openssl3.2 - exp - 可以在命令行使用的口令算法名称列表

文章目录

    • openssl3.2 - exp - 可以在命令行使用的口令算法名称列表
    • 概述
    • 笔记
    • 测试工程实现
    • 备注
    • 整理 - 总共有126种加密算法可用于命令行参数的密码加密算法
    • 备注
    • END

openssl3.2 - exp - 可以在命令行使用的口令算法名称列表

概述

上一个笔记openssl3.2 - exp - PEM <==> DER, 还有个疑问.

openssl pkey -in app_key3.pem -out app_key5_pwd.pem -outform PEM -passout pass:111111 -算法名称

如果PEM/DER互转时, 要想转换后的文件带口令保护 就需要指定用哪种算法来执行口令加密算法.
并不是随便哪一种可见的算法名称就能用的.
算法有限制

算法不能有 EVP_CIPH_FLAG_AEAD_CIPHER 标记
模式不能是 EVP_CIPH_XTS_MODE

如果想确定哪些是不支持的口令加密算法, 必须要自己写个程序, 将不支持的算法过滤掉.
参照openssl源码, 写了一个测试程序, 可以将全部算法都列出来, 不支持的算法加上标记.
运行效果如下, 只要算法后边有标记 " !!! ---------- ", 都是不支持的命令行口令加密算法.

