问题:
无法解密使用Swift CryptoKit-AES-256-GCM加密的NodeJS中的数据
乔伯寅
我试图创建一个应用程序在NodeJS(电子)作为一个跨平台桌面应用程序。这将与iOS上使用SWIFT开发的移动应用程序配对。作为共享数据的一部分,它使用AES-256-GCM算法进行加密。我在SWIFT中有以下加密和解密方法:
//listItems is an array of the following structure:
// - id: Int, title: String, data: String, ldate: String
func encrypt(listItems: [ListItem], pass: String) -> String{
let encoder = JSONEncoder()
do{
let data = try encoder.encode(listItems)
let key = SymmetricKey(data: SHA256.hash(data: pass.data(using: .utf8)!))
let iv = AES.GCM.Nonce()
let sealedBox = try AES.GCM.seal(data, using: key, nonce: iv)
return sealedBox.combined?.base64EncodedData()
}catch{
fatalError("Couldn't encrypt data\(error)")
}
}
func decrypt(data: Data, pass: String) -> [ListItem]{
do{
let key = SymmetricKey(data: SHA256.hash(data: pass.data(using: .utf8)!))
let mySealedBox = try AES.GCM.SealedBox(combined: Data(base64Encoded: data)!)
let content = try AES.GCM.open(mySealedBox, using: key)
return load(content)
}catch{
fatalError("Couldn't encrypt data\(error)")
}
}
func load<T: Decodable>(_ data: Data) -> T{
do{
let decoder = JSONDecoder()
return try decoder.decode(T.self, from: data)
}catch{
fatalError("Could not parse the data")
}
}
对于NodeJS,我有以下函数:
const crypto = require('crypto')
module.exports = {
encryptData(data,password){
let password_hash = crypto.createHash('sha256').update(password, 'utf-8').digest('hex').slice(0,32).toLowerCase();
let iv = crypto.pseudoRandomBytes(12);
iv = Buffer.from('mBj0tzBUxDFmix1T', 'base64');
let cipher = crypto.createCipheriv('aes-256-gcm', password_hash, iv);
let encryptedData = Buffer.from(cipher.update(data, 'utf8', 'hex') + cipher.final('hex'), 'hex');
console.log(' --------------- ENC BEGIN ---------------');
console.log(`IV Length: ${iv.length}`);
//console.log(`IV Base64 Length: ${iv.toString('base64').length}`);
console.log(iv.toString('base64'));
//console.log(`AuthTag Length: ${cipher.getAuthTag().length}`);
//console.log(`AuthTag Base64 Length: ${cipher.getAuthTag().toString('base64').length}`);
console.log(cipher.getAuthTag().toString('base64'));
//console.log(`Encrypted Data Length: ${encryptedData.length}`)
//console.log(`Encrypted Data Base64 Length: ${encryptedData.toString('base64').length}`)
console.log(encryptedData.toString('base64'));
console.log(' --------------- ENC END ---------------');
console.log(Buffer.concat([cipher.getAuthTag(), encryptedData]).toString('base64'));
console.log(Buffer.concat([encryptedData, cipher.getAuthTag()]).toString('base64'));
//let encryptedBuffer = Buffer.concat([iv, cipher.getAuthTag(), encryptedData]);
return iv.toString('base64') + cipher.getAuthTag().toString('base64') + encryptedData.toString('base64');
},
decryptData(data,password){
let password_hash = crypto.createHash('sha256').update(password, 'utf-8').digest('hex').slice(0,32).toLowerCase();
//let combinerBuffer = Buffer.from(data, 'base64');
//let iv = combinerBuffer.slice(0,16);
let iv = Buffer.from(data.slice(0,16), 'base64');
console.log(' --------------- DEC BEGIN ---------------');
console.log(iv.toString('base64'));
let at = Buffer.from(data.slice(16,32), 'base64');
console.log(at.toString('base64'));
let enc_buffer = Buffer.from(data.slice(32), 'base64');
console.log(enc_buffer.toString('base64'));
console.log(' --------------- DEC END ---------------');
let deciper = crypto.createDecipheriv('aes-256-gcm', password_hash, iv);
deciper.setAuthTag(at)
let dec_buf = deciper.update(enc_buffer, 'utf8') + deciper.final('utf8');
return dec_buf.toString('utf8');
}
}
-
null
下面是Java代码:
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Base64;
class CryptoTest{
public static void main(String[] args){
try{
String enc = Crypto.encrypt("This is data", "password");
String dec = Crypto.decrypt(enc,"password");
System.out.println(enc);
System.out.println(dec);
}catch(Exception ex){
System.out.println("ERROR");
}
}
private static class Crypto {
private static final int GCM_TAG_LENGTH = 16;
private static final int GCM_IV_LENGTH = 12;
private static final String ALGORITHM = "AES_256/GCM/NoPadding";
private static final String ALGORITHM_SHORT_NAME = "AES";
private static final String HASH_ALGORITHM = "SHA-256";
public static String encrypt(String plaintext, String password) throws Exception
{
//Generate the key from password
MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM);
byte[] key = md.digest(password.getBytes(StandardCharsets.UTF_8));
SecureRandom sr = new SecureRandom(password.getBytes(StandardCharsets.UTF_8));
