Spring Security 加密字符串 - Go 中解密失败

Golang不知道大家是否熟悉？今天我将给大家介绍《Spring Security 加密字符串 - Go 中解密失败》，这篇文章主要会讲到等等知识点，如果你在看完本篇文章后，有更好的建议或者发现哪里有问题，希望大家都能积极评论指出，谢谢！希望我们能一起加油进步！

加密将在客户端使用以下基于 spring security-encryptors 的代码完成：

package at.wrwks.pipe.baumgmt.component.documentpreview;

import static java.nio.charset.standardcharsets.utf_8;

import java.net.urlencoder;
import java.util.base64;

import org.springframework.security.crypto.codec.hex;
import org.springframework.security.crypto.encrypt.encryptors;
import org.springframework.stereotype.component;

@component
public class secureresourceurlcomposer {
    public string compose(final string resource) {
        final var salt = new string(hex.encode("salt".getbytes(utf_8)));
        final var encryptor = encryptors.stronger("password", salt);
        final var encryptedresource = encryptor.encrypt(resource.getbytes(utf_8));
        final var base64encodedencryptedresource = base64.getencoder().encodetostring(encryptedresource);
        final var urlencodedbase64encodedencryptedresource = urlencoder.encode(base64encodedencryptedresource, utf_8);
        return "https://target" + "?resource=" + urlencodedbase64encodedencryptedresource;
    }
}

示例资源：aresource

url 和 base64 编码输出：https://target?resource=yeadq1toefbctkcaetjmw7zlydk4fa2waaspzsfqqxaxiq7bmuaruye%3d

解密失败，并显示 cipher: messageauthentication failed 在以下用 go 编写的后端代码中，位于 gcm.open：

func decryptgcmaes32(ciphertext, key string) (plaintext string, err error) {
    if len(key) != 32 {
        msg := fmt.sprintf("unexpected key length (!= 32) '%s' %d", key, len(key))
        err = errors.new(msg)
        log.warn(err)
        sentry.captureexception(err)
        return
    }
    keybytes := []byte(key)
    c, err := aes.newcipher(keybytes)
    if err != nil {
        log.warn("couldn't create a cipher block", err)
        sentry.captureexception(err)
        return
    }

    gcm, err := cipher.newgcm(c)
    if err != nil {
        log.warn("couldn't wrap in gcm mode", err)
        sentry.captureexception(err)
        return
    }

    noncesize := gcm.noncesize()
    if len(ciphertext) < noncesize {
        msg := fmt.sprintf("ciphertext shorter than nonce size %d < %d", len(ciphertext), noncesize)
        err = errors.new(msg)
        log.warn(err)
        sentry.captureexception(err)
        return
    }
    ciphertextbytes := []byte(ciphertext)
    nonce, ciphertextbytes := ciphertextbytes[:noncesize], ciphertextbytes[noncesize:]
    plaintextbytes, err := gcm.open(nil, nonce, ciphertextbytes, nil)
    if err != nil {
        log.warn("couldn't decode", err)
        sentry.captureexception(err)
        return
    }
    plaintext = string(plaintextbytes)
    return
}

如果 iv 的加密和解密相同，则 go 中的以下测试仅有效

package main

import (
    "crypto/aes"
    "crypto/cipher"
    "crypto/rand"
    "crypto/sha1"
    "golang.org/x/crypto/pbkdf2"
    "log"
    "testing"
)
var iv = make([]byte, 12)

func TestCrypto(t *testing.T) {
    rand.Read(iv)
    encrypted, _ := encrypt("aResource")
    if decrypted, err := decrypt(encrypted); err != nil {
        log.Println(err)
    } else {
        log.Printf("DECRYPTED: %s\n", decrypted)
    }

}

func encrypt(secret string) (result []byte, err error) {
    salt := []byte("salt")
    key := pbkdf2.Key([]byte("b0226e4e9bef40d4b8aed039c208ae3e"), salt, 1024, 16, sha1.New)
    b, err := aes.NewCipher(key)
    aesgcm, err := cipher.NewGCM(b)
    result = aesgcm.Seal(nil, iv, []byte(secret), nil)
    return
}

func decrypt(ciphertext []byte) (result string, err error) {
    salt := []byte("salt")
    key := pbkdf2.Key([]byte("b0226e4e9bef40d4b8aed039c208ae3e"), salt, 1024, 16, sha1.New)
    b, err := aes.NewCipher(key)
    aesgcm, err := cipher.NewGCM(b)
    decrypted, err := aesgcm.Open(ciphertext[:0], iv, ciphertext, nil)
    result = string(decrypted)
    return
}

解决方案

所以要点：

• 为了应用盐并派生正确的密钥 pbkdf2.key() 必须如下所示使用
• spring security 中的 nonce（或 initialization vector）大小为 16 个字节，而 go 中为 12 个字节

下面的摘录省略了错误处理，只是为了强调解决方案的本质：

const noncesize = 16
func decryptwithaes256gcmpbkdf2(cipherbytes []byte, password string, salt string) (string) {
    key := pbkdf2.key([]byte(password), []byte(salt), 1024, 32, sha1.new)
    c, _ := aes.newcipher(key)
    gcm, _ := cipher.newgcmwithnoncesize(c, noncesize)
    plaintextbytes, _ := gcm.open(nil, cipherbytes[:noncesize], cipherbytes[noncesize:], nil)
    return string(plaintextbytes)
}

虽然问题涉及“更强”的解密。

参见：https://docs.spring.io/spring-security/site/docs/4.2.20.RELEASE/apidocs/org/springframework/security/crypto/encrypt/Encryptors.html

我想给出一个“标准”解密的完整示例，以扩展之前的答案。

就我而言，任务是在 go 中实现以下 java 代码：

import org.springframework.security.crypto.encrypt.encryptors;
    import org.springframework.security.crypto.encrypt.textencryptor;
    ...
    private static final string salt = "123456789abcdef0"; // hex
    public static string decrypt(final string encryptedtext, final string password) {
        textencryptor encryptor = encryptors.text(password, salt);
        return encryptor.decrypt(encryptedtext);
    }

翻译成 go 的代码：

import (
    "crypto/aes"
    "crypto/cipher"
    "crypto/sha1"
    "encoding/hex"
    "fmt"
    "strings"
    "golang.org/x/crypto/pbkdf2"
)

func decryptWithAes256CbcPbkdf2(cipherBytes []byte, passwordBytes []byte, saltBytes []byte) string {
    key := pbkdf2.Key(passwordBytes, saltBytes, 1024, 32, sha1.New)
    if len(key) != 32 {
        panic(fmt.Sprintf("Unexpected key length (!= 32) '%s' %d", key, len(key)))
    }

    block, err := aes.NewCipher(key)
    if err != nil {
        panic(err)
    }
    if len(cipherBytes) < aes.BlockSize {
        panic("ciphertext too short")
    }
    iv := cipherBytes[:aes.BlockSize]
    cipherBytes = cipherBytes[aes.BlockSize:]
    if len(cipherBytes)%aes.BlockSize != 0 {
        panic("ciphertext is not a multiple of the block size")
    }
    mode := cipher.NewCBCDecrypter(block, iv)
    mode.CryptBlocks(cipherBytes, cipherBytes)
    return strings.Trim(string(cipherBytes), "\b")
}

func main() {
    cipherText := "05589d13fe6eedceae78fe099eed2f6b238ac7d4dbb62c281ccdc9401b24bb0c"
    cipherBytes, _ := hex.DecodeString(cipherText)
    passwordText := "12345"
    passwordBytes := []byte(passwordText)
    saltText := "123456789abcdef0"
    saltBytes, _ := hex.DecodeString(saltText)
    plainText := decryptWithAes256CbcPbkdf2(cipherBytes, passwordBytes, saltBytes)
    fmt.Println(plainText)
}

今天关于《Spring Security 加密字符串 - Go 中解密失败》的内容介绍就到此结束，如果有什么疑问或者建议，可以在golang学习网公众号下多多回复交流；文中若有不正之处，也希望回复留言以告知！