Legacy:
AES-128-CBC // ok
AES-128-CBC-HMAC-SHA1 : !!! ---------- cipher has no object identifier
AES-128-CBC-HMAC-SHA256 : !!! ---------- cipher has no object identifier
id-aes128-CCM : !!! ---------- AEAD ciphers not supported
AES-128-CFB // ok
AES-128-CFB1 // ok
AES-128-CFB8 // ok
AES-128-CTR : !!! ---------- cipher has no object identifier
AES-128-ECB // ok
id-aes128-GCM : !!! ---------- AEAD ciphers not supported
AES-128-OCB : !!! ---------- cipher has no object identifier
AES-128-OFB // ok
AES-128-XTS : !!! ---------- XTS ciphers not supported
AES-192-CBC
id-aes192-CCM : !!! ---------- AEAD ciphers not supported
AES-192-CFB // ok
AES-192-CFB1 // ok
AES-192-CFB8 // ok
AES-192-CTR : !!! ---------- cipher has no object identifier
AES-192-ECB // ok
id-aes192-GCM : !!! ---------- AEAD ciphers not supported
AES-192-OCB : !!! ---------- cipher has no object identifier
AES-192-OFB // ok
AES-256-CBC // ok
AES-256-CBC-HMAC-SHA1 : !!! ---------- cipher has no object identifier
AES-256-CBC-HMAC-SHA256 : !!! ---------- cipher has no object identifier
id-aes256-CCM : !!! ---------- AEAD ciphers not supported
AES-256-CFB // ok
AES-256-CFB1 // ok
AES-256-CFB8 // ok
AES-256-CTR : !!! ---------- cipher has no object identifier
AES-256-ECB // ok
id-aes256-GCM : !!! ---------- AEAD ciphers not supported
AES-256-OCB : !!! ---------- cipher has no object identifier
AES-256-OFB // ok
AES-256-XTS : !!! ---------- XTS ciphers not supported
ARIA-128-CBC // ok
ARIA-128-CCM : !!! ---------- AEAD ciphers not supported
ARIA-128-CFB // ok
ARIA-128-CFB1 : !!! ---------- cipher has no object identifier
ARIA-128-CFB8 : !!! ---------- cipher has no object identifier
ARIA-128-CTR // ok
ARIA-128-ECB // ok
ARIA-128-GCM : !!! ---------- AEAD ciphers not supported
ARIA-128-OFB // ok
ARIA-192-CBC // ok
ARIA-192-CCM : !!! ---------- AEAD ciphers not supported
ARIA-192-CFB // ok
ARIA-192-CFB1 : !!! ---------- cipher has no object identifier
ARIA-192-CFB8 : !!! ---------- cipher has no object identifier
ARIA-192-CTR // ok
ARIA-192-ECB // ok
ARIA-192-GCM : !!! ---------- AEAD ciphers not supported
ARIA-192-OFB // ok
ARIA-256-CBC // ok
ARIA-256-CCM : !!! ---------- AEAD ciphers not supported
ARIA-256-CFB // ok
ARIA-256-CFB1 : !!! ---------- cipher has no object identifier
ARIA-256-CFB8 : !!! ---------- cipher has no object identifier
ARIA-256-CTR // ok
ARIA-256-ECB // ok
ARIA-256-GCM : !!! ---------- AEAD ciphers not supported
ARIA-256-OFB // ok
BF-CBC // err
BF-CFB : !!! ---------- cipher has no object identifier
BF-ECB : !!! ---------- cipher has no object identifier
BF-OFB : !!! ---------- cipher has no object identifier
CAMELLIA-128-CBC // ok
CAMELLIA-128-CFB // ok
CAMELLIA-128-CFB1 : !!! ---------- cipher has no object identifier
CAMELLIA-128-CFB8 : !!! ---------- cipher has no object identifier
CAMELLIA-128-CTR // ok
CAMELLIA-128-ECB // ok
CAMELLIA-128-OFB // ok
CAMELLIA-192-CBC // ok
CAMELLIA-192-CFB // ok
CAMELLIA-192-CFB1 : !!! ---------- cipher has no object identifier
CAMELLIA-192-CFB8 : !!! ---------- cipher has no object identifier
CAMELLIA-192-CTR // ok
CAMELLIA-192-ECB // ok
CAMELLIA-192-OFB // ok
CAMELLIA-256-CBC // ok
CAMELLIA-256-CFB // ok
CAMELLIA-256-CFB1 : !!! ---------- cipher has no object identifier
CAMELLIA-256-CFB8 : !!! ---------- cipher has no object identifier
CAMELLIA-256-CTR // ok
CAMELLIA-256-ECB // ok
CAMELLIA-256-OFB // ok
CAST5-CBC // err
CAST5-CFB : !!! ---------- cipher has no object identifier
CAST5-ECB : !!! ---------- cipher has no object identifier
CAST5-OFB : !!! ---------- cipher has no object identifier
ChaCha20 : !!! ---------- cipher has no object identifier
ChaCha20-Poly1305 : !!! ---------- cipher has no object identifier
DES-CBC // err
DES-CFB // err
DES-CFB1 // err
DES-CFB8 // err
DES-ECB // err
DES-EDE // ok
DES-EDE-CBC : !!! ---------- cipher has no object identifier
DES-EDE-CFB : !!! ---------- cipher has no object identifier
DES-EDE-OFB : !!! ---------- cipher has no object identifier
DES-EDE3 : !!! ---------- cipher has no object identifier
DES-EDE3-CBC // ok
DES-EDE3-CFB // err
DES-EDE3-CFB1 // err
DES-EDE3-CFB8 // err
DES-EDE3-OFB : !!! ---------- cipher has no object identifier
DES-OFB // err
