Aes
使用密鑰和 IV 解密 AES 不起作用
我有下一個 json 文件。它包括一個 AES 加密文本。我有鑰匙**ITP2021ATP!**以及生成IV的方法,但是當我嘗試解密它時,它不起作用。它也是base 64編碼的。
var Ou = function(t) { var e = function(t) { var e = (new Date).getTimezoneOffset() , n = new Date(t.getTime() + 60 * e * 1e3).getDate() , r = parseInt((n < 10 ? "0" + n : n).toString().split("").reverse().join("")) , i = t.getFullYear() , a = parseInt(i.toString().split("").reverse().join("")) , o = parseInt(t.getTime().toString(), 16).toString(36) + ((i + a) * (n + r)).toString(24) , s = o.length; if (s < 14) for (var c = 0; c < 14 - s; c++) o += "0"; else s > 14 && (o = o.substr(0, 14)); return "#" + o + "$" }(new Date(t.lastModified)) , n = Jo.a.enc.Utf8.parse(e) , r = Jo.a.enc.Utf8.parse(e.toUpperCase()) , i = Jo.a.AES.decrypt(t.response, n, { iv: r, mode: Jo.a.mode.CBC, padding: Jo.a.pad.Pkcs7 }); return JSON.parse(i.toString(Jo.a.enc.Utf8)) }; {"lastModified":1666642401166,"response":"MCiQxX4X6Ul1myrY1nOq45F63b1vo2dkbQsbMKAodQIuRMVcrrI4x9I1+6Oh6+3RCd4GIYd4HZYMPz7ANXkkfACKTPR/fViIFo2nDloUiY8gRi+tMWyDUKKBxoIFreJuvQldLLPishC7KTpJ4X7lUI+L2it5U6+Qx/YaXKeMOOetMoX7hCF3QhEJ7vIm63g16Vyyq6b+qiMeFyCavdoLZ5GBVEBNboOKhLiCWSQzUZIg4FJ7nk3vJEY3p2NGiB/KTCYQjdFlMMLr+chwzV+AleLpOlAknJRuANqSLUOe5H75t4wnHn4xSZ6VpWhGD70xUfS50WmHwgGEs7XZ+onSCanzVoN+98eDT84mmBqAZJ6RwHFU0z9LJNG6vSKHDPhA4C5OHAOL53K4MzfpZkpybbC4ux+pxq/qoOCm6fAQYyOXgA1r3SY/QN5Mp2JzisZ0uhEhX11weqYgg96s5R2zL6bdJ4CzJOHAS3lIz6+yXxRpv4+5rjtyPyyD+IIBiA/vYnjLxurAngjjBgg6BFq1hPd2yWtFfl0nvZWWuGolF2iRkQCjZyrFHZuL49GuKFr+QcrMXl2fFXhVRvltTqUNdUaUN8fmvCuIndOdA434YKIqDUQF5EQjq51ZoNxO/Y48TQK2XvauZ0XyU+PwIMPNgDc20H/AFN7Op+KLgkBwqMtbvjFoWhUL9+Ra3yXIiFxunOzCATyRyAJJVBWXsNFkNKEVmjwMu8u+k/7loIKyaujQYK4RJpIIZw96K5x+OCB3uDmsnzTtKSRkudKc2T4NT2Cu1yhKX6DEFyY+pB6TF1asrCX2scwvlM8kpPwVNvhRKENpw76hFfCZGY4/0nvrDOJHsaE2OCxZpHLH+Rxc0lm1FbnbhmDCWHnervwRLaEAUC3LlybuVrfmJ0B0u5eNcmfksiJL5vHyolxjFl8cRl5ki2LVmtH/1yQmBVghBOhZ798EvQNUE2N1wzwAlWUa5yWRPmCZSrswfxYwGitOsr9E0cxtGB7b2q63/TAVp7FzN+SoGXkwfnejNj+CFmL5w4QrJAsYOiEuxLZ8K2+8C7zvJGehEaVlEvKZBZUpCPtSrYHCdWIm3A33WCMX/ptW3gscLqaA8rclb7e36ZjZPc8sM/2ai8YYOGPzvA2WDVHLPSIXOXJZf1Ok72iIHKOHVrQFYj3gK5/cY3chZk5P5g7XRTNCKk0/jjC/MZmUw+YHi8v+/m3wpUMvSp5oiHT1VIjkleQPIstqzBFVnxgKD3YYAu53S6ESj92WPhAEyZZ7sjWm1pxoEvjzm7oBzth7UfnLIpgomDXwpi7dKLpBixFIFfiCwpqEW3bvdoYLvouNVU9jQGtDQHqS0cIunXwQ9Qoa9g09DHK4k2+yGefA80uc9VUz424YHoP9OzRfbBzQJ6id01xq2Zyrpsg8JWBURm2NznyhYPGoDv7t1m4XKAg5aAv8P8rO4WmrLO7FD/yC3q85pxlQrMFrgGxauzQRVHs239gjr7h9YXzKn4Q4U6yRwhKiduDk+KDmqFIUvvOFz5t69PBGcoslhbTt2lhVFoAsUWHfy1VX0F5MucBPEaXB6aMd1p8+2xVRcNv7Twrx5fx4GXue2W26xzYm0oN2WzvJIpXioBoEmkfAYJXp0pLqiJvjVYhRn4hJ8mR/GlOXlb7+08ukzdcGRGmZj+XjGGVxXNyCYgIJLjju/KsL/9KeBgh3sohijde6G89DvVUzqvrwmoY0UjxY+xjq+QOUnKx+OcMfduqUjDk4v3TfwDqC+uVee3P7wKGBzxHUcjBwkaELHXisjtwcB0UK4hclb62Gk6KOQWpVQpIAH91E5X8+VeYu1crRPHSZEM0J0me9VQW2XvEueIhsLD5WeCU1iYPqj0o5Rroip8EUr3A1WBc1Rl90UpHxxXwu149CU1bui0MVMs8utxjoyeJBtMixP9YpaWcFAgCQxWb5qd7d+ssRoDaZoM6dDPPgEHieIWxFDkBRWF7U9y+oLYLWIxjBbFPpF8RkPUGlfAEGDnJsx8SufeYKYPg+PBUACeNb9OcQZnty7G8tVKOW22C+VyJc0Guy9wEkNTwi6bhQ9qLK9iiARr/xQFK4tOzcv+dd7qgnscdPmo1hiFnl87NuXv43uJVr+dEy40peI95mSr11JBe2aUIgHNa90E6Gc5yGJEEy+LAlujo2Hzb+Z7S8VLm3oe2gChYvrPXRHRkSFwqcIJ1nAErov8z4/c6+ZGpMEdDSizdJR0FrX/kIub7quWOyaK9dQpBY3FEC1WFiZZQx7LYzUfJSWVwrnOz6qGmrvZziCi8z+NnQetvZmZcDWwFo/Ccv3+3DgOthUMY7cqA11G82ZQpNmzxCYyhnc4fTQWfLHU+mrF7c0QinFK6NEaiKkmRSqN/vvcKW21I5nTpgKozeWdBlavfIMA643HTXqSKZOGm3RUdkKc7XBOK2fIRZev0xDQbRYALAQNIzUCcxeVHuZ5FZ00Xv+X2bK1+kLFrTGVihFSejZAHWJdpKEgnwE44PUPAu7YiiGg+V/mYrW8R7qdhBfs/MVPxOO/aRVjA52GEhFANp9FfrByGD4Vdvz38RYN917YVhUSc4/4q6GHEWbRltr2LIZsJZ0DqbOkQ+70s1Izd4My9EkWwKD5cK7qJ64Duoi9hEpZ6lIKrvi6pKRn5EkDY+yZVSolZizXqXJx8e6za43zE+DbRIPrQ1HEYBxzcrAZ3C8z+cAm7DFDVyVJpYx0QpbfQXVQrz1cV2/oPd3zsdNw9afSArWwdY/u1bn84g+QG8Rmg5C3cAdVYM0iToCYu5KHc4WnL/xddwI2NmEMYQgrndlqX6nmsfih4WoK4deoZ8rW7m9biMS6gKFSNHwa4adaOKUKe1yavmI+3IQQknB2tpWdK/RlBMB3QzSu4y1Jusr9r/