网站开发课程建议,做淘客网站需要备案,青岛网站优化,课程网站开发的研究现状文章目录 openssl3.2 - exp - 可以在命令行使用的口令算法名称列表概述笔记测试工程实现备注整理 - 总共有126种加密算法可用于命令行参数的密码加密算法备注END openssl3.2 - exp - 可以在命令行使用的口令算法名称列表
概述
上一个笔记openssl3.2 - exp - PEM #xff1c;… 文章目录 openssl3.2 - exp - 可以在命令行使用的口令算法名称列表概述笔记测试工程实现备注整理 - 总共有126种加密算法可用于命令行参数的密码加密算法备注END openssl3.2 - exp - 可以在命令行使用的口令算法名称列表
概述
上一个笔记openssl3.2 - exp - PEM DER, 还有个疑问. openssl pkey -in app_key3.pem -out app_key5_pwd.pem -outform PEM -passout pass:111111 -算法名称 如果PEM/DER互转时, 要想转换后的文件带口令保护 就需要指定用哪种算法来执行口令加密算法. 并不是随便哪一种可见的算法名称就能用的. 算法有限制 算法不能有 EVP_CIPH_FLAG_AEAD_CIPHER 标记 模式不能是 EVP_CIPH_XTS_MODE 如果想确定哪些是不支持的口令加密算法, 必须要自己写个程序, 将不支持的算法过滤掉. 参照openssl源码, 写了一个测试程序, 可以将全部算法都列出来, 不支持的算法加上标记. 运行效果如下, 只要算法后边有标记 !!! ---------- , 都是不支持的命令行口令加密算法. Legacy: AES-128-CBC // ok AES-128-CBC-HMAC-SHA1 : !!! ---------- cipher has no object identifier AES-128-CBC-HMAC-SHA256 : !!! ---------- cipher has no object identifier id-aes128-CCM : !!! ---------- AEAD ciphers not supported AES-128-CFB // ok AES-128-CFB1 // ok AES-128-CFB8 // ok AES-128-CTR : !!! ---------- cipher has no object identifier AES-128-ECB // ok id-aes128-GCM : !!! ---------- AEAD ciphers not supported AES-128-OCB : !!! ---------- cipher has no object identifier AES-128-OFB // ok AES-128-XTS : !!! ---------- XTS ciphers not supported AES-192-CBC id-aes192-CCM : !!! ---------- AEAD ciphers not supported AES-192-CFB // ok AES-192-CFB1 // ok AES-192-CFB8 // ok AES-192-CTR : !!! ---------- cipher has no object identifier AES-192-ECB // ok id-aes192-GCM : !!! ---------- AEAD ciphers not supported AES-192-OCB : !!! ---------- cipher has no object identifier AES-192-OFB // ok AES-256-CBC // ok AES-256-CBC-HMAC-SHA1 : !!! ---------- cipher has no object identifier AES-256-CBC-HMAC-SHA256 : !!! ---------- cipher has no object identifier id-aes256-CCM : !!! ---------- AEAD ciphers not supported AES-256-CFB // ok AES-256-CFB1 // ok AES-256-CFB8 // ok AES-256-CTR : !!! ---------- cipher has no object identifier AES-256-ECB // ok id-aes256-GCM : !!! ---------- AEAD ciphers not supported AES-256-OCB : !!! ---------- cipher has no object identifier AES-256-OFB // ok AES-256-XTS : !!! ---------- XTS ciphers not supported ARIA-128-CBC // ok ARIA-128-CCM : !!! ---------- AEAD ciphers not supported ARIA-128-CFB // ok ARIA-128-CFB1 : !!! ---------- cipher has no object identifier ARIA-128-CFB8 : !!! ---------- cipher has no object identifier ARIA-128-CTR // ok ARIA-128-ECB // ok ARIA-128-GCM : !!! ---------- AEAD ciphers not supported ARIA-128-OFB // ok ARIA-192-CBC // ok ARIA-192-CCM : !!! ---------- AEAD ciphers not supported ARIA-192-CFB // ok ARIA-192-CFB1 : !!! ---------- cipher has no object identifier ARIA-192-CFB8 : !!! ---------- cipher has no object identifier ARIA-192-CTR // ok ARIA-192-ECB // ok ARIA-192-GCM : !!! ---------- AEAD ciphers not supported ARIA-192-OFB // ok ARIA-256-CBC // ok ARIA-256-CCM : !!! ---------- AEAD ciphers not supported ARIA-256-CFB // ok ARIA-256-CFB1 : !!! ---------- cipher has no object identifier ARIA-256-CFB8 : !!! ---------- cipher has no object identifier ARIA-256-CTR // ok ARIA-256-ECB // ok ARIA-256-GCM : !!! ---------- AEAD ciphers not supported ARIA-256-OFB // ok BF-CBC // err BF-CFB : !!! ---------- cipher has no object identifier BF-ECB : !!! ---------- cipher has no object identifier BF-OFB : !!! ---------- cipher