DESX-CBC : !!! ---------- cipher has no object identifier
id-aes128-CCM : !!! ---------- AEAD ciphers not supported
id-aes128-GCM : !!! ---------- AEAD ciphers not supported
id-aes128-wrap // ok
id-aes128-wrap-pad // ok
id-aes192-CCM : !!! ---------- AEAD ciphers not supported
id-aes192-GCM : !!! ---------- AEAD ciphers not supported
id-aes192-wrap // ok
id-aes192-wrap-pad // ok
id-aes256-CCM : !!! ---------- AEAD ciphers not supported
id-aes256-GCM : !!! ---------- AEAD ciphers not supported
id-aes256-wrap // ok
id-aes256-wrap-pad // ok
id-smime-alg-CMS3DESwrap // err
IDEA-CBC // err
IDEA-CFB : !!! ---------- cipher has no object identifier
IDEA-ECB : !!! ---------- cipher has no object identifier
IDEA-OFB : !!! ---------- cipher has no object identifier
RC2-40-CBC // err
RC2-64-CBC // err
RC2-CBC
RC2-CFB : !!! ---------- cipher has no object identifier
RC2-ECB : !!! ---------- cipher has no object identifier
RC2-OFB : !!! ---------- cipher has no object identifier
RC4 // err
RC4-40 // err
RC4-HMAC-MD5 : !!! ---------- cipher has no object identifier
SEED-CBC // err
SEED-CFB // err
SEED-ECB // err
SEED-OFB // err
SM4-CBC // ok
SM4-CFB // ok
SM4-CTR // ok
SM4-ECB // ok
SM4-OFB // ok
Provided:
{ 1.2.410.200046.1.1.12, ARIA-256-CBC, ARIA256 } // ok
{ 2.16.840.1.101.3.4.1.22, AES-192-CBC, AES192 } // ok
{ 2.16.840.1.101.3.4.1.4, AES-128-CFB } // ok
ARIA-192-CCM : !!! ---------- AEAD ciphers not supported
{ 1.2.410.200046.1.1.1, ARIA-128-ECB } // ok
{ 2.16.840.1.101.3.4.1.2, AES-128-CBC, AES128 } // ok
{ 2.16.840.1.101.3.4.1.24, AES-192-CFB } // ok
{ 1.2.392.200011.61.1.1.1.2, CAMELLIA-128-CBC, CAMELLIA128 } // ok
{ 1.2.392.200011.61.1.1.1.4, CAMELLIA-256-CBC, CAMELLIA256 } // ok
ARIA-192-GCM : !!! ---------- AEAD ciphers not supported
{ 2.16.840.1.101.3.4.1.42, AES-256-CBC, AES256 } // ok
{ 2.16.840.1.101.3.4.1.28, AES-192-WRAP-PAD, AES192-WRAP-PAD, id-aes192-wrap-pad } // ok
ARIA-256-GCM : !!! ---------- AEAD ciphers not supported
AES-256-XTS : !!! ---------- XTS ciphers not supported
{ 2.16.840.1.101.3.4.1.8, AES-128-WRAP-PAD, AES128-WRAP-PAD, id-aes128-wrap-pad } // ok
{ 1.2.840.113549.1.9.16.3.6, DES3-WRAP, id-smime-alg-CMS3DESwrap } // err
{ 2.16.840.1.101.3.4.1.48, AES-256-WRAP-PAD, AES256-WRAP-PAD, id-aes256-wrap-pad } // ok
{ 1.2.156.10197.1.104.3, SM4-OFB, SM4-OFB128 } // ok
{ 2.16.840.1.101.3.4.1.25, AES-192-WRAP, AES192-WRAP, id-aes192-wrap } // ok
{ 2.16.840.1.101.3.4.1.41, AES-256-ECB } // ok
{ 0.3.4401.5.3.1.9.49, CAMELLIA-256-CTR } // ok
{ 1.2.410.200046.1.1.2, ARIA-128-CBC, ARIA128 } // ok
AES-128-GCM : !!! ---------- AEAD ciphers not supported
{ 0.3.4401.5.3.1.9.41, CAMELLIA-256-ECB } // ok
{ 2.16.840.1.101.3.4.1.44, AES-256-CFB } // ok
{ 1.2.156.10197.1.104.4, SM4-CFB, SM4-CFB128 } // ok
{ 0.3.4401.5.3.1.9.4, CAMELLIA-128-CFB } // ok
ARIA-256-CCM : !!! ---------- AEAD ciphers not supported
{ 1.2.410.200046.1.1.14, ARIA-256-OFB } // ok
AES-256-GCM : !!! ---------- AEAD ciphers not supported
{ 0.3.4401.5.3.1.9.9, CAMELLIA-128-CTR } // ok
{ 2.16.840.1.101.3.4.1.23, AES-192-OFB } // ok
{ 1.2.156.10197.1.104.1, SM4-ECB } // ok
AES-128-CCM : !!! ---------- AEAD ciphers not supported
AES-256-CCM : !!! ---------- AEAD ciphers not supported
{ 1.2.410.200046.1.1.7, ARIA-192-CBC, ARIA192 } // ok
{ 2.16.840.1.101.3.4.1.45, AES-256-WRAP, AES256-WRAP, id-aes256-wrap } // ok
{ 1.2.410.200046.1.1.15, ARIA-256-CTR } // ok
{ 1.2.410.200046.1.1.3, ARIA-128-CFB } // ok
ARIA-128-GCM : !!! ---------- AEAD ciphers not supported
{ 1.2.410.200046.1.1.6, ARIA-192-ECB } // ok
AES-192-GCM : !!! ---------- AEAD ciphers not supported
{ 0.3.4401.5.3.1.9.29, CAMELLIA-192-CTR } // ok
{ 0.3.4401.5.3.1.9.43, CAMELLIA-256-OFB } // ok
{ 1.2.156.10197.1.104.2, SM4, SM4-CBC } // ok
ARIA-128-CCM : !!! ---------- AEAD ciphers not supported
AES-192-CCM : !!! ---------- AEAD ciphers not supported
{ 1.3.14.3.2.17, DES-EDE, DES-EDE-ECB } // ok
{ 1.2.410.200046.1.1.11, ARIA-256-ECB } // ok
AES-128-XTS : !!! ---------- XTS ciphers not supported
{ 2.16.840.1.101.3.4.1.5, AES-128-WRAP, AES128-WRAP, id-aes128-wrap } // ok
{ 2.16.840.1.101.3.4.1.3, AES-128-OFB } // ok
{ 0.3.4401.5.3.1.9.3, CAMELLIA-128-OFB } // ok
{ 0.3.4401.5.3.1.9.1, CAMELLIA-128-ECB } // ok
{ 1.2.840.113549.3.7, DES-EDE3-CBC, DES3 } // ok
