海运的博客

firefox下PT-Plugin-Plus打包并签名

发布时间:July 2, 2020 // 分类: // No Comments

安装nodejs和yarn:

curl -sL https://deb.nodesource.com/setup_12.x | bash -
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
apt update && sudo apt install yarn nodejs

打包PT-Plugin-Plus:

git clone https://github.com/ronggang/PT-Plugin-Plus.git
cd PT-Plugin-Plus/
yarn install
yarn build

打包dist目录,提交到firefox自托管附加组件签名

php openssl chacha20加密

发布时间:May 3, 2020 // 分类: // No Comments

ietf版chacha20 nonce为12字节,openssl_encrypt传递iv参数最低16字节,将nonce前面以0补充到16字节。

<?php
$key = hash('sha256', "pass", true);
$nonce = random_bytes(12);
$msg = "message";
$cipher_str = openssl_encrypt($msg, 'chacha20', $key, OPENSSL_NO_PADDING, "\0\0\0\0".$nonce);
echo "cipher hex: " . bin2hex($cipher_str) . PHP_EOL;
$plain_str = openssl_decrypt($cipher_str, 'chacha20', $key, OPENSSL_NO_PADDING, "\0\0\0\0".$nonce);
echo "plain text: ".$plain_str.PHP_EOL;

golang XChaCha20/ChaCha20/XChaCha20-Poly1305/ChaCha20-Poly1305加密

发布时间:May 2, 2020 // 分类: // No Comments

ChaCha20和XChaCha20,NewUnauthenticatedCipher传入nonce值为12字节时使用ChaCha20,24字节时使用XChaCha20加密方法:

package main

import (
        "crypto/sha256"
        "fmt"
        "io"
        "crypto/rand"
        //"encoding/hex"
        "golang.org/x/crypto/chacha20"
)

func main() {

        pass := "Hello"
        msg := []byte("Pass")
        //msg, _ := hex.DecodeString("e07a6838")

        key := sha256.Sum256([]byte(pass))

        //nonce := make([]byte, chacha20.NonceSize)
        nonce := make([]byte, chacha20.NonceSizeX)
        if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
                panic(err.Error())
        }

        cip, _ := chacha20.NewUnauthenticatedCipher(key[:], nonce)
        ciphertext := make([]byte, len(msg))
        plaintext  := make([]byte, len(msg))
        cip.XORKeyStream(ciphertext, msg)

        cip2, _ := chacha20.NewUnauthenticatedCipher(key[:], nonce)
        cip2.XORKeyStream(plaintext, ciphertext)

        fmt.Printf("Message:\t%s\n", msg)
        fmt.Printf("Passphrase:\t%s\n", pass)
        fmt.Printf("Key:\t%x\n", key)
        fmt.Printf("Nonce:\t%x\n", nonce)
        fmt.Printf("Cipher stream:\t%x\n", ciphertext)
        fmt.Printf("Plain text:\t%s\n", plaintext)

}

XChaCha20-Poly1305和ChaCha20-Poly1305加密,分别调用NewX和New初始化,nonce同上ChaCha20和XChaCha20的大小。

package main

import (
        "crypto/rand"
        "crypto/sha256"
        "fmt"
        "golang.org/x/crypto/chacha20poly1305"
        "io"
)

func main() {

        pass := "Hello"
        msg := "Pass"

        key := sha256.Sum256([]byte(pass))
        //aead, _ := chacha20poly1305.NewX(key[:])
        aead, _ := chacha20poly1305.New(key[:])

        //nonce := make([]byte, chacha20poly1305.NonceSizeX)
        nonce := make([]byte, chacha20poly1305.NonceSize)
        if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
                panic(err.Error())
        }

        ciphertext := aead.Seal(nil, nonce, []byte(msg), nil)
        plaintext, _ := aead.Open(nil, nonce, ciphertext, nil)

        fmt.Printf("Message:\t%s\n", msg)
        fmt.Printf("Passphrase:\t%s\n", pass)
        fmt.Printf("Key:\t%x\n", key)
        fmt.Printf("Nonce:\t%x\n", nonce)
        fmt.Printf("Cipher stream:\t%x\n", ciphertext)
        fmt.Printf("Plain text:\t%s\n", plaintext)