has no object identifier CAMELLIA-128-CBC // ok CAMELLIA-128-CFB // ok CAMELLIA-128-CFB1 : !!! ---------- cipher has no object identifier CAMELLIA-128-CFB8 : !!! ---------- cipher has no object identifier CAMELLIA-128-CTR // ok CAMELLIA-128-ECB // ok CAMELLIA-128-OFB // ok CAMELLIA-192-CBC // ok CAMELLIA-192-CFB // ok CAMELLIA-192-CFB1 : !!! ---------- cipher has no object identifier CAMELLIA-192-CFB8 : !!! ---------- cipher has no object identifier CAMELLIA-192-CTR // ok CAMELLIA-192-ECB // ok CAMELLIA-192-OFB // ok CAMELLIA-256-CBC // ok CAMELLIA-256-CFB // ok CAMELLIA-256-CFB1 : !!! ---------- cipher has no object identifier CAMELLIA-256-CFB8 : !!! ---------- cipher has no object identifier CAMELLIA-256-CTR // ok CAMELLIA-256-ECB // ok CAMELLIA-256-OFB // ok CAST5-CBC // err CAST5-CFB : !!! ---------- cipher has no object identifier CAST5-ECB : !!! ---------- cipher has no object identifier CAST5-OFB : !!! ---------- cipher has no object identifier ChaCha20 : !!! ---------- cipher has no object identifier ChaCha20-Poly1305 : !!! ---------- cipher has no object identifier DES-CBC // err DES-CFB // err DES-CFB1 // err DES-CFB8 // err DES-ECB // err DES-EDE // ok DES-EDE-CBC : !!! ---------- cipher has no object identifier DES-EDE-CFB : !!! ---------- cipher has no object identifier DES-EDE-OFB : !!! ---------- cipher has no object identifier DES-EDE3 : !!! ---------- cipher has no object identifier DES-EDE3-CBC // ok DES-EDE3-CFB // err DES-EDE3-CFB1 // err DES-EDE3-CFB8 // err DES-EDE3-OFB : !!! ---------- cipher has no object identifier DES-OFB // err DESX-CBC : !!! ---------- cipher has no object identifier id-aes128-CCM : !!! ---------- AEAD ciphers not supported id-aes128-GCM : !!! ---------- AEAD ciphers not supported id-aes128-wrap // ok id-aes128-wrap-pad // ok id-aes192-CCM : !!! ---------- AEAD ciphers not supported id-aes192-GCM : !!! ---------- AEAD ciphers not supported id-aes192-wrap // ok id-aes192-wrap-pad // ok id-aes256-CCM : !!! ---------- AEAD ciphers not supported id-aes256-GCM : !!! ---------- AEAD ciphers not supported id-aes256-wrap // ok id-aes256-wrap-pad // ok id-smime-alg-CMS3DESwrap // err IDEA-CBC // err IDEA-CFB : !!! ---------- cipher has no object identifier IDEA-ECB : !!! ---------- cipher has no object identifier IDEA-OFB : !!! ---------- cipher has no object identifier RC2-40-CBC // err RC2-64-CBC // err RC2-CBC RC2-CFB : !!! ---------- cipher has no object identifier RC2-ECB : !!! ---------- cipher has no object identifier RC2-OFB : !!! ---------- cipher has no object identifier RC4 // err RC4-40 // err RC4-HMAC-MD5 : !!! ---------- cipher has no object identifier SEED-CBC // err SEED-CFB // err SEED-ECB // err SEED-OFB // err SM4-CBC // ok SM4-CFB // ok SM4-CTR // ok SM4-ECB // ok SM4-OFB // ok Provided: { 1.2.410.200046.1.1.12, ARIA-256-CBC, ARIA256 } // ok { 2.16.840.1.101.3.4.1.22, AES-192-CBC, AES192 } // ok { 2.16.840.1.101.3.4.1.4, AES-128-CFB } // ok ARIA-192-CCM : !!! ---------- AEAD ciphers not supported { 1.2.410.200046.1.1.1, ARIA-128-ECB } // ok { 2.16.840.1.101.3.4.1.2, AES-128-CBC, AES128 } // ok { 2.16.840.1.101.3.4.1.24, AES-192-CFB } // ok { 1.2.392.200011.61.1.1.1.2, CAMELLIA-128-CBC, CAMELLIA128 } // ok { 1.2.392.200011.61.1.1.1.4, CAMELLIA-256-CBC, CAMELLIA256 } // ok ARIA-192-GCM : !!! ---------- AEAD ciphers not supported { 