OJI7MBy0cs+s6W/5YDkLG8GlalsPLC5knihi8gJEe894Wa/74noF5aFo7Twzv0xo8q9MQSJLj3aiPC8KmQnbb2aa5dCCMl9KA1fKIB3EWKqUnKm02w2n1ZW/lgNlsq4z1aSP/pQ2IxCtxNnuzxMse2DBEHrM248Zo3PJh4cHGn4NuvqwZnQjQReEXo2M1z2NtWmNfb8KUjyYiyIDvVu1wkiVO1aODjF8eIxfYaGVx+Prvlj2hjfuw9Goy7XWLjM8bDbPAT9S7P6F2gsozcHh2bJYA9G3yu7Z5mWjNEd6XNvEcmdLkDHf3XNKMTsIofvUM8AoJpqK4FGD9W+KksddXs5AD7EPHoNbU7+nn7P4eHBd/FqK42hFU+NzVnvoXhzMvFrvSF65lYal+zuR/JkEJJVF+UHwwcigg3zUsHN/lopwyemHv5L0TGgDu8nwWbpjNgge4gU/V/6EM2OWbpsxvu7V7r5bf2zJL6XaCIz75Ux3IZCCabBZXfMx4BqHdWEhK8fPigPTCtf2CYhuEdlPVXE9emNSo+3uDGOHW0tOBV0i5jRrjPqzbzlFRNGWS3nMLtmlcEZSxwQ1U+IXiFZJZtJkMCiXlLSUfidlxUAYPCV6DxDX1cJhKBi1CgJn9tdbBVCJGLJOKL60SFdC2lfTTz9pdEQQDg5JvYv9FvRatLlY5irFk8OdC8UQk+LwaGY+fpneu3kOoUKrowxS5kEP9OrIC8qtw0nuVY5FdhPACDomRz3gPUcwkyGUNQfRUbFsArxR5aqAKJJtPRFQrbG4Y51gwS81h7p1CUxwUInvEmV3I7DgT7Bl9BZQ4FIHhYCfKIItv7X9eUe1a4YFPePBB2h9P6fKlLXtDvFjSFU/F55qKjoUy8z1OYlWizKw/FRCEqNoQ/ajClA2BAt4riZNPJUzcDi3/SmKNAjRAiE+HouSwJLLVhb/azBUIOsOUrdQNX6A8e+gYXWmZM4wRKIcgOvYLsZ2CBegj4TC1VIhq2dYFulCzAL7pBVYqFlbHsfmE0z3DPqnQZMgrxrtQSsel1hl2btHl+G+k6k/rIUtiErcY9TQp/8RpDrfPo6hey9V2/xhM/vp1508gL0FUPL7syExHlwEAh6+0f2zQBwG6DzjJinQznSJO416HvoSatfwu8MBxVOy3LeQLxuHCUj1CyQcbYSoxPwmALzmFYnj9UTwlx9tZlSgFgb+EK37bzEKlkJSZZL2Wy/42K1+qz6QFPoXcz8wz0EhT2FfJy8zGAyeS+pgSoPH0iZpwhItgUp5bQ9MPqCcG2/tn+yciopW0+0c/9ZNa1w8NZc8kvqNZbYPOjqx54m7Ki//hz85LAFi5b/7U7DkMDuTX/bR2YQ8wzO8onWAr+Zz34jOi5lzVDogTdzpYmo0RCRRPGtInKwc7vhKc+pqArPqLHEe2AGfEad+iMP4YVeCJDpGsjBsaxbYLYkEwi4HfqfFLgwVcQorb9/L3h6aRJ+8BRKtpAqq3J83nPhtXfu/ZQxWTOckWbvGgqQPnfkzd7yJidy99CZZLMSSubQ="}
但是當我嘗試解密文件(必須生成另一個 json 文件)時,我沒有得到任何有用的東西。
我究竟做錯了什麼?
基於修改後的 json 欄位為此生成的 IV 是:#3VOMO21HLYK400$
我試圖了解我做錯了什麼,但我不明白。歡迎任何提示。
那個部分:
i = Jo.a.AES.decrypt(t.response, n, {iv: r, mode: Jo.a.mode.CBC, padding: Jo.a.pad.Pkcs7} ... return JSON.parse(i.toString(Jo.a.enc.Utf8))
似乎使用 CryptoJS 並使用 CBC 和 PKCS#7 填充執行解密。
開頭的函式似乎是一個密鑰派生函式,它可能從作為輸入的日期派生密鑰。因此,對於密鑰的複制,需要輸入。的含義
ITP2021ATP!