}

golang/php使用aes加密文件

发布时间:April 28, 2020 // 分类: // No Comments

兼容于golang语言版本:https://github.com/eliben/code-for-blog/blob/master/2019/aes-encrypt-file/aes-file.go
使用aes-256-cbc加密,加密文件前8字节为原始文件大小数字,跟着是16字节随机字节用作iv,再跟着是先补全的明文加密内容。

<?php
function decrypt($key, $infilename, $outfilename = "") {
  if (!$outfilename) {
    $outfilename = $infilename.'.dec';
  }
  $cipher_str = file_get_contents($infilename);
  if (!$cipher_str) {
    die("empty file".PHP_EOL);
  }
  $file_size = substr($cipher_str, 0, 8);
  $file_size = unpack("P", $file_size);
  $iv = substr($cipher_str, 8, 16);
  $cipher_str = substr($cipher_str, 24);
  $plain_str = openssl_decrypt($cipher_str, "aes-256-cbc", $key, 3, $iv);
  $plain_str = substr($plain_str, 0, $file_size[1]);
  file_put_contents($outfilename, $plain_str);
  echo "decrypted output file ".$outfilename.PHP_EOL;
}
function encrypt($key, $infilename, $outfilename) {
  if (!$outfilename) {
    $outfilename = $infilename.'.enc';
  }
  $plain_str = file_get_contents($infilename);
  if (!$plain_str) {
    die("empty file".PHP_EOL);
  }
  $file_size = strlen($plain_str);
  $file_size = pack("P", $file_size);
  $iv = random_bytes(16);
  if (strlen($plain_str) % 16 != 0) {
    $bytesToPad = 16 - (strlen($plain_str) % 16);
    $plain_str = $plain_str . random_bytes($bytesToPad);
  }
  $cipher_str = openssl_encrypt($plain_str, "aes-256-cbc", $key, 3, $iv);
  $cipher_str = $file_size.$iv.$cipher_str;
  file_put_contents($outfilename, $cipher_str);
  echo "encrypted output file ".$outfilename.PHP_EOL;
}
$arg = getopt('e::d::k:i:o:');
if (isset($arg['i']) && !empty($arg['i'])) {
  $infilename = $arg['i'];
} else {
  die("please input filename".PHP_EOL);
}
if (isset($arg['o']) && !empty($arg['o'])) {
  $outfilename = $arg['o'];
} else {
  $outfilename = "";
}
if (isset($arg['k']) && !empty($arg['k'])) {
  $key = $arg['k'];
} else {
  $key = "pass";
}
$key = hash('sha256', $key, true);
if (isset($arg['d'])) {
  decrypt($key, $infilename, $outfilename);
} elseif (isset($arg['e'])) {
  encrypt($key, $infilename, $outfilename);
}

golang cbc使用pkcs7补全版:

package main

import (
        "bytes"
        "crypto/aes"
        "crypto/cipher"
        "crypto/rand"
        "crypto/sha256"
        //"encoding/binary"
        "flag"
        "fmt"
        "io/ioutil"
        "log"
        "os"
)
func pkcs7strip(data *[]byte, blockSize int) (int, error) {
        length := len(*data)
        if length == 0 {
                return 0, fmt.Errorf("pkcs7: Data is empty")
        }
        if length%blockSize != 0 {
                return 0, fmt.Errorf("pkcs7: Data is not block-aligned")
        }
        padLen := int((*data)[length-1])
        ref := bytes.Repeat([]byte{byte(padLen)}, padLen)
        if padLen > blockSize || padLen == 0 || !bytes.HasSuffix(*data, ref) {
                return 0, fmt.Errorf("pkcs7: Invalid padding")
        }
        return length-padLen, nil
}

func pkcs7pad(data *[]byte, blockSize int) error {
        if blockSize < 0 || blockSize > 256 {
                return fmt.Errorf("pkcs7: Invalid block size %d", blockSize)
        } else {
                padLen := blockSize - len(*data) % blockSize
                padding := bytes.Repeat([]byte{byte(padLen)}, padLen)
                *data = append(*data, padding...)
                return nil
        }
}

func encryptFile(key []byte, filename string, outFilename string) (string, error) {
        if len(outFilename) == 0 {
                outFilename = filename + ".enc"
        }

        plaintext, err := ioutil.ReadFile(filename)
        if err != nil {
                return "", err
        }

        of, err := os.Create(outFilename)
        if err != nil {
                return "", err
        }
        defer of.Close()

        if  err := pkcs7pad(&plaintext, aes.BlockSize) ; err != nil {
                return "", err
        }