2.16.840.1.101.3.4.1.42, AES-256-CBC, AES256 } // ok { 2.16.840.1.101.3.4.1.28, AES-192-WRAP-PAD, AES192-WRAP-PAD, id-aes192-wrap-pad } // ok ARIA-256-GCM : !!! ---------- AEAD ciphers not supported AES-256-XTS : !!! ---------- XTS ciphers not supported { 2.16.840.1.101.3.4.1.8, AES-128-WRAP-PAD, AES128-WRAP-PAD, id-aes128-wrap-pad } // ok { 1.2.840.113549.1.9.16.3.6, DES3-WRAP, id-smime-alg-CMS3DESwrap } // err { 2.16.840.1.101.3.4.1.48, AES-256-WRAP-PAD, AES256-WRAP-PAD, id-aes256-wrap-pad } // ok { 1.2.156.10197.1.104.3, SM4-OFB, SM4-OFB128 } // ok { 2.16.840.1.101.3.4.1.25, AES-192-WRAP, AES192-WRAP, id-aes192-wrap } // ok { 2.16.840.1.101.3.4.1.41, AES-256-ECB } // ok { 0.3.4401.5.3.1.9.49, CAMELLIA-256-CTR } // ok { 1.2.410.200046.1.1.2, ARIA-128-CBC, ARIA128 } // ok AES-128-GCM : !!! ---------- AEAD ciphers not supported { 0.3.4401.5.3.1.9.41, CAMELLIA-256-ECB } // ok { 2.16.840.1.101.3.4.1.44, AES-256-CFB } // ok { 1.2.156.10197.1.104.4, SM4-CFB, SM4-CFB128 } // ok { 0.3.4401.5.3.1.9.4, CAMELLIA-128-CFB } // ok ARIA-256-CCM : !!! ---------- AEAD ciphers not supported { 1.2.410.200046.1.1.14, ARIA-256-OFB } // ok AES-256-GCM : !!! ---------- AEAD ciphers not supported { 0.3.4401.5.3.1.9.9, CAMELLIA-128-CTR } // ok { 2.16.840.1.101.3.4.1.23, AES-192-OFB } // ok { 1.2.156.10197.1.104.1, SM4-ECB } // ok AES-128-CCM : !!! ---------- AEAD ciphers not supported AES-256-CCM : !!! ---------- AEAD ciphers not supported { 1.2.410.200046.1.1.7, ARIA-192-CBC, ARIA192 } // ok { 2.16.840.1.101.3.4.1.45, AES-256-WRAP, AES256-WRAP, id-aes256-wrap } // ok { 1.2.410.200046.1.1.15, ARIA-256-CTR } // ok { 1.2.410.200046.1.1.3, ARIA-128-CFB } // ok ARIA-128-GCM : !!! ---------- AEAD ciphers not supported { 1.2.410.200046.1.1.6, ARIA-192-ECB } // ok AES-192-GCM : !!! ---------- AEAD ciphers not supported { 0.3.4401.5.3.1.9.29, CAMELLIA-192-CTR } // ok { 0.3.4401.5.3.1.9.43, CAMELLIA-256-OFB } // ok { 1.2.156.10197.1.104.2, SM4, SM4-CBC } // ok ARIA-128-CCM : !!! ---------- AEAD ciphers not supported AES-192-CCM : !!! ---------- AEAD ciphers not supported { 1.3.14.3.2.17, DES-EDE, DES-EDE-ECB } // ok { 1.2.410.200046.1.1.11, ARIA-256-ECB } // ok AES-128-XTS : !!! ---------- XTS ciphers not supported { 2.16.840.1.101.3.4.1.5, AES-128-WRAP, AES128-WRAP, id-aes128-wrap } // ok { 2.16.840.1.101.3.4.1.3, AES-128-OFB } // ok { 0.3.4401.5.3.1.9.3, CAMELLIA-128-OFB } // ok { 0.3.4401.5.3.1.9.1, CAMELLIA-128-ECB } // ok { 1.2.840.113549.3.7, DES-EDE3-CBC, DES3 } // ok { 0.3.4401.5.3.1.9.44, CAMELLIA-256-CFB } // ok { 1.2.410.200046.1.1.10, ARIA-192-CTR } // ok { 0.3.4401.5.3.1.9.23, CAMELLIA-192-OFB } // ok { 0.3.4401.5.3.1.9.24, CAMELLIA-192-CFB } // ok { 1.2.410.200046.1.1.9, ARIA-192-OFB } // ok { 1.2.410.200046.1.1.13, ARIA-256-CFB } // 好使 { 2.16.840.1.101.3.4.1.1, AES-128-ECB } // 好使 { 1.2.410.200046.1.1.8, ARIA-192-CFB } // 好使 { 1.2.156.10197.1.104.7, SM4-CTR } // 好使 { 2.16.840.1.101.3.4.1.43, AES-256-OFB } // 好使 { 1.2.410.200046.1.1.4, ARIA-128-OFB } // 好使 { 1.2.392.200011.61.1.1.1.3, CAMELLIA-192-CBC, CAMELLIA192 } // 好使 { 0.3.4401.5.3.1.9.21, CAMELLIA-192-ECB } // 好使 { 1.2.410.200046.1.1.5, ARIA-128-CTR } // 好使 { 2.16.840.1.101.3.4.1.21, AES-192-ECB } // 好使 NULL : !!! ---------- cipher has no object identifier AES-128-CBC-CTS : !!! ---------- cipher has no object identifier AES-192-CBC-CTS : !!! ---------- cipher