Ruby 中的 SJCL AES-128-CCM 解密
Posted
技术标签:
【中文标题】Ruby 中的 SJCL AES-128-CCM 解密【英文标题】:SJCL AES-128-CCM decryption in Ruby 【发布时间】:2013-04-08 07:27:56 【问题描述】:我正在尝试在 Ruby 中实现 aes-128-ccm 加密字符串的 SJCL 解密。在阅读了similar question 之后,我看到更新版本的 OpenSSL 库应该支持这一点,所以我已经将开发版本从 github 安装到 /opt
执行此操作后,当我运行 /opt/bin/openssl 密码时,我在列表中看不到 aes-128-ccm 密码:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DH-RSA-DES-CBC-SHA:DH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DH-RSA-DES-CBC-SHA:EXP-DH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5
但如果我运行 /opt/bin/openssl enc -help 2>&1 我会看到“-aes-128-ccm”:
-aes-128-cbc -aes-128-ccm -aes-128-cfb
-aes-128-cfb1 -aes-128-cfb8 -aes-128-ctr
-aes-128-ecb -aes-128-gcm -aes-128-ofb
-aes-128-xts -aes-192-cbc -aes-192-ccm
-aes-192-cfb -aes-192-cfb1 -aes-192-cfb8
-aes-192-ctr -aes-192-ecb -aes-192-gcm
-aes-192-ofb -aes-256-cbc -aes-256-ccm
-aes-256-cfb -aes-256-cfb1 -aes-256-cfb8
-aes-256-ctr -aes-256-ecb -aes-256-gcm
-aes-256-ofb -aes-256-xts -aes128
-aes192 -aes256 -bf
-bf-cbc -bf-cfb -bf-ecb
-bf-ofb -blowfish -camellia-128-cbc
-camellia-128-cfb -camellia-128-cfb1 -camellia-128-cfb8
-camellia-128-ecb -camellia-128-ofb -camellia-192-cbc
-camellia-192-cfb -camellia-192-cfb1 -camellia-192-cfb8
-camellia-192-ecb -camellia-192-ofb -camellia-256-cbc
-camellia-256-cfb -camellia-256-cfb1 -camellia-256-cfb8
-camellia-256-ecb -camellia-256-ofb -camellia128
-camellia192 -camellia256 -cast
-cast-cbc -cast5-cbc -cast5-cfb
-cast5-ecb -cast5-ofb -des
-des-cbc -des-cfb -des-cfb1
-des-cfb8 -des-ecb -des-ede
-des-ede-cbc -des-ede-cfb -des-ede-ofb
-des-ede3 -des-ede3-cbc -des-ede3-cfb
-des-ede3-cfb1 -des-ede3-cfb8 -des-ede3-ofb
-des-ofb -des3 -desx
-desx-cbc -gost89 -gost89-cnt
-id-aes128-CCM -id-aes128-GCM -id-aes192-CCM
-id-aes192-GCM -id-aes256-CCM -id-aes256-GCM
-idea -idea-cbc -idea-cfb
-idea-ecb -idea-ofb -rc2
-rc2-40-cbc -rc2-64-cbc -rc2-cbc
-rc2-cfb -rc2-ecb -rc2-ofb
-rc4 -rc4-40 -rc4-hmac-md5
-seed -seed-cbc -seed-cfb
-seed-ecb -seed-ofb
我使用以下命令重新安装了 ruby 2.0.0p0 和 rvm:rvm reinstall 2.0.0 --with-openssl-dir=/opt(在上述文章中给出)。然后运行cipher = OpenSSL::Cipher.new('aes-128-ccm')。返回以下错误:
unsupported cipher algorithm (aes-128-ccm)
我的问题是如何在 Ruby 中添加对 AES-128-CCM 的支持/我在这里做错了什么?
【问题讨论】:
它是否出现在 OpenSSL::Cipher.ciphers 列表中?检查你是否真的链接到了正确的 openssl 库。在 linux 上,ldd /path/to/ruby 应该列出 libcrypt.so 链接require 'openssl'; puts OpenSSL::VERSION 带给你什么?
【参考方案1】:
好的,我已经成功了,这就是我所做的:
首先从github获取OpenSSL源码:
$ git clone https://github.com/openssl/openssl.git
$ cd openssl/
如果您想要与我使用的完全相同的版本,请执行以下操作:
$ git checkout 5ae8d6bcbaff99423a2608559d738a3fcf7ed6dc -b tmp
现在在某个目录中使用共享库构建 OpenSSL:
$ ./config shared --prefix=/home/jbr/local/openssl
$ make depend
$ make
$ make install
确保您有 ccm 支持:
$ /home/jbr/local/openssl/bin/openssl enc -help 2>&1 | grep "ccm"
-aes-128-ccm -aes-128-cfb -aes-128-cfb1
-aes-192-cbc -aes-192-ccm -aes-192-cfb
-aes-256-ccm -aes-256-cfb -aes-256-cfb1
好的,现在使用 rvm 和新版本的 OpenSSL 安装一个命名的 Ruby:
$ rvm install ruby-2.0.0-p195 -n ccm --with-openssl-dir=/home/jbr/local/openssl
此命令为您提供带有 -ccm 后缀的 Ruby 2.0.0 补丁级别 195 版本,它使用您的新 OpenSSL 库。
现在使用新版本的 Ruby:
$ rvm use ruby-2.0.0-p195-ccm
并用 irb 测试一下:
$ irb
2.0.0p195 :001 > require 'openssl'
=> true
2.0.0p195 :005 > OpenSSL::Cipher.ciphers.include? "aes-128-ccm"
=> true
您现在拥有 aes-128-ccm。
【讨论】:
以上是关于Ruby 中的 SJCL AES-128-CCM 解密的主要内容,如果未能解决你的问题,请参考以下文章
在Angular 7中使用SJCL时无法解析'./node_modules/sjcl'中的'crypto']
ORA-24247: 网络访问被访问控制列表 (ACL) 拒绝