byte[] iv = new byte[GCM_IV_LENGTH];
// sr.nextBytes(iv);
iv = Base64.getDecoder().decode("mBj0tzBUxDFmix1T");
// Get Cipher Instance
Cipher cipher = Cipher.getInstance(ALGORITHM);
// Create SecretKeySpec
SecretKeySpec keySpec = new SecretKeySpec(key, ALGORITHM_SHORT_NAME);
// Create GCMParameterSpec
GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, iv);
// Initialize Cipher for ENCRYPT_MODE
cipher.init(Cipher.ENCRYPT_MODE, keySpec, gcmParameterSpec);
// Perform Encryption
byte[] cipherText = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
//Return the IV and CipherText as Base64 encoded and appended strings
System.out.println(Base64.getEncoder().encodeToString(iv));
System.out.println(Base64.getEncoder().encodeToString(cipherText));
return Base64.getEncoder().encodeToString(iv)+Base64.getEncoder().encodeToString(cipherText);
}
public static String decrypt(String sourceText, String password) throws Exception
{
//Get the IV from cipherText
byte[] iv = Base64.getDecoder().decode(sourceText.substring(0,16));
//Get the reminder of cipherText after the iv
byte[] cipherText = Base64.getDecoder().decode(sourceText.substring(16));
//Generate the key from password
MessageDigest md = MessageDigest.getInstance(HASH_ALGORITHM);
byte[] key = md.digest(password.getBytes(StandardCharsets.UTF_8));
// Get Cipher Instance
Cipher cipher = Cipher.getInstance(ALGORITHM);
// Create SecretKeySpec
SecretKeySpec keySpec = new SecretKeySpec(key, ALGORITHM_SHORT_NAME);
// Create GCMParameterSpec
GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, iv);
// Initialize Cipher for DECRYPT_MODE
cipher.init(Cipher.DECRYPT_MODE, keySpec, gcmParameterSpec);
// Perform Decryption
byte[] decryptedText = cipher.doFinal(cipherText);
return new String(decryptedText);
}
}
}
数据:这是数据
密钥:密码
根据我所读到的,Java将生成包含AuthTag的加密文本。我尝试将AuthTag连接到加密文本,但输出始终不等于Java生成的输出。
然而,Java加密的文本可以被SWIFT CryptoKit代码毫无问题地解密。
共有1个答案
邢心水
除了Java crypto将GCM authtag放在密文的末尾(如注释所示)之外,您的Java代码使用密码的SHA256作为密钥,而nodejs使用SHA256一半的十六进制表示的ASCII字符;这是一个完全不同的值,对称(传统)密码学的全部要点是,你必须在两端使用(完全)相同的密钥。此外,您的方法转换为base64,然后与string-plus连接,然后在解码之前对base64进行切片,只有当data和IV都是3的倍数时才有效:GCM IV/nonce是12,这是可以的,示例值'This is data'也是这样,但大多数实际数据不是这样。
以下经过修改的js与您的Java相匹配。我不做SWIFT,但如果像您所说的那样,它与您的Java匹配,那么它也应该与这个JS匹配。
const crypto = require('crypto')
function encryptData(data,password){
//--let password_hash = crypto.createHash('sha256').update(password, 'utf-8').digest('hex').slice(0,32).toLowerCase();
let password_hash = crypto.createHash('sha256').update(password, 'utf-8').digest();
let iv = Buffer.from('mBj0tzBUxDFmix1T', 'base64'); // TEST ONLY SHOULD BE UNIQUE (such as random)
let cipher = crypto.createCipheriv('aes-256-gcm', password_hash, iv);
//--let encryptedData = Buffer.from(cipher.update(data, 'utf8', 'hex') + cipher.final('hex'), 'hex');
let encryptedData = Buffer.concat([cipher.update(data, 'utf8'), cipher.final()]);
//--return iv.toString('base64') + cipher.getAuthTag().toString('base64') + encryptedData.toString('base64');
return Buffer.concat([iv,encryptedData,cipher.getAuthTag()]).toString('base64');
// or just concat([iv,cipher.update(data,'utf8'),cipher.final(),cipher.getAuthTag()]).toString('base64')
}
function decryptData(data,password){
let password_hash = crypto.createHash('sha256').update(password, 'utf-8').digest(); //**
let combinerBuffer = Buffer.from(data, 'base64'); //**
let iv = combinerBuffer.slice(0,12); //**
let deciper = crypto.createDecipheriv('aes-256-gcm', password_hash, iv);
let temp = combinerBuffer.length-16;
deciper.setAuthTag(combinerBuffer.slice(temp));
return deciper.update(combinerBuffer.slice(12,temp), 'utf8') + deciper.final('utf8');
}
let p = 'password', i = 'This is data';
let c = encryptData(i,p); console.log(c);
let d = decryptData(c,p); console.log(d);
最后,对密钥使用一个快速且未加盐的密码哈希值几乎没有安全性,而且很可能会被破坏。但这是一个设计问题,因此是一个话题。如果您有能力改变这种设计并关心实际的安全性,请参阅security.sx,在那里您将找到许多建议,至少使用PBKDF2(一个迭代的、盐化的HMAC)之类的东西,或者更好地使用scrypt或ARGON2之类的较新的、内存困难的密码哈希。
另外,正如我所评论的,GCM的IV/nonce只要求是唯一的;使用安全的随机生成器是获得唯一值的一种常见方法,但不是唯一的方法。(这与CBC模式形成鲜明对比,在CBC模式中,IV必须是唯一的和不可预测的,在实践中需要随机或SIV。)
类似资料:
-
这是一个错误: 1.JS
-
我已经使用OpenSSL AES-256-GCM加密了一个文件。由于aes-256-gcm不受命令行支持,我已经安装了LibreSSL,我可以使用下面的命令加密文件的数据。 openssl ENC-AES-256-GCM-K 616161616161616161616161616161616161616161616161616161616161616161-IV 768A5C31A97D5FE9-
-
节点模块: Java类:主要方法现在只是用于测试,稍后将被删除。
-
我在这个网站上用AES-256加密一个虚拟字符串: https://www.devglan.com/online-tools/aes-encryption-decryption 具有以下参数: null 当我尝试用OpenSSL从命令行解密它时: 我得到这个错误:
-
tag到底是什么意思?我们为什么需要它?