has no object identifier AES-256-CBC-CTS : !!! ---------- cipher has no object identifier AES-256-CFB1 // 好使 AES-192-CFB1 // 好使 AES-128-CFB1 // 好使 AES-256-CFB8 // 好使 AES-192-CFB8 // 好使 AES-128-CFB8 // 可以 AES-256-CTR : !!! ---------- cipher has no object identifier AES-192-CTR : !!! ---------- cipher has no object identifier AES-128-CTR : !!! ---------- cipher has no object identifier AES-256-OCB : !!! ---------- cipher has no object identifier AES-192-OCB : !!! ---------- cipher has no object identifier AES-128-OCB : !!! ---------- cipher has no object identifier AES-128-SIV : !!! ---------- cipher has no object identifier AES-192-SIV : !!! ---------- cipher has no object identifier AES-256-SIV : !!! ---------- cipher has no object identifier AES-128-GCM-SIV : !!! ---------- cipher has no object identifier AES-192-GCM-SIV : !!! ---------- cipher has no object identifier AES-256-GCM-SIV : !!! ---------- cipher has no object identifier AES-256-WRAP-INV : !!! ---------- cipher has no object identifier AES-192-WRAP-INV : !!! ---------- cipher has no object identifier AES-128-WRAP-INV : !!! ---------- cipher has no object identifier AES-256-WRAP-PAD-INV : !!! ---------- cipher has no object identifier AES-192-WRAP-PAD-INV : !!! ---------- cipher has no object identifier AES-128-WRAP-PAD-INV : !!! ---------- cipher has no object identifier AES-128-CBC-HMAC-SHA1 : !!! ---------- cipher has no object identifier AES-256-CBC-HMAC-SHA1 : !!! ---------- cipher has no object identifier AES-128-CBC-HMAC-SHA256 : !!! ---------- cipher has no object identifier AES-256-CBC-HMAC-SHA256 : !!! ---------- cipher has no object identifier ARIA-256-CFB1 : !!! ---------- cipher has no object identifier ARIA-192-CFB1 : !!! ---------- cipher has no object identifier ARIA-128-CFB1 : !!! ---------- cipher has no object identifier ARIA-256-CFB8 : !!! ---------- cipher has no object identifier ARIA-192-CFB8 : !!! ---------- cipher has no object identifier ARIA-128-CFB8 : !!! ---------- cipher has no object identifier CAMELLIA-128-CBC-CTS : !!! ---------- cipher has no object identifier CAMELLIA-192-CBC-CTS : !!! ---------- cipher has no object identifier CAMELLIA-256-CBC-CTS : !!! ---------- cipher has no object identifier CAMELLIA-256-CFB1 : !!! ---------- cipher has no object identifier CAMELLIA-192-CFB1 : !!! ---------- cipher has no object identifier CAMELLIA-128-CFB1 : !!! ---------- cipher has no object identifier CAMELLIA-256-CFB8 : !!! ---------- cipher has no object identifier CAMELLIA-192-CFB8 : !!! ---------- cipher has no object identifier CAMELLIA-128-CFB8 : !!! ---------- cipher has no object identifier DES-EDE3-ECB : !!! ---------- cipher has no object identifier DES-EDE3-OFB : !!! ---------- cipher has no object identifier DES-EDE3-CFB // 不行 DES-EDE3-CFB8 // 不行 DES-EDE3-CFB1 // 不行 DES-EDE-CBC : !!! ---------- cipher has no object identifier DES-EDE-OFB : !!! ---------- cipher has no object identifier DES-EDE-CFB : !!! ---------- cipher has no object identifier SM4-GCM : !!! ---------- cipher has no object identifier SM4-CCM : !!! ---------- cipher has no object identifier SM4-XTS : !!! ---------- cipher has no object identifier ChaCha20 : !!! ---------- cipher has no object identifier ChaCha20-Poly1305 : !!! ---------- cipher has no object identifier free map, g_mem_hook_map.size() 0 笔记
测试工程实现
/*!
