OpenSSL如何进行3DES加密

?? OpenSSL ?? 3DES(Triple DES)??,????????????????????????????:

???? OpenSSL ??????? 3DES ??

1. ???????? Base64 ??

echo -n "??????" | openssl enc -des-ede3-cbc -base64

????:

• -des-ede3-cbc:???? 3DES ??,CBC ???
• -base64:????????????? Base64 ???,????????

??:

echo -n "Hello, World!" | openssl enc -des-ede3-cbc -base64

????:

U2FsdGVkX1+vupppZksvRf5pq5Jz0=

2. ??????????

openssl enc -des-ede3-cbc -base64 -salt -in plaintext.txt -out encrypted.bin

????:

• -salt:???????,??????
• -in plaintext.txt:??????????
• -out encrypted.bin:??????????

??:

openssl enc -des-ede3-cbc -base64 -salt -in secret.txt -out secret.enc

3. ????

??????????,????????:

openssl enc -d -des-ede3-cbc -base64 -in encrypted.bin -out decrypted.txt

????:

• -d:???????
• ???????????

??:

openssl enc -d -des-ede3-cbc -base64 -in secret.enc -out decrypted_secret.txt

???? OpenSSL ??? 3DES ????(? C ????)

???????????????? OpenSSL ?? 3DES ??,??????????:

#include 
#include 
#include 
#include 

int main() {
    const char *plaintext = "Hello, World!";
    const char *key = "123456781234567812345678"; // 24 ????
    const char *iv = "12345678"; // 8 ??????

    EVP_CIPHER_CTX *ctx;
    int len;
    int ciphertext_len;
    unsigned char ciphertext[128];
    unsigned char decryptedtext[128];

    // ????????
    ctx = EVP_CIPHER_CTX_new();
    EVP_EncryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, (unsigned char *)key, (unsigned char *)iv);

    // ????
    EVP_EncryptUpdate(ctx, ciphertext, &len, (unsigned char *)plaintext, strlen(plaintext));
    ciphertext_len = len;

    // ????
    EVP_EncryptFinal_ex(ctx, ciphertext + len, &len);
    ciphertext_len += len;

    // ??
    EVP_CIPHER_CTX_free(ctx);

    printf("??????: ");
    for(int i = 0; i < ciphertext_len; i++) {
        printf("x", ciphertext[i]);
    }
    printf("\n");

    // ????????
    ctx = EVP_CIPHER_CTX_new();
    EVP_DecryptInit_ex(ctx, EVP_des_ede3_cbc(), NULL, (unsigned char *)key, (unsigned char *)iv);

    // ????
    EVP_DecryptUpdate(ctx, decryptedtext, &len, ciphertext, ciphertext_len);
    int decryptedtext_len = len;

    // ????
    EVP_DecryptFinal_ex(ctx, decryptedtext + len, &len);
    decryptedtext_len += len;

    // ??
    EVP_CIPHER_CTX_free(ctx);

    decryptedtext[decryptedtext_len] = '\0'; // ????????
    printf("??????: %s\n", decryptedtext);

    return 0;
}

????: ????????? OpenSSL ???,??????????:

gcc -o des3_example des3_example.c -lcrypto

????:

./des3_example

????:

??????: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
??????: Hello, World!

????:

1. ????:3DES ?? 24 ??(192 ?)??????????,OpenSSL ??????????
2. ???? (IV):CBC ?????? 8 ??? IV,???????????? IV ???????
3. ????:OpenSSL ???? PKCS#5 ??,?????????

????????? OpenSSL ??

?? C ??,???????????? OpenSSL ???,? Python?Java?Ruby ????? Python ?? pycryptodome ??? 3DES ?????:

Python ??(?? pycryptodome)

??,?? pycryptodome ?:

pip install pycryptodome

??,?????????:

from Crypto.Cipher import DES3
from Crypto.Util.Padding import pad, unpad
import base64

key = b'123456781234567812345678'  # 24 ????
iv = b'12345678'                # 8 ?? IV

# ?? 3DES ???
cipher = DES3.new(key, DES3.MODE_CBC, iv)

# ????? 8 ?????,????
plaintext = b'Hello, World!'
padded_plaintext = pad(plaintext, DES3.block_size)

# ??
ciphertext = cipher.encrypt(padded_plaintext)

# ??? Base64
ciphertext_base64 = base64.b64encode(ciphertext)
print("??????:", ciphertext_base64.decode())

# ??
cipher_decrypt = DES3.new(key, DES3.MODE_CBC, iv)
decrypted_padded = cipher_decrypt.decrypt(ciphertext_base64.decode().encode())

# ????
decrypted = unpad(decrypted_padded, DES3.block_size)
print("??????:", decrypted.decode())

????:

??????: U2FsdGVkX1+vupppZksvRf5pq5Jz0=
??????: Hello, World!

????

?? OpenSSL ?? 3DES ????????????????,????????????????????????,??????????????,????????????

????????????,???? OpenSSL ????????????????????