{ 0.3.4401.5.3.1.9.44, CAMELLIA-256-CFB } // ok
{ 1.2.410.200046.1.1.10, ARIA-192-CTR } // ok
{ 0.3.4401.5.3.1.9.23, CAMELLIA-192-OFB } // ok
{ 0.3.4401.5.3.1.9.24, CAMELLIA-192-CFB } // ok
{ 1.2.410.200046.1.1.9, ARIA-192-OFB } // ok
{ 1.2.410.200046.1.1.13, ARIA-256-CFB } // 好使
{ 2.16.840.1.101.3.4.1.1, AES-128-ECB } // 好使
{ 1.2.410.200046.1.1.8, ARIA-192-CFB } // 好使
{ 1.2.156.10197.1.104.7, SM4-CTR } // 好使
{ 2.16.840.1.101.3.4.1.43, AES-256-OFB } // 好使
{ 1.2.410.200046.1.1.4, ARIA-128-OFB } // 好使
{ 1.2.392.200011.61.1.1.1.3, CAMELLIA-192-CBC, CAMELLIA192 } // 好使
{ 0.3.4401.5.3.1.9.21, CAMELLIA-192-ECB } // 好使
{ 1.2.410.200046.1.1.5, ARIA-128-CTR } // 好使
{ 2.16.840.1.101.3.4.1.21, AES-192-ECB } // 好使
NULL : !!! ---------- cipher has no object identifier
AES-128-CBC-CTS : !!! ---------- cipher has no object identifier
AES-192-CBC-CTS : !!! ---------- cipher has no object identifier
AES-256-CBC-CTS : !!! ---------- cipher has no object identifier
AES-256-CFB1 // 好使
AES-192-CFB1 // 好使
AES-128-CFB1 // 好使
AES-256-CFB8 // 好使
AES-192-CFB8 // 好使
AES-128-CFB8 // 可以
AES-256-CTR : !!! ---------- cipher has no object identifier
AES-192-CTR : !!! ---------- cipher has no object identifier
AES-128-CTR : !!! ---------- cipher has no object identifier
AES-256-OCB : !!! ---------- cipher has no object identifier
AES-192-OCB : !!! ---------- cipher has no object identifier
AES-128-OCB : !!! ---------- cipher has no object identifier
AES-128-SIV : !!! ---------- cipher has no object identifier
AES-192-SIV : !!! ---------- cipher has no object identifier
AES-256-SIV : !!! ---------- cipher has no object identifier
AES-128-GCM-SIV : !!! ---------- cipher has no object identifier
AES-192-GCM-SIV : !!! ---------- cipher has no object identifier
AES-256-GCM-SIV : !!! ---------- cipher has no object identifier
AES-256-WRAP-INV : !!! ---------- cipher has no object identifier
AES-192-WRAP-INV : !!! ---------- cipher has no object identifier
AES-128-WRAP-INV : !!! ---------- cipher has no object identifier
AES-256-WRAP-PAD-INV : !!! ---------- cipher has no object identifier
AES-192-WRAP-PAD-INV : !!! ---------- cipher has no object identifier
AES-128-WRAP-PAD-INV : !!! ---------- cipher has no object identifier
AES-128-CBC-HMAC-SHA1 : !!! ---------- cipher has no object identifier
AES-256-CBC-HMAC-SHA1 : !!! ---------- cipher has no object identifier
AES-128-CBC-HMAC-SHA256 : !!! ---------- cipher has no object identifier
AES-256-CBC-HMAC-SHA256 : !!! ---------- cipher has no object identifier
ARIA-256-CFB1 : !!! ---------- cipher has no object identifier
ARIA-192-CFB1 : !!! ---------- cipher has no object identifier
ARIA-128-CFB1 : !!! ---------- cipher has no object identifier
ARIA-256-CFB8 : !!! ---------- cipher has no object identifier
ARIA-192-CFB8 : !!! ---------- cipher has no object identifier
ARIA-128-CFB8 : !!! ---------- cipher has no object identifier
CAMELLIA-128-CBC-CTS : !!! ---------- cipher has no object identifier
CAMELLIA-192-CBC-CTS : !!! ---------- cipher has no object identifier
CAMELLIA-256-CBC-CTS : !!! ---------- cipher has no object identifier
CAMELLIA-256-CFB1 : !!! ---------- cipher has no object identifier
CAMELLIA-192-CFB1 : !!! ---------- cipher has no object identifier
CAMELLIA-128-CFB1 : !!! ---------- cipher has no object identifier
CAMELLIA-256-CFB8 : !!! ---------- cipher has no object identifier
CAMELLIA-192-CFB8 : !!! ---------- cipher has no object identifier
CAMELLIA-128-CFB8 : !!! ---------- cipher has no object identifier
DES-EDE3-ECB : !!! ---------- cipher has no object identifier
DES-EDE3-OFB : !!! ---------- cipher has no object identifier
DES-EDE3-CFB // 不行
DES-EDE3-CFB8 // 不行
DES-EDE3-CFB1 // 不行
DES-EDE-CBC : !!! ---------- cipher has no object identifier
DES-EDE-OFB : !!! ---------- cipher has no object identifier
DES-EDE-CFB : !!! ---------- cipher has no object identifier
SM4-GCM : !!! ---------- cipher has no object identifier
SM4-CCM : !!! ---------- cipher has no object identifier
SM4-XTS : !!! ---------- cipher has no object identifier
ChaCha20 : !!! ---------- cipher has no object identifier
ChaCha20-Poly1305 : !!! ---------- cipher has no object identifier
free map, g_mem_hook_map.size() = 0