* \file main.cpp
*/#include my_openSSL_lib.h
#include openssl/crypto.h
#include openssl/bio.h
#include openssl/safestack.h
#include openssl/evp.h
#include openssl/provider.h#include stdlib.h
#include stdio.h
#include assert.h#include CMemHookRec.hBIO* bio_out NULL;
BIO* bio_err NULL;
static const char* select_name NULL;void my_openssl_app();
void list_ciphers(const char* prefix);
int cipher_cmp(const EVP_CIPHER* const* a, const EVP_CIPHER* const* b);
void collect_ciphers(EVP_CIPHER* cipher, void* stack);int main(int argc, char** argv)
{setvbuf(stdout, NULL, _IONBF, 0); // 清掉stdout缓存, 防止调用printf时阻塞mem_hook();my_openssl_app();mem_unhook();return 0;
}void my_openssl_app()
{bio_out BIO_new_fp(stdout, 0);bio_err BIO_new_fp(stdout, 0);if ((NULL ! bio_out) (NULL ! bio_err)){list_ciphers( );}if (NULL ! bio_out){BIO_free(bio_out);bio_out NULL;}if (NULL ! bio_err){BIO_free(bio_err);bio_err NULL;}
}void legacy_cipher_fn(const EVP_CIPHER* c,const char* from, const char* to, void* arg)
{int mode 0;unsigned long int flags 0;int alg_nid 0;if (select_name ! NULL (c NULL|| OPENSSL_strcasecmp(select_name, EVP_CIPHER_get0_name(c)) ! 0)){return;}if (c ! NULL) {mode EVP_CIPHER_get_mode(c);flags EVP_CIPHER_get_flags(c);alg_nid EVP_CIPHER_get_type(c);if (alg_nid NID_undef) {BIO_printf(bio_out, %s : !!! ---------- cipher has no object identifier\n, EVP_CIPHER_get0_name(c));}else if (mode EVP_CIPH_XTS_MODE) {BIO_printf((BIO*)arg, %s : !!! ---------- XTS ciphers not supported\n, EVP_CIPHER_get0_name(c));}else if ((flags EVP_CIPH_FLAG_AEAD_CIPHER) ! 0) {BIO_printf((BIO*)arg, %s : !!! ---------- AEAD ciphers not supported\n, EVP_CIPHER_get0_name(c));}else {BIO_printf((BIO*)arg, %s \n, EVP_CIPHER_get0_name(c));}}
}int name_cmp(const char* const* a, const char* const* b)
{return OPENSSL_strcasecmp(*a, *b);
}void collect_names(const char* name, void* vdata)
{STACK_OF(OPENSSL_CSTRING)* names (STACK_OF(OPENSSL_CSTRING)*)vdata;sk_OPENSSL_CSTRING_push(names, name);
}void print_names(BIO* out, STACK_OF(OPENSSL_CSTRING)* names)
{int i sk_OPENSSL_CSTRING_num(names);int j;sk_OPENSSL_CSTRING_sort(names);if (i 1)BIO_printf(out, { );for (j 0; j i; j) {const char* name sk_OPENSSL_CSTRING_value(names, j);if (j 0)BIO_printf(out, , );BIO_printf(out, %s, name);}if (i 1)BIO_printf(out, });
}DEFINE_STACK_OF(EVP_CIPHER)
void list_ciphers(const char* prefix)
