2020年9月2日 星期三

[ Python 常見問題 ] Decrypt in Golang what was encrypted in Python AES CFB

 Source From Here

Question
Based on the Golang documentation on CFB decryption I wrote a minimal working example to decrypt a string that was encrypted with AES CFB and then base 64 encoded in python3.

The golang decryption works fine when the message was encrypted within Golang (with the encryption function from the Golang doc example). However when I encrypt the message in a python script using the python crypto package, I am unable to decrypt it in the golang script successfully. I don't get the right bytes back.

Blocksize is 16 by default for both AES implementations. So the question: What is going wrong?
- Golang script:
  1. package main  
  2.   
  3. import (  
  4.     "crypto/aes"  
  5.     "crypto/cipher"  
  6.     "encoding/base64"  
  7.     "fmt"  
  8.     "os"  
  9.   
  10. )  
  11.   
  12. func main() {  
  13.     key := []byte("TfvY7I358yospfWKcoviZizOShpm5hyH")  
  14.     iv := []byte("mb13KcoviZizvYhp")  
  15.     payload_python := os.Args[1]  
  16.   
  17.     fmt.Println("Hello from Golang, going to decrypt: "+payload_python+" Result: "+string(decrypt(key, payload_python, iv)))  
  18. }  
  19.   
  20.   
  21. func decrypt(key []byte, cryptoText string, iv []byte) []byte {  
  22.     ciphertext, _ := base64.StdEncoding.DecodeString(cryptoText)    //decode base64 coding  
  23.   
  24.     //prepare decryption based on key and iv  
  25.     block, _ := aes.NewCipher(key)  
  26.     stream := cipher.NewCFBDecrypter(block, iv)  
  27.   
  28.     //decrypt  
  29.     stream.XORKeyStream(ciphertext, ciphertext)  
  30.   
  31.     return ciphertext  
  32. }  
- Python script:
  1. #!/usr/bin/env python3  
  2. import base64  
  3. from Crypto.Cipher import AES  
  4. from subprocess import check_output  
  5.   
  6.   
  7. original_message = 'This is not encrypted'  
  8.   
  9. key = 'TfvY7I358yospfWKcoviZizOShpm5hyH'  
  10. iv = 'mb13KcoviZizvYhp'  
  11.   
  12. #prepare encryption  
  13. cfb_cipher_encrypt = AES.new(key, AES.MODE_CFB, iv)  
  14. #encrypt and base64 encode  
  15. encryptedpayload = base64.b64encode(cfb_cipher_encrypt.encrypt(original_message))  
  16.   
  17. print('Going to encrypt and base64 "{}" result:\n{}\n'.format(original_message,encryptedpayload))  
  18.   
  19. print('Now going to call the Golang script:')  
  20. print(check_output('go run stack.go {}'.format(encryptedpayload.decode()),shell=True))  
How-To
Try encrypting from Python like this. The result can then be unencrypted from Go successfully.
  1. #!/usr/bin/env python3  
  2. import base64  
  3. from Crypto.Cipher import AES  
  4.   
  5. MODE = AES.MODE_CFB  
  6. BLOCK_SIZE = 16  
  7. SEGMENT_SIZE = 128  
  8.   
  9. def _pad_string(value):  
  10.     length = len(value)  
  11.     pad_size = BLOCK_SIZE - (length % BLOCK_SIZE)  
  12.     return value.ljust(length + pad_size, '\x00')  
  13.   
  14. def encrypt(key, iv, plaintext):  
  15.     aes = AES.new(key, MODE, iv, segment_size=SEGMENT_SIZE)  
  16.     plaintext = _pad_string(plaintext)  
  17.     encrypted_text = aes.encrypt(plaintext)  
  18.     return encrypted_text  
  19.   
  20. key = 'TfvY7I358yospfWKcoviZizOShpm5hyH'  
  21. iv = 'mb13KcoviZizvYhp'  
  22. original_message = 'This is not encrypted'  
  23.   
  24. encryptedpayload = base64.b64encode(encrypt(key, iv, original_message))  
  25.   
  26. print('Going to encrypt and base64 "{}" result:\n{}\n'.format(original_message,encryptedpayload))  
The root cause is that Golang and Python use different SEGMENT_SIZE in AES implementation. From another package PyCryptodome, you can refer API document here for AES CFB mode.

沒有留言:

張貼留言

[Git 常見問題] error: The following untracked working tree files would be overwritten by merge

  Source From  Here 方案1: // x -----删除忽略文件已经对 git 来说不识别的文件 // d -----删除未被添加到 git 的路径中的文件 // f -----强制运行 #   git clean -d -fx 方案2: 今天在服务器上  gi...