L 记事本
openSSL 密钥输入问题
-K 密钥
使用命令行加密的时候,需要指定密码,老是忘,记录下
K 实际指定的key,是16进制字符串
pass 是密码短语,kbdf2 生成实际的密钥
| Option | Description |
|---|---|
| -K | The actual key to use: this must be represented as a string comprised only of hex digits. If only the key is specified, the IV must additionally specified using the -iv option. When both a key and a password are specified, the key given with the -K option will be used and the IV generated from the password will be taken. It does not make much sense to specify both key and password. |
| -iv | The actual IV to use: this must be represented as a string comprised only of hex digits. When only the key is specified using the -K option, the IV must explicitly be defined. When a password is being specified using one of the other options, the IV is generated from this password. |
-pass 密码短语
-pass ,指定密码短语。 pbkdf2 生成实际的密钥 , 已经取代 -k 格式如下
| Format | Description |
|---|---|
| pass:password | the actual password is password. Since the password is visible to utilities (like ‘ps’ under Unix) this form should only be used where security is not important. |
| env:var | obtain the password from the environment variable var. Since the environment of other processes is visible on certain platforms (e.g. ps under certain Unix OSes) this option should be used with caution. |
| file:pathname | the first line of pathname is the password. If the same pathname argument is supplied to -passin and -passout arguments then the first line will be used for the input password and the next line for the output password. pathname need not refer to a regular file: it could for example refer to a device or named pipe. |
| fd:number | read the password from the file descriptor number. This can be used to send the data via a pipe for example. |
| stdin | read the password from standard input. |
echo "hello" | openssl enc -aes-256-ecb -pass "pass:123456" | openssl enc -aes-256-ecb -pass "pass:123456" -d
平时用到的
由于工作中经常要使用到加密解密,每次调试要到工作环境中解密,比较繁琐。 用openSSL 简单封装下解密参数。 alias不支持参数,所以用到了shell函数功能。
# 定义函数,把string 转换成 hex
function gt_GENKEYHEX(){echo -n $1 | xxd -p}
## adcheckdata
GT_KEY1=$(gt_GENKEYHEX "AES_KEY1")
function gt_Decrypt(){echo $2 | base64 -d | openssl enc -aes-128-ecb -K $1 -d}
function gt_adcheckdata(){gt_Decrypt "$GT_KEY1" $1}
## 加密参数
GT_KEY2=$(gt_GENKEYHEX 'AES_KEY2')
function gt_paramsdec(){ gt_Decrypt "$GT_KEY2" $1}