{STACK_OF(EVP_CIPHER)* ciphers sk_EVP_CIPHER_new(cipher_cmp);int i;int mode 0;int flags 0;int alg_nid 0;if (ciphers NULL) {BIO_printf(bio_err, ERROR: Memory allocation\n);return;}if (true) {BIO_printf(bio_out, %sLegacy:\n, prefix);EVP_CIPHER_do_all_sorted(legacy_cipher_fn, bio_out);}BIO_printf(bio_out, %sProvided:\n, prefix);EVP_CIPHER_do_all_provided(NULL, collect_ciphers, ciphers);sk_EVP_CIPHER_sort(ciphers);for (i 0; i sk_EVP_CIPHER_num(ciphers); i) {const EVP_CIPHER* c sk_EVP_CIPHER_value(ciphers, i);mode EVP_CIPHER_get_mode(c);flags EVP_CIPHER_get_flags(c);alg_nid EVP_CIPHER_get_type(c);if (alg_nid NID_undef) {BIO_printf(bio_out, %s : !!! ---------- cipher has no object identifier\n, EVP_CIPHER_get0_name(c));continue;}else if (mode EVP_CIPH_XTS_MODE) {BIO_printf(bio_out, %s : !!! ---------- XTS ciphers not supported\n, EVP_CIPHER_get0_name(c));continue;}else if ((flags EVP_CIPH_FLAG_AEAD_CIPHER) ! 0) {BIO_printf(bio_out, %s : !!! ---------- AEAD ciphers not supported\n, EVP_CIPHER_get0_name(c));continue;}STACK_OF(OPENSSL_CSTRING)* names NULL;if (select_name ! NULL !EVP_CIPHER_is_a(c, select_name))continue;names sk_OPENSSL_CSTRING_new(name_cmp);if (names ! NULL EVP_CIPHER_names_do_all(c, collect_names, names)) {BIO_printf(bio_out, );print_names(bio_out, names);BIO_printf(bio_out, \r\n);/* BIO_printf(bio_out, %s\n,OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(c)));if (verbose) {const char* desc EVP_CIPHER_get0_description(c);if (desc ! NULL)BIO_printf(bio_out, description: %s\n, desc);print_param_types(retrievable algorithm parameters,EVP_CIPHER_gettable_params(c), 4);print_param_types(retrievable operation parameters,EVP_CIPHER_gettable_ctx_params(c), 4);print_param_types(settable operation parameters,EVP_CIPHER_settable_ctx_params(c), 4);}*/}sk_OPENSSL_CSTRING_free(names);}sk_EVP_CIPHER_pop_free(ciphers, EVP_CIPHER_free);
}int cipher_cmp(const EVP_CIPHER* const* a, const EVP_CIPHER* const* b)
{return strcmp(OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*a)),OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*b)));
}void collect_ciphers(EVP_CIPHER* cipher, void* stack)
{STACK_OF(EVP_CIPHER)* cipher_stack (STACK_OF(EVP_CIPHER)*)stack;if (sk_EVP_CIPHER_push(cipher_stack, cipher) 0)EVP_CIPHER_up_ref(cipher);
}
备注
我们自己写的工程, 只能调用openssl对外提供的接口, 没办法用openssl内部接口(包括内部函数, 内部头文件, 内部结构定义) 像这个列出openssl全部加密算法的实现, 用的是openssl接口上的回调函数入参. 传入我们自己的回调函数指针, 在回调函数中判断算法功能是否在命令行参数中可用于口令加密.