笔记

测试工程实现

/*!
* \file main.cpp
*/#include "my_openSSL_lib.h"
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/safestack.h>
#include <openssl/evp.h>
#include <openssl/provider.h>#include <stdlib.h>
#include <stdio.h>
#include <assert.h>#include "CMemHookRec.h"BIO* bio_out = NULL;
BIO* bio_err = NULL;
static const char* select_name = NULL;void my_openssl_app();
void list_ciphers(const char* prefix);
int cipher_cmp(const EVP_CIPHER* const* a, const EVP_CIPHER* const* b);
void collect_ciphers(EVP_CIPHER* cipher, void* stack);int main(int argc, char** argv)
{setvbuf(stdout, NULL, _IONBF, 0); // 清掉stdout缓存, 防止调用printf时阻塞mem_hook();my_openssl_app();mem_unhook();return 0;
}void my_openssl_app()
{bio_out = BIO_new_fp(stdout, 0);bio_err = BIO_new_fp(stdout, 0);if ((NULL != bio_out) && (NULL != bio_err)){list_ciphers(" ");}if (NULL != bio_out){BIO_free(bio_out);bio_out = NULL;}if (NULL != bio_err){BIO_free(bio_err);bio_err = NULL;}
}void legacy_cipher_fn(const EVP_CIPHER* c,const char* from, const char* to, void* arg)
{int mode = 0;unsigned long int flags = 0;int alg_nid = 0;if (select_name != NULL&& (c == NULL|| OPENSSL_strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0)){return;}if (c != NULL) {mode = EVP_CIPHER_get_mode(c);flags = EVP_CIPHER_get_flags(c);alg_nid = EVP_CIPHER_get_type(c);if (alg_nid == NID_undef) {BIO_printf(bio_out, "  %s :                               !!! ---------- cipher has no object identifier\n", EVP_CIPHER_get0_name(c));}else if (mode == EVP_CIPH_XTS_MODE) {BIO_printf((BIO*)arg, "  %s :                               !!! ---------- XTS ciphers not supported\n", EVP_CIPHER_get0_name(c));}else if ((flags & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {BIO_printf((BIO*)arg, "  %s :                               !!! ---------- AEAD ciphers not supported\n", EVP_CIPHER_get0_name(c));}else {BIO_printf((BIO*)arg, "  %s \n", EVP_CIPHER_get0_name(c));}}
}int name_cmp(const char* const* a, const char* const* b)
{return OPENSSL_strcasecmp(*a, *b);
}void collect_names(const char* name, void* vdata)
{STACK_OF(OPENSSL_CSTRING)* names = (STACK_OF(OPENSSL_CSTRING)*)vdata;sk_OPENSSL_CSTRING_push(names, name);
}void print_names(BIO* out, STACK_OF(OPENSSL_CSTRING)* names)
{int i = sk_OPENSSL_CSTRING_num(names);int j;sk_OPENSSL_CSTRING_sort(names);if (i > 1)BIO_printf(out, "{ ");for (j = 0; j < i; j++) {const char* name = sk_OPENSSL_CSTRING_value(names, j);if (j > 0)BIO_printf(out, ", ");BIO_printf(out, "%s", name);}if (i > 1)BIO_printf(out, " }");
}DEFINE_STACK_OF(EVP_CIPHER)
void list_ciphers(const char* prefix)
{STACK_OF(EVP_CIPHER)* ciphers = sk_EVP_CIPHER_new(cipher_cmp);int i;int mode = 0;int flags = 0;int alg_nid = 0;if (ciphers == NULL) {BIO_printf(bio_err, "ERROR: Memory allocation\n");return;}if (true) {BIO_printf(bio_out, "%sLegacy:\n", prefix);EVP_CIPHER_do_all_sorted(legacy_cipher_fn, bio_out);}BIO_printf(bio_out, "%sProvided:\n", prefix);EVP_CIPHER_do_all_provided(NULL, collect_ciphers, ciphers);sk_EVP_CIPHER_sort(ciphers);for (i = 0; i < sk_EVP_CIPHER_num(ciphers); i++) {const EVP_CIPHER* c = sk_EVP_CIPHER_value(ciphers, i);mode = EVP_CIPHER_get_mode(c);flags = EVP_CIPHER_get_flags(c);alg_nid = EVP_CIPHER_get_type(c);if (alg_nid == NID_undef) {BIO_printf(bio_out, "  %s :                               !!! ---------- cipher has no object identifier\n", EVP_CIPHER_get0_name(c));continue;}else if (mode == EVP_CIPH_XTS_MODE) {BIO_printf(bio_out, "  %s :                               !!! ---------- XTS ciphers not supported\n", EVP_CIPHER_get0_name(c));continue;}else if ((flags & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {BIO_printf(bio_out, "  %s :                               !!! ---------- AEAD ciphers not supported\n", EVP_CIPHER_get0_name(c));continue;}STACK_OF(OPENSSL_CSTRING)* names = NULL;if (select_name != NULL && !EVP_CIPHER_is_a(c, select_name))continue;names = sk_OPENSSL_CSTRING_new(name_cmp);if (names != NULL && EVP_CIPHER_names_do_all(c, collect_names, names)) {BIO_printf(bio_out, "  ");print_names(bio_out, names);BIO_printf(bio_out, "\r\n");/* BIO_printf(bio_out, " @ %s\n",OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(c)));if (verbose) {const char* desc = EVP_CIPHER_get0_description(c);if (desc != NULL)BIO_printf(bio_out, "    description: %s\n", desc);print_param_types("retrievable algorithm parameters",EVP_CIPHER_gettable_params(c), 4);print_param_types("retrievable operation parameters",EVP_CIPHER_gettable_ctx_params(c), 4);print_param_types("settable operation parameters",EVP_CIPHER_settable_ctx_params(c), 4);}*/}sk_OPENSSL_CSTRING_free(names);}sk_EVP_CIPHER_pop_free(ciphers, EVP_CIPHER_free);
}int cipher_cmp(const EVP_CIPHER* const* a, const EVP_CIPHER* const* b)
{return strcmp(OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*a)),OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*b)));
}void collect_ciphers(EVP_CIPHER* cipher, void* stack)
{STACK_OF(EVP_CIPHER)* cipher_stack = (STACK_OF(EVP_CIPHER)*)stack;if (sk_EVP_CIPHER_push(cipher_stack, cipher) > 0)EVP_CIPHER_up_ref(cipher);
}

备注

我们自己写的工程, 只能调用openssl对外提供的接口, 没办法用openssl内部接口(包括内部函数, 内部头文件, 内部结构定义)
像这个列出openssl全部加密算法的实现, 用的是openssl接口上的回调函数入参. 传入我们自己的回调函数指针, 在回调函数中判断算法功能是否在命令行参数中可用于口令加密.

现在知道了支持口令加密的加密算法名称, 试几个不常见的口令加密算法, 看看是否好使?

openssl pkey -in app_key.pem -passin pass:my_pwd_for_app_key -out app_key.der -outform DER
app_key.pem是带口令保护的, 执行上面的命令, 转为一个不带口令的.der
现在用这个不带口令的.der, 转成带口令的.der, 加密算法用上面测试工程找到的有效算法名称, 试试好使不?

openssl pkey -in app_key.der -out app_key_pwd1.pem -outform DER -passout pass:111111 -ChaCha20
Error: Cipher options are supported only for PEM output

看到口令加密算法只支持.PEM格式…
那算了, 就实验.der/.pem转成.pem的场景.

openssl pkey -in app_key.der -out app_key_no_pwd.pem -outform PEM
先将上面实验的.der转成不带口令保护的.pem

openssl pkey -in app_key_no_pwd.pem -out app_key_pwd1.pem -outform PEM -passout pass:111111 -ChaCha20
cipher has no object identifier
说明还有限制条件, 选用的算法必须有obj_id, 那将这个条件也加入算法选择逻辑里面.

程序修改完了, 上面的工程副本已经更新. 现在能看到, 算法ChaCha20在列表中已经标记为了不支持.
再试试其他支持的不常见加密算法.
openssl pkey -in app_key_no_pwd.pem -out app_key_pwd1.pem -outform PEM -passout pass:111111 -DES-EDE3-CFB1
BC570600:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:342:Global default library context, Algorithm (DES-CFB : 6), Properties ()
可以看到, 也不是每种算法都支持.
跟了一下openssl源码, 都是宏写的, 调用的都是内部函数, 不好弄清为啥不行.
那就试试找到的其他算法, 看行不行.