        iv := make([]byte, aes.BlockSize)
        if _, err := rand.Read(iv); err != nil {
                return "", err
        }
        if _, err = of.Write(iv); err != nil {
                return "", err
        }

        ciphertext := make([]byte, len(plaintext))

        block, err := aes.NewCipher(key)
        if err != nil {
                return "", err
        }
        mode := cipher.NewCBCEncrypter(block, iv)
        mode.CryptBlocks(ciphertext, plaintext)

        if _, err = of.Write(ciphertext); err != nil {
                return "", err
        }
        return outFilename, nil
}

func decryptFile(key []byte, filename string, outFilename string) (string, error) {
        if len(outFilename) == 0 {
                outFilename = filename + ".dec"
        }

        ciphertext, err := ioutil.ReadFile(filename)
        if err != nil {
                return "", err
        }

        of, err := os.Create(outFilename)
        if err != nil {
                return "", err
        }
        defer of.Close()

        buf := bytes.NewReader(ciphertext)
        iv := make([]byte, aes.BlockSize)
        if _, err = buf.Read(iv); err != nil {
                return "", err
        }

        paddedSize := len(ciphertext) - aes.BlockSize
        if paddedSize%aes.BlockSize != 0 {
                return "", fmt.Errorf("want padded plaintext size to be aligned to block size")
        }
        plaintext := make([]byte, paddedSize)

        block, err := aes.NewCipher(key)
        if err != nil {
                return "", err
        }
        mode := cipher.NewCBCDecrypter(block, iv)
        mode.CryptBlocks(plaintext, ciphertext[aes.BlockSize:])

        origSize, err := pkcs7strip(&plaintext, aes.BlockSize)
        if err != nil {
          return "", err
        }
        if _, err := of.Write(plaintext[:origSize]); err != nil {
                return "", err
        }
        return outFilename, nil
}

func main() {
        var keyFlag string
        encFlag := flag.Bool("e", false, "encrypt")
        decFlag := flag.Bool("d", false, "decrypt")
        flag.StringVar(&keyFlag, "k", "password", "encrypt password")

        flag.Parse()
        filename := flag.Arg(0)

        key := sha256.Sum256([]byte(keyFlag))
        fmt.Println("use password", keyFlag)
        //fmt.Println(key)
        if *encFlag {
                outFilename, err := encryptFile(key[:], filename, "")
                if err != nil {
                        log.Fatal(err)
                }
                fmt.Println("Encrypted output file:", outFilename)
        } else if *decFlag {
                outFilename, err := decryptFile(key[:], filename, "")
                if err != nil {
                        log.Fatal(err)
                }
                fmt.Println("Decrypted output file:", outFilename)
        } else {
                fmt.Println(flag.Usage)
                os.Exit(1)
        }
}

golang使用aes cfb:

package main

import (
        //"bytes"
        "crypto/aes"
        "crypto/cipher"
        "crypto/rand"
        "crypto/sha256"
        //"encoding/binary"
        "flag"
        "fmt"
        "io"
        "io/ioutil"
        "log"
        "os"
)

func encryptFile(key []byte, filename string, outFilename string) (string, error) {
        if len(outFilename) == 0 {
                outFilename = filename + ".enc"
        }

        plaintext, err := ioutil.ReadFile(filename)
        if err != nil {
                return "", err
        }

        of, err := os.Create(outFilename)
        if err != nil {
                return "", err
        }
        defer of.Close()

        block, err := aes.NewCipher(key)
        if err != nil {
                panic(err)
        }

        ciphertext := make([]byte, aes.BlockSize+len(plaintext))
        iv := ciphertext[:aes.BlockSize]
        if _, err := io.ReadFull(rand.Reader, iv); err != nil {
                panic(err)
        }

        stream := cipher.NewCFBEncrypter(block, iv)
        stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)

        fmt.Printf("iv:\t%x\n", iv)
        fmt.Printf("cipher text:\t%x\n", ciphertext)
        if _, err = of.Write(ciphertext); err != nil {
                return "", err
        }
        return outFilename, nil
}

func decryptFile(key []byte, filename string, outFilename string) (string, error) {
        if len(outFilename) == 0 {
                outFilename = filename + ".dec"
        }

        ciphertext, err := ioutil.ReadFile(filename)
        fmt.Printf("cipher text:\t%x\n", ciphertext)
        if err != nil {
                return "", err
        }