现在知道了支持口令加密的加密算法名称, 试几个不常见的口令加密算法, 看看是否好使? openssl pkey -in app_key.pem -passin pass:my_pwd_for_app_key -out app_key.der -outform DER app_key.pem是带口令保护的, 执行上面的命令, 转为一个不带口令的.der 现在用这个不带口令的.der, 转成带口令的.der, 加密算法用上面测试工程找到的有效算法名称, 试试好使不? openssl pkey -in app_key.der -out app_key_pwd1.pem -outform DER -passout pass:111111 -ChaCha20 Error: Cipher options are supported only for PEM output 看到口令加密算法只支持.PEM格式… 那算了, 就实验.der/.pem转成.pem的场景. openssl pkey -in app_key.der -out app_key_no_pwd.pem -outform PEM 先将上面实验的.der转成不带口令保护的.pem openssl pkey -in app_key_no_pwd.pem -out app_key_pwd1.pem -outform PEM -passout pass:111111 -ChaCha20 cipher has no object identifier 说明还有限制条件, 选用的算法必须有obj_id, 那将这个条件也加入算法选择逻辑里面. 程序修改完了, 上面的工程副本已经更新. 现在能看到, 算法ChaCha20在列表中已经标记为了不支持. 再试试其他支持的不常见加密算法. openssl pkey -in app_key_no_pwd.pem -out app_key_pwd1.pem -outform PEM -passout pass:111111 -DES-EDE3-CFB1 BC570600:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:342:Global default library context, Algorithm (DES-CFB : 6), Properties () 可以看到, 也不是每种算法都支持. 跟了一下openssl源码, 都是宏写的, 调用的都是内部函数, 不好弄清为啥不行. 那就试试找到的其他算法, 看行不行. 下面列出的都是好使的算法, 没有都列出, 在上面的算法列表中写上了是否好使. openssl pkey -in app_key_no_pwd.pem -out app_key_pwd1.pem -outform PEM -passout pass:111111 -AES-128-CFB8 过滤掉的算法中, 不好通过程序来判断了, 只能一个一个实验. 整理 - 总共有126种加密算法可用于命令行参数的密码加密算法 // 总共有126种加密算法可用于命令行参数的密码加密算法 Legacy: AES-128-CBC // ok AES-128-CFB // ok AES-128-CFB1 // ok AES-128-CFB8 // ok AES-128-ECB // ok AES-128-OFB // ok AES-192-CBC // ok AES-192-CFB // ok AES-192-CFB1 // ok AES-192-CFB8 // ok AES-192-ECB // ok AES-192-OFB // ok AES-256-CBC // ok AES-256-CFB // ok AES-256-CFB1 // ok AES-256-CFB8 // ok AES-256-ECB // ok AES-256-OFB // ok ARIA-128-CBC // ok ARIA-128-CFB // ok ARIA-128-CTR // ok ARIA-128-ECB // ok ARIA-128-OFB // ok ARIA-192-CBC // ok ARIA-192-CFB // ok ARIA-192-CTR // ok ARIA-192-ECB // ok ARIA-192-OFB // ok ARIA-256-CBC // ok ARIA-256-CFB // ok ARIA-256-CTR // ok ARIA-256-ECB // ok ARIA-256-OFB // ok CAMELLIA-128-CBC // ok CAMELLIA-128-CFB // ok CAMELLIA-128-CTR // ok CAMELLIA-128-ECB // ok CAMELLIA-128-OFB // ok CAMELLIA-192-CBC // ok CAMELLIA-192-CFB // ok CAMELLIA-192-CTR // ok CAMELLIA-192-ECB // ok CAMELLIA-192-OFB // ok CAMELLIA-256-CBC // ok CAMELLIA-256-CFB // ok CAMELLIA-256-CTR // ok CAMELLIA-256-ECB // ok CAMELLIA-256-OFB // ok DES-EDE // ok DES-EDE3-CBC // ok DES-EDE3-CFB // err DES-EDE3-CFB1 // err DES-EDE3-CFB8 // err id-aes128-wrap // ok id-aes128-wrap-pad // ok id-aes192-wrap // ok id-aes192-wrap-pad // ok id-aes256-wrap // ok id-aes256-wrap-pad // ok SM4-CBC // ok SM4-CFB // ok SM4-CTR // ok SM4-ECB // ok SM4-OFB // ok Provided: { 1.2.410.200046.1.1.12, ARIA-256-CBC, ARIA256 } // ok { 2.16.840.1.101.3.4.1.22, AES-192-CBC, AES192 } // ok { 2.16.840.1.101.3.4.1.4, AES-128-CFB } // ok { 1.2.410.200046.1.1.1, ARIA-128-ECB } // ok { 2.16.840.1.101.3.4.1.2, AES-128-CBC, AES128 } // ok { 2.16.840.1.101.3.4.1.24, AES-192-CFB } // ok { 1.2.392.200011.61.1.1.1.2, CAMELLIA-128-CBC, CAMELLIA128 } // ok { 1.2.392.200011.61.1.1.1.4, CAMELLIA-256-CBC, CAMELLIA256 } // ok { 2.16.840.1.101.3.4.1.42, AES-256-CBC, AES256 } // ok { 2.16.840.1.101.3.4.1.28, AES-192-WRAP-PAD, AES192-WRAP-PAD, id-aes192-wrap-pad } // ok { 2.16.840.1.101.3.4.1.8, AES-128-WRAP-PAD, AES128-WRAP-PAD, id-aes128-wrap-pad } // ok { 1.2.840.113549.1.9.16.3.6, DES3-WRAP, id-smime-alg-CMS3DESwrap } // err { 2.16.840.1.101.3.4.1.48, AES-256-WRAP-PAD, AES256-WRAP-PAD, id-aes256-wrap-pad } // ok { 1.2.156.10197.1.104.3, SM4-OFB, SM4-OFB128 } // ok { 2.16.840.1.101.3.4.1.25, AES-192-WRAP, AES192-WRAP, id-aes192-wrap } // ok { 2.16.840.1.101.3.4.1.41, AES-256-ECB } // ok { 0.3.4401.5.3.1.9.49, CAMELLIA-256-CTR } // ok { 1.2.410.200046.1.1.2, ARIA-128-CBC, ARIA128 } // ok { 0.3.4401.5.3.1.9.41, CAMELLIA-256-ECB } // ok { 2.16.840.1.101.3.4.1.44, AES-256-CFB } // ok { 1.2.156.10197.1.104.4, SM4-CFB, SM4-CFB128 } // ok { 0.3.4401.5.3.1.9.4, CAMELLIA-128-CFB } // ok { 1.2.410.200046.1.1.14, ARIA-256-OFB } // ok { 0.3.4401.5.3.1.9.9, CAMELLIA-128-CTR } // ok { 2.16.840.1.101.3.4.1.23, AES-192-OFB } // ok { 1.2.156.10197.1.104.1, SM4-ECB } // ok { 1.2.410.200046.1.1.7, ARIA-192-CBC, ARIA192 } // ok { 2.16.840.1.101.3.4.1.45, AES-256-WRAP, AES256-WRAP, id-aes256-wrap } // ok { 1.2.410.200046.1.1.15, ARIA-256-CTR } // ok { 1.2.410.200046.1.1.3, ARIA-128-CFB } // ok { 1.2.410.200046.1.1.6, ARIA-192-ECB } // ok { 0.3.4401.5.3.1.9.29, CAMELLIA-192-CTR } // ok { 0.3.4401.5.3.1.9.43, CAMELLIA-256-OFB } // ok { 1.2.156.10197.1.104.2, SM4, SM4-CBC } // ok { 1.3.14.3.2.17, DES-EDE, DES-EDE-ECB } // ok { 1.2.410.200046.1.1.11, ARIA-256-ECB } // ok { 2.16.840.1.101.3.4.1.5, AES-128-WRAP, AES128-WRAP, id-aes128-wrap } // ok { 2.16.840.1.101.3.4.1.3, AES-128-OFB } // ok { 0.3.4401.5.3.1.9.3, CAMELLIA-128-OFB } // ok { 0.3.4401.5.3.1.9.1, CAMELLIA-128-ECB } // ok { 1.2.840.113549.3.7, DES-EDE3-CBC, DES3 } // ok { 0.3.4401.5.3.1.9.44, CAMELLIA-256-CFB } // ok { 1.2.410.200046.1.1.10, ARIA-192-CTR } // ok { 0.3.4401.5.3.1.9.23, CAMELLIA-192-OFB } // ok { 0.3.4401.5.3.1.9.24, CAMELLIA-192-CFB } // ok { 1.2.410.200046.1.1.9, ARIA-192-OFB } // ok { 1.2.410.200046.1.1.13, ARIA-256-CFB } // 好使 { 2.16.840.1.101.3.4.1.1, AES-128-ECB } // 好使 { 1.2.410.200046.1.1.8, ARIA-192-CFB } // 好使 { 1.2.156.10197.1.104.7, SM4-CTR } // 好使 { 2.16.840.1.101.3.4.1.43, AES-256-OFB } // 好使 { 1.2.410.200046.1.1.4, ARIA-128-OFB } // 好使 { 1.2.392.200011.61.1.1.1.3, CAMELLIA-192-CBC, CAMELLIA192 } // 好使 { 0.3.4401.5.3.1.9.21, CAMELLIA-192-ECB } // 好使 { 1.2.410.200046.1.1.5, ARIA-128-CTR } // 好使 { 2.16.840.1.101.3.4.1.21, AES-192-ECB } // 好使 AES-256-CFB1 // 好使 AES-192-CFB1 // 好使 AES-128-CFB1 // 好使 AES-256-CFB8 // 好使 AES-192-CFB8 // 好使 AES-128-CFB8 // 可以 备注
如果想要转换后的.der/.pem受口令密码和加密算法保护, 必须是.pem格式. 如果怕逆向的用户看到程序中的.pem内容的数组, 可以将.pem放到参数文件中. 文件的组织可以用多个buffer合成一个buffer的方法(C - 多个buffer合并成一个buffer的管理类). 对一个大buffer加密(非对称/对称), 只有正版用户才能载入, 间接保护了程序被逆向.
END