下面列出的都是好使的算法, 没有都列出, 在上面的算法列表中写上了是否好使.
openssl pkey -in app_key_no_pwd.pem -out app_key_pwd1.pem -outform PEM -passout pass:111111 -AES-128-CFB8
过滤掉的算法中, 不好通过程序来判断了, 只能一个一个实验.

整理 - 总共有126种加密算法可用于命令行参数的密码加密算法

// 总共有126种加密算法可用于命令行参数的密码加密算法
Legacy:
AES-128-CBC // ok
AES-128-CFB // ok
AES-128-CFB1 // ok
AES-128-CFB8 // ok
AES-128-ECB // ok
AES-128-OFB // ok
AES-192-CBC // ok
AES-192-CFB // ok
AES-192-CFB1 // ok
AES-192-CFB8 // ok
AES-192-ECB // ok
AES-192-OFB // ok
AES-256-CBC // ok
AES-256-CFB // ok
AES-256-CFB1 // ok
AES-256-CFB8 // ok
AES-256-ECB // ok
AES-256-OFB // ok
ARIA-128-CBC // ok
ARIA-128-CFB // ok
ARIA-128-CTR // ok
ARIA-128-ECB // ok
ARIA-128-OFB // ok
ARIA-192-CBC // ok
ARIA-192-CFB // ok
ARIA-192-CTR // ok
ARIA-192-ECB // ok
ARIA-192-OFB // ok
ARIA-256-CBC // ok
ARIA-256-CFB // ok
ARIA-256-CTR // ok
ARIA-256-ECB // ok
ARIA-256-OFB // ok
CAMELLIA-128-CBC // ok
CAMELLIA-128-CFB // ok
CAMELLIA-128-CTR // ok
CAMELLIA-128-ECB // ok
CAMELLIA-128-OFB // ok
CAMELLIA-192-CBC // ok
CAMELLIA-192-CFB // ok
CAMELLIA-192-CTR // ok
CAMELLIA-192-ECB // ok
CAMELLIA-192-OFB // ok
CAMELLIA-256-CBC // ok
CAMELLIA-256-CFB // ok
CAMELLIA-256-CTR // ok
CAMELLIA-256-ECB // ok
CAMELLIA-256-OFB // ok
DES-EDE // ok
DES-EDE3-CBC // ok
DES-EDE3-CFB // err
DES-EDE3-CFB1 // err
DES-EDE3-CFB8 // err
id-aes128-wrap // ok
id-aes128-wrap-pad // ok
id-aes192-wrap // ok
id-aes192-wrap-pad // ok
id-aes256-wrap // ok
id-aes256-wrap-pad // ok
SM4-CBC // ok
SM4-CFB // ok
SM4-CTR // ok
SM4-ECB // ok
SM4-OFB // ok
Provided:
{ 1.2.410.200046.1.1.12, ARIA-256-CBC, ARIA256 } // ok
{ 2.16.840.1.101.3.4.1.22, AES-192-CBC, AES192 } // ok
{ 2.16.840.1.101.3.4.1.4, AES-128-CFB } // ok
{ 1.2.410.200046.1.1.1, ARIA-128-ECB } // ok
{ 2.16.840.1.101.3.4.1.2, AES-128-CBC, AES128 } // ok
{ 2.16.840.1.101.3.4.1.24, AES-192-CFB } // ok
{ 1.2.392.200011.61.1.1.1.2, CAMELLIA-128-CBC, CAMELLIA128 } // ok
{ 1.2.392.200011.61.1.1.1.4, CAMELLIA-256-CBC, CAMELLIA256 } // ok
{ 2.16.840.1.101.3.4.1.42, AES-256-CBC, AES256 } // ok
{ 2.16.840.1.101.3.4.1.28, AES-192-WRAP-PAD, AES192-WRAP-PAD, id-aes192-wrap-pad } // ok
{ 2.16.840.1.101.3.4.1.8, AES-128-WRAP-PAD, AES128-WRAP-PAD, id-aes128-wrap-pad } // ok
{ 1.2.840.113549.1.9.16.3.6, DES3-WRAP, id-smime-alg-CMS3DESwrap } // err
{ 2.16.840.1.101.3.4.1.48, AES-256-WRAP-PAD, AES256-WRAP-PAD, id-aes256-wrap-pad } // ok
{ 1.2.156.10197.1.104.3, SM4-OFB, SM4-OFB128 } // ok
{ 2.16.840.1.101.3.4.1.25, AES-192-WRAP, AES192-WRAP, id-aes192-wrap } // ok
{ 2.16.840.1.101.3.4.1.41, AES-256-ECB } // ok
{ 0.3.4401.5.3.1.9.49, CAMELLIA-256-CTR } // ok
{ 1.2.410.200046.1.1.2, ARIA-128-CBC, ARIA128 } // ok
{ 0.3.4401.5.3.1.9.41, CAMELLIA-256-ECB } // ok
{ 2.16.840.1.101.3.4.1.44, AES-256-CFB } // ok
{ 1.2.156.10197.1.104.4, SM4-CFB, SM4-CFB128 } // ok
{ 0.3.4401.5.3.1.9.4, CAMELLIA-128-CFB } // ok
{ 1.2.410.200046.1.1.14, ARIA-256-OFB } // ok
{ 0.3.4401.5.3.1.9.9, CAMELLIA-128-CTR } // ok
{ 2.16.840.1.101.3.4.1.23, AES-192-OFB } // ok
{ 1.2.156.10197.1.104.1, SM4-ECB } // ok
{ 1.2.410.200046.1.1.7, ARIA-192-CBC, ARIA192 } // ok
{ 2.16.840.1.101.3.4.1.45, AES-256-WRAP, AES256-WRAP, id-aes256-wrap } // ok
{ 1.2.410.200046.1.1.15, ARIA-256-CTR } // ok
{ 1.2.410.200046.1.1.3, ARIA-128-CFB } // ok
{ 1.2.410.200046.1.1.6, ARIA-192-ECB } // ok
{ 0.3.4401.5.3.1.9.29, CAMELLIA-192-CTR } // ok
{ 0.3.4401.5.3.1.9.43, CAMELLIA-256-OFB } // ok
{ 1.2.156.10197.1.104.2, SM4, SM4-CBC } // ok
{ 1.3.14.3.2.17, DES-EDE, DES-EDE-ECB } // ok
{ 1.2.410.200046.1.1.11, ARIA-256-ECB } // ok
{ 2.16.840.1.101.3.4.1.5, AES-128-WRAP, AES128-WRAP, id-aes128-wrap } // ok
{ 2.16.840.1.101.3.4.1.3, AES-128-OFB } // ok
{ 0.3.4401.5.3.1.9.3, CAMELLIA-128-OFB } // ok
{ 0.3.4401.5.3.1.9.1, CAMELLIA-128-ECB } // ok
{ 1.2.840.113549.3.7, DES-EDE3-CBC, DES3 } // ok
{ 0.3.4401.5.3.1.9.44, CAMELLIA-256-CFB } // ok
{ 1.2.410.200046.1.1.10, ARIA-192-CTR } // ok
{ 0.3.4401.5.3.1.9.23, CAMELLIA-192-OFB } // ok
{ 0.3.4401.5.3.1.9.24, CAMELLIA-192-CFB } // ok
{ 1.2.410.200046.1.1.9, ARIA-192-OFB } // ok
{ 1.2.410.200046.1.1.13, ARIA-256-CFB } // 好使
{ 2.16.840.1.101.3.4.1.1, AES-128-ECB } // 好使
{ 1.2.410.200046.1.1.8, ARIA-192-CFB } // 好使
{ 1.2.156.10197.1.104.7, SM4-CTR } // 好使
{ 2.16.840.1.101.3.4.1.43, AES-256-OFB } // 好使
{ 1.2.410.200046.1.1.4, ARIA-128-OFB } // 好使
{ 1.2.392.200011.61.1.1.1.3, CAMELLIA-192-CBC, CAMELLIA192 } // 好使
{ 0.3.4401.5.3.1.9.21, CAMELLIA-192-ECB } // 好使
{ 1.2.410.200046.1.1.5, ARIA-128-CTR } // 好使
{ 2.16.840.1.101.3.4.1.21, AES-192-ECB } // 好使
AES-256-CFB1 // 好使
AES-192-CFB1 // 好使
AES-128-CFB1 // 好使
AES-256-CFB8 // 好使
AES-192-CFB8 // 好使
AES-128-CFB8 // 可以

备注

如果想要转换后的.der/.pem受口令密码和加密算法保护, 必须是.pem格式.
如果怕逆向的用户看到程序中的.pem内容的数组, 可以将.pem放到参数文件中.
文件的组织可以用多个buffer合成一个buffer的方法(C++ - 多个buffer合并成一个buffer的管理类).
对一个大buffer加密(非对称/对称), 只有正版用户才能载入, 间接保护了程序被逆向.

END

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/733326.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

代码随想录-动态规划4(46. 携带研究材料(第六期模拟笔试) 、416. 分割等和子集)

46. 携带研究材料&#xff08;第六期模拟笔试&#xff09; #include <iostream> #include <stdio.h> #include <vector>using namespace std;int bag(int N, vector<int> &weight, vector<int> &value) {int M weight.size();vector&l…

JavaEE进阶篇 (一) -- Maven

写在前&#xff1a;Hello各位小伙伴们&#xff0c;这一部分主要对JavaEE进阶部分内容进行学习记录&#xff0c;关于前面学习的内容也会同步更新~~ 在学习新内容之前&#xff0c;需要了解一下基础的内容&#xff1a; JavaEE(Java Platform Enterprise Edition),Java平台企业版&…

python3 多进程通信的方式

在 Python 3 中&#xff0c;实现多进程间通信的方式有以下几种常见方式&#xff1a; 队列&#xff08;Queue&#xff09;&#xff1a; 使用 multiprocessing.Queue 类可以在多个进程之间安全地传递消息和数据。多个进程可以将数据放入队列中&#xff0c;然后其他进程可以从队列…

面试经典150题——环形链表

Suffering, for the weak is the tomb of death, and for the strong is the soil of germinal ambition.​ 1. 题目描述 2. 题目分析与解析 2.1 思路一 这个题目就是判断一个链表有没有环&#xff0c;其实我们之讲过一个题目&#xff0c;就实现了判断链表有没有环的步骤&a…

LeetCode---387周赛

题目列表 3069. 将元素分配到两个数组中 I 3070. 元素和小于等于 k 的子矩阵的数目 3071. 在矩阵上写出字母 Y 所需的最少操作次数 3072. 将元素分配到两个数组中 II 一、将元素分配到两个数组中I 直接按照题目要求进行模拟即可&#xff0c;代码如下 class Solution { p…

探索 ON1 Resize Ai 2023.5 for Mac/win:释放图像的无限可能

ON1 Resize AI 2023.5 for Mac/Win 是一款专业的图像无损放大软件&#xff0c;通过人工智能技术&#xff0c;能够将图像放大至更高的分辨率&#xff0c;同时保持图像细节和清晰度的最佳状态。该软件的强大功能和直观的操作界面&#xff0c;使它成为摄影师、设计师和艺术家的理想…

讲解人工智能在现代科技中的应用和未来发展趋势。

目录 1.人工智能在现代科技中的应用 1.1医疗健康 1.2交通运输 1.3金融服务 1.4教育 1.5制造业 1.6客户服务 2.未来发展趋势 2.1泛化能力提升 2.2跨领域集成学习 2.3增强的可解释性和透明度 2.4AI伦理和法规 2.5量子计算与AI的结合 2.6AI与物联网&#xff08;IoT&…

006-v-model原理

v-model原理 简介v-model应用在输入框上v-model应用在组件上 简介 由 属性绑定(v-bind:value“searchText”) 配合 input事件监听(v-on:input“searchText event.target.value”) 实现。 应用在组件上由 props: {value: xxx } &#xff0c;this.$emit(‘input’, xxx ) 完成。…

华为OD算法

【华为OD机考 统一考试机试C卷】开源项目热度榜单 题目描述 某个开源社区希望将最近热度比较高的开源项目出一个榜单&#xff0c;推荐给社区里面的开发者。对于每个开源项目&#xff0c;开发者可以进行关注(watch)、收藏(star)、fork、提issue、提交合并请求(MR)等。 数据库里…

代码随想录算法训练营day16 | 104.二叉树的最大深度、111.二叉树的最小深度、222.完全二叉树的节点个数

目录 二叉树的最大深度思路解题方法递归迭代 复杂度Code递归迭代 二叉树的最小深度思路解题方法递归迭代 复杂度Code递归迭代 第一题思路解题方法递归迭代 复杂度递归迭代 Code递归迭代 总结 二叉树的最大深度 链接: 二叉树的最大深度 二叉树的 最大深度 是指从根节点到最远叶…

滴滴一面:Keepalived+Nginx高可用,如何实现IP跳跃?(1)

尼恩说在前面 HashMap的工作原理是目前java面试问的较为常见的问题之一&#xff0c;在40岁老架构师 尼恩的读者交流群(50)中&#xff0c;最近有小伙伴拿到了一线互联网企业如得物、阿里、滴滴、极兔、有赞、shein 希音、百度、网易的面试资格&#xff0c;遇到很多很重要的面试…

OpenCV学习笔记(四)——对视频的读取操作

目录 读取视频内容 将彩色视频转换为灰色视频 读取视频内容 读取视频文件通常分为读取文件、验证是否打开成功打开文件、逐帧读取视频文件、释放资源和关闭窗口 &#xff08;1&#xff09;读取文件 在OpenCV中&#xff0c;通常使用VedioCapture来读取视频流&#xff0c;Vedi…

linux中的“<“、“<<“、“>“

当我们在命令行中执行一个命令时&#xff0c;通常需要指定命令所需的输入数据和输出目标。输入重定向符号 <、<< 和 > 就是用来处理这些输入输出的。 1. 命令 < 文件 这个符号表示将文件内容作为命令的标准输入。换句话说&#xff0c;命令将从指定的文件中读取…

SQL Server 技术100问?

这些问题旨在帮助SQL Server的管理员和开发人员深入理解数据库管理系统的核心概念和技术&#xff0c;从而更好地进行数据库设计、性能优化、安全管理等工作。 SQL Server的最新版本有哪些新特性&#xff1f;如何在SQL Server中创建一个新的数据库&#xff1f;如何在SQL Server…

图的单源最短路径问题

目录 一、简述 二、前置配置 三、迪杰斯特拉算法 四、改进的迪杰斯特拉算法 五、贝尔曼福特算法 一、简述 图是一种比较常用的数据结构&#xff0c;将问题转换成图相关的思路也是比较常用的。 图的单源最短路径问题&#xff0c;也就是图中某一个节点到图中其他节点的最短路…

基于JAVA+ springboot实现的抗疫物质信息管理系统

基于JAVA springboot实现的抗疫物质信息管理系统设计和实现 博主介绍&#xff1a;多年java开发经验&#xff0c;专注Java开发、定制、远程、文档编写指导等,csdn特邀作者、专注于Java技术领域 作者主页 央顺技术团队 Java毕设项目精品实战案例《1000套》 欢迎点赞 收藏 ⭐留言 …

macOS上实现「灵动岛」效果

自从Apple iPhone推出了「灵动岛」功能后&#xff0c;用户们就被其优雅的设计和强大的功能所吸引。然而&#xff0c;作为macOS用户&#xff0c;我们一直在等待这一功能能够在我们的设备上实现。现在&#xff0c;随着新的应用程序的推出&#xff0c;我们终于可以在我们的Mac上体…

JWT的是什么

session共享 什么是session共享 Session共享是指在分布式系统中&#xff0c;在多个服务器之间共享同一个用户的会话数据。在传统的Web应用中&#xff0c;用户的会话信息通常存储在服务器端的Session中&#xff0c;而每个用户的请求在同一个服务器上处理&#xff0c;因此可以轻…

AR实景儿童闯关游戏开发

AR实景儿童闯关游戏开发,增强现实&#xff08;Augmented Reality&#xff0c;AR&#xff09;技术正逐渐渗透到我们生活的方方面面。在游戏领域中&#xff0c;AR技术为游戏开发者带来了无限的想象空间和创作可能性。其中一种引人注目的游戏类型是AR实景儿童闯关游戏。这种游戏结…

【黑马程序员】Python基础

文章目录 初始PythonPython应用场景什么是编程语言安装Python开发环境第一个Python程序Python解释器 Python基础语法常用数值类型字符串总结 python中的注释变量数据类型数据类型转换标识符运算符算术运算服赋值运算符 字符串扩展字符串的三种定义方式字符串的引号嵌套字符串的…