        of, err := os.Create(outFilename)
        if err != nil {
                return "", err
        }
        defer of.Close()

        block, err := aes.NewCipher(key)
        if err != nil {
                panic(err)
        }

        iv := ciphertext[:aes.BlockSize]
        ciphertext = ciphertext[aes.BlockSize:]
        fmt.Printf("cipher2 text:\t%x\n", ciphertext)
        fmt.Printf("iv:\t%x\n", iv)

        stream := cipher.NewCFBDecrypter(block, iv)

        stream.XORKeyStream(ciphertext, ciphertext)

        if _, err := of.Write(ciphertext); err != nil {
                return "", err
        }
        return outFilename, nil
}

func main() {
        var keyFlag string
        encFlag := flag.Bool("e", false, "encrypt")
        decFlag := flag.Bool("d", false, "decrypt")
        flag.StringVar(&keyFlag, "k", "password", "encrypt password")

        flag.Parse()
        filename := flag.Arg(0)

        key := sha256.Sum256([]byte(keyFlag))
        fmt.Println("use password", keyFlag)
        //fmt.Println(key)
        if *encFlag {
                outFilename, err := encryptFile(key[:], filename, "")
                if err != nil {
                        log.Fatal(err)
                }
                fmt.Println("Encrypted output file:", outFilename)
        } else if *decFlag {
                outFilename, err := decryptFile(key[:], filename, "")
                if err != nil {
                        log.Fatal(err)
                }
                fmt.Println("Decrypted output file:", outFilename)
        } else {
                fmt.Println(flag.Usage)
                os.Exit(1)
        }
}

btc/比特币确定性hd钱包bip32/bip39工具hd-wallet-derive使用

发布时间:April 21, 2020 // 分类: // No Comments

git clone https://github.com/dan-da/hd-wallet-derive.git
cd hd-wallet-derive
composer.phar install

生成bip39钱包,指定助记词数量24个,使用256位随机种子,结果包含b39 seed,助记词,主私钥root-key等。

hd-wallet-derive.php -g --gen-key --gen-words=24

使用主私钥生成path /m/0下的btc地址和私钥:

./hd-wallet-derive.php -g --key=xprv9s21ZrQH143K3mnXKMLng2WiMv8NHtk68CqTSA9Yb8TAeAdT4V3WdKFVnZBBpHejT6ascYfBWu8WvgVFK5VwoP6pk8iQGnW3aVhAZD7r9Cx --path=m/0 --cols=path,address,privkey  

使用助记词生成path /m/0下的btc地址和私钥:

./hd-wallet-derive.php -g --mnemonic="impose tiny skirt crowd scheme thumb episode flat pumpkin junior wonder manual split crane feed seat lady title seek betray next comfort mimic base" --path=m/0 --cols=path,address,privkey

也可使用内置的path,查看列表:

./hd-wallet-derive.php --help-presets

使用electrum preset,和上面使用path=m/0等效。

./hd-wallet-derive.php -g --key=xprv9s21ZrQH143K3mnXKMLng2WiMv8NHtk68CqTSA9Yb8TAeAdT4V3WdKFVnZBBpHejT6ascYfBWu8WvgVFK5VwoP6pk8iQGnW3aVhAZD7r9Cx --preset=electrum --cols=path,address,privkey
分类
最新文章
最近回复
  • 海运: LOG_LEVEL是配置文件变量,本文配置使用systemd启动在EnvironmentFil...
  • 1: 我源碼沒有任何修改,同樣編譯的在X86上可以正常運行。然後原封不動編譯aarch64就提示以上錯誤。
  • 海运: 你配置变量有问题?LOG_LEVEL? https://github.com/dani-gar...
  • 1: 能共享下发邮箱么,我这编译出来运行报错如下 /------------------------...
  • 海运: 正常运行
  • 1: thread 'main' panicked at 'Valid log level: Par...
  • 1: 請問你編譯的arm64可以正常運行麽,我按照您發的編譯出來報錯。
  • mr_yang: 求博主联系方式,有问题请教
  • 何立军: 海运,你好,很高兴浏览到你的网页,很有帮助,非常感谢,但是有网页加密,不知如何浏览。
  • mingyu wen: 写的让我豁然开朗,但请问这句什么意思:有状态的+无状态的,使用dhcpv6有状态分配地址,同时...
归档