不清楚,它既不適合作為密鑰推導的輸入,也不適合作為加密的密鑰。但即使沒有原始輸入,如果 IV 已知,也可以導出密鑰,因為密鑰和 IV 之間存在關係。密鑰派生中的參數
o
包含一個字元串,用於生成toString(36)
和toString(24)
使用。toString()
對大於 10 的基數應用小寫字母。通過添加數字和特殊字元
o
擴展到密鑰材料e
,即密鑰材料由小寫字母(加上數字和特殊字元)組成。從解密部分可以推斷出
n
是密鑰,r
是IV,兩者都是從密鑰材料中推導出來的e
,如下:n = CryptoJS.enc.Utf8.parse(e) r = CryptoJS.enc.Utf8.parse(e.toUpperCase())
即 IV 和 key 是相同的,不同之處僅在於 key 使用小寫字母,IV 使用大寫字母。
由於 IV 是已知
#3VOMO21HLYK400$
的,因此可以通過將大寫字母轉換為小寫字母輕鬆導出密鑰:#3vomo21hlyk400$
。這允許使用 CryptoJS 解密密文:
var key = CryptoJS.enc.Utf8.parse('#3vomo21hlyk400$') var iv = CryptoJS.enc.Utf8.parse('#3VOMO21HLYK400$') var ciphertext = 'MCiQxX4X6Ul1myrY1nOq45F63b1vo2dkbQsbMKAodQIuRMVcrrI4x9I1+6Oh6+3RCd4GIYd4HZYMPz7ANXkkfACKTPR/fViIFo2nDloUiY8gRi+tMWyDUKKBxoIFreJuvQldLLPishC7KTpJ4X7lUI+L2it5U6+Qx/YaXKeMOOetMoX7hCF3QhEJ7vIm63g16Vyyq6b+qiMeFyCavdoLZ5GBVEBNboOKhLiCWSQzUZIg4FJ7nk3vJEY3p2NGiB/KTCYQjdFlMMLr+chwzV+AleLpOlAknJRuANqSLUOe5H75t4wnHn4xSZ6VpWhGD70xUfS50WmHwgGEs7XZ+onSCanzVoN+98eDT84mmBqAZJ6RwHFU0z9LJNG6vSKHDPhA4C5OHAOL53K4MzfpZkpybbC4ux+pxq/qoOCm6fAQYyOXgA1r3SY/QN5Mp2JzisZ0uhEhX11weqYgg96s5R2zL6bdJ4CzJOHAS3lIz6+yXxRpv4+5rjtyPyyD+IIBiA/vYnjLxurAngjjBgg6BFq1hPd2yWtFfl0nvZWWuGolF2iRkQCjZyrFHZuL49GuKFr+QcrMXl2fFXhVRvltTqUNdUaUN8fmvCuIndOdA434YKIqDUQF5EQjq51ZoNxO/Y48TQK2XvauZ0XyU+PwIMPNgDc20H/AFN7Op+KLgkBwqMtbvjFoWhUL9+Ra3yXIiFxunOzCATyRyAJJVBWXsNFkNKEVmjwMu8u+k/7loIKyaujQYK4RJpIIZw96K5x+OCB3uDmsnzTtKSRkudKc2T4NT2Cu1yhKX6DEFyY+pB6TF1asrCX2scwvlM8kpPwVNvhRKENpw76hFfCZGY4/0nvrDOJHsaE2OCxZpHLH+Rxc0lm1FbnbhmDCWHnervwRLaEAUC3LlybuVrfmJ0B0u5eNcmfksiJL5vHyolxjFl8cRl5ki2LVmtH/1yQmBVghBOhZ798EvQNUE2N1wzwAlWUa5yWRPmCZSrswfxYwGitOsr9E0cxtGB7b2q63/TAVp7FzN+SoGXkwfnejNj+CFmL5w4QrJAsYOiEuxLZ8K2+8C7zvJGehEaVlEvKZBZUpCPtSrYHCdWIm3A33WCMX/ptW3gscLqaA8rclb7e36ZjZPc8sM/2ai8YYOGPzvA2WDVHLPSIXOXJZf1Ok72iIHKOHVrQFYj3gK5/cY3chZk5P5g7XRTNCKk0/jjC/MZmUw+