\x9d\x0c" | openssl aes-128-cbc -d -K 31323334353637383930313233343536 -iv 79169625096006022424242424242424 | od -t x1
结果:
bad decrypt 140181876450560:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:535: 0000000 2f 2f 07 02 54 0b 00 00 00 00 00 00 04 29 00 00 0000020 00 00 04 a9 ff 01 00 00 00 00 04 a9 ff 02 00 00 0000040 00 00 04 a9 ff 03 00 00 00 00 0d 79 0a 30 36 38
结果正确的示例:
echo -ne "\x32\xc8\xde\x5c\x68\x19\x7e\x53\xa5\x75\xe1\x76\x1d\x20\x16\xb2\x72\xd8\x40\x87\x25\xb3\x71\x21\x89\xf6\xca\x46\x9f\xd0\x0d\x08\x65\x49\x23\x30\x1f\xe0\x38\x48\x70\xdb\x3b\xa8\x56\xb5\x4a\xc6\x09\x9e\x6c\x31\xce\x60\xee\xa2\x58\x72\xf6\xb5\x74\xa8\x9d\x0c" | openssl aes-128-cbc -d -K 31323334353637383930313233343536 -iv 79169625096006022424242424242424 -nopad | od -t x1
结果:
0000000 2f 2f 07 02 54 0b 00 00 00 00 00 00 04 29 00 00 0000020 00 00 04 a9 ff 01 00 00 00 00 04 a9 ff 02 00 00 0000040 00 00 04 a9 ff 03 00 00 00 00 0d 79 0a 30 36 38 0000060 30 30 30 34 31 33 31 2f 2f 2f 2f 2f 2f 2f 2f 2f 0000100