YHi8v+/m3wpUMvSp5oiHT1VIjkleQPIstqzBFVnxgKD3YYAu53S6ESj92WPhAEyZZ7sjWm1pxoEvjzm7oBzth7UfnLIpgomDXwpi7dKLpBixFIFfiCwpqEW3bvdoYLvouNVU9jQGtDQHqS0cIunXwQ9Qoa9g09DHK4k2+yGefA80uc9VUz424YHoP9OzRfbBzQJ6id01xq2Zyrpsg8JWBURm2NznyhYPGoDv7t1m4XKAg5aAv8P8rO4WmrLO7FD/yC3q85pxlQrMFrgGxauzQRVHs239gjr7h9YXzKn4Q4U6yRwhKiduDk+KDmqFIUvvOFz5t69PBGcoslhbTt2lhVFoAsUWHfy1VX0F5MucBPEaXB6aMd1p8+2xVRcNv7Twrx5fx4GXue2W26xzYm0oN2WzvJIpXioBoEmkfAYJXp0pLqiJvjVYhRn4hJ8mR/GlOXlb7+08ukzdcGRGmZj+XjGGVxXNyCYgIJLjju/KsL/9KeBgh3sohijde6G89DvVUzqvrwmoY0UjxY+xjq+QOUnKx+OcMfduqUjDk4v3TfwDqC+uVee3P7wKGBzxHUcjBwkaELHXisjtwcB0UK4hclb62Gk6KOQWpVQpIAH91E5X8+VeYu1crRPHSZEM0J0me9VQW2XvEueIhsLD5WeCU1iYPqj0o5Rroip8EUr3A1WBc1Rl90UpHxxXwu149CU1bui0MVMs8utxjoyeJBtMixP9YpaWcFAgCQxWb5qd7d+ssRoDaZoM6dDPPgEHieIWxFDkBRWF7U9y+oLYLWIxjBbFPpF8RkPUGlfAEGDnJsx8SufeYKYPg+PBUACeNb9OcQZnty7G8tVKOW22C+VyJc0Guy9wEkNTwi6bhQ9qLK9iiARr/xQFK4tOzcv+dd7qgnscdPmo1hiFnl87NuXv43uJVr+dEy40peI95mSr11JBe2aUIgHNa90E6Gc5yGJEEy+LAlujo2Hzb+Z7S8VLm3oe2gChYvrPXRHRkSFwqcIJ1nAErov8z4/c6+ZGpMEdDSizdJR0FrX/kIub7quWOyaK9dQpBY3FEC1WFiZZQx7LYzUfJSWVwrnOz6qGmrvZziCi8z+NnQetvZmZcDWwFo/Ccv3+3DgOthUMY7cqA11G82ZQpNmzxCYyhnc4fTQWfLHU+mrF7c0QinFK6NEaiKkmRSqN/vvcKW21I5nTpgKozeWdBlavfIMA643HTXqSKZOGm3RUdkKc7XBOK2fIRZev0xDQbRYALAQNIzUCcxeVHuZ5FZ00Xv+X2bK1+kLFrTGVihFSejZAHWJdpKEgnwE44PUPAu7YiiGg+V/mYrW8R7qdhBfs/MVPxOO/aRVjA52GEhFANp9FfrByGD4Vdvz38RYN917YVhUSc4/4q6GHEWbRltr2LIZsJZ0DqbOkQ+70s1Izd4My9EkWwKD5cK7qJ64Duoi9hEpZ6lIKrvi6pKRn5EkDY+yZVSolZizXqXJx8e6za43zE+DbRIPrQ1HEYBxzcrAZ3C8z+cAm7DFDVyVJpYx0QpbfQXVQrz1cV2/oPd3zsdNw9afSArWwdY/u1bn84g+QG8Rmg5C3cAdVYM0iToCYu5KHc4WnL/xddwI2NmEMYQgrndlqX6nmsfih4WoK4deoZ8rW7m9biMS6gKFSNHwa4adaOKUKe1yavmI+3IQQknB2tpWdK/RlBMB3QzSu4y1Jusr9r/OJI7MBy0cs+s6W/5YDkLG8GlalsPLC5knihi8gJEe894Wa/74noF5aFo7Twzv0xo8q9MQSJLj3aiPC8KmQnbb2aa5dCCMl9KA1fKIB3EWKqUnKm02w2n1ZW/lgNlsq4z1aSP/pQ2IxCtxNnuzxMse2DBEHrM248Zo3PJh4cHGn4NuvqwZnQjQReEXo2M1z2NtWmNfb8KUjyYiyIDvVu1wkiVO1aODjF8eIxfYaGVx+Prvlj2hjfuw9Goy7XWLjM8bDbPAT9S7P6F2gsozcHh2bJYA9G3yu7Z5mWjNEd6XNvEcmdLkDHf3XNKMTsIofvUM8AoJpqK4FGD9W+KksddXs5AD7EPHoNbU7+nn7P4eHBd/FqK42hFU+NzVnvoXhzMvFrvSF65lYal+zuR/JkEJJVF+UHwwcigg3zUsHN/lopwyemHv5L0TGgDu8nwWbpjNgge4gU/V/6EM2OWbpsxvu7V7r5bf2zJL6XaCIz75Ux3IZCCabBZXfMx4BqHdWEhK8fPigPTCtf2CYhuEdlPVXE9emNSo+3uDGOHW0tOBV0i5jRrjPqzbzlFRNGWS3nMLtmlcEZSxwQ1U+IXiFZJZtJkMCiXlLSUfidlxUAYPCV6DxDX1cJhKBi1CgJn9tdbBVCJGLJOKL60SFdC2lfTTz9pdEQQDg5JvYv9FvRatLlY5irFk8OdC8UQk+LwaGY+fpneu3kOoUKrowxS5kEP9OrIC8qtw0nuVY5FdhPACDomRz3gPUcwkyGUNQfRUbFsArxR5aqAKJJtPRFQrbG4Y51gwS81h7p1CUxwUInvEmV3I7DgT7Bl9BZQ4FIHhYCfKIItv7X9eUe1a4YFPePBB2h9P6fKlLXtDvFjSFU/F55qKjoUy8z1OYlWizKw/FRCEqNoQ/ajClA2BAt4riZNPJUzcDi3/SmKNAjRAiE+HouSwJLLVhb/azBUIOsOUrdQNX6A8e+gYXWmZM4wRKIcgOvYLsZ2CBegj4TC1VIhq2dYFulCzAL7pBVYqFlbHsfmE0z3DPqnQZMgrxrtQSsel1hl2btHl+G+k6k/rIUtiErcY9TQp/8RpDrfPo6hey9V2/xhM/vp1508gL0FUPL7syExHlwEAh6+0f2zQBwG6DzjJinQznSJO416HvoSatfwu8MBxVOy3LeQLxuHCUj1CyQcbYSoxPwmALzmFYnj9UTwlx9tZlSgFgb+EK37bzEKlkJSZZL2Wy/42K1+qz6QFPoXcz8wz0EhT2FfJy8zGAyeS+pgSoPH0iZpwhItgUp5bQ9MPqCcG2/tn+yciopW0+0c/9ZNa1w8NZc8kvqNZbYPOjqx54m7Ki//hz85LAFi5b/7U7DkMDuTX/bR2YQ8wzO8onWAr+Zz34jOi5lzVDogTdzpYmo0RCRRPGtInKwc7vhKc+pqArPqLHEe2AGfEad+iMP4YVeCJDpGsjBsaxbYLYkEwi4HfqfFLgwVcQorb9/L3h6aRJ+8BRKtpAqq3J83nPhtXfu/ZQxWTOckWbvGgqQPnfkzd7yJidy99CZZLMSSubQ='; var decrypted = CryptoJS.AES.decrypt( ciphertext, key, { iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 } ); document.getElementById("dt").innerHTML = "Decrypted: " + decrypted.toString(CryptoJS.enc.Utf8);
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script> <p style="font-family:'Courier New', monospace;" id="dt"></p>
或者例如在CyberChef上: