海运的博客

php openssl chacha20加密

发布时间:May 3, 2020 // 分类: // No Comments

ietf版chacha20 nonce为12字节,openssl_encrypt传递iv参数最低16字节,将nonce前面以\0补充到16字节。

<?php
$key = hash('sha256', "pass", true);
$nonce = random_bytes(12);
$msg = "message";
$cipher_str = openssl_encrypt($msg, 'chacha20', $key, OPENSSL_NO_PADDING, "\0\0\0\0".$nonce);
echo "cipher hex: " . bin2hex($cipher_str) . PHP_EOL;
$plain_str = openssl_decrypt($cipher_str, 'chacha20', $key, OPENSSL_NO_PADDING, "\0\0\0\0".$nonce);
echo "plain text: ".$plain_str.PHP_EOL;

golang XChaCha20/ChaCha20/XChaCha20-Poly1305/ChaCha20-Poly1305加密

发布时间:May 2, 2020 // 分类: // No Comments

ChaCha20和XChaCha20,NewUnauthenticatedCipher传入nonce值为12字节时使用ChaCha20,24字节时使用XChaCha20加密方法:

package main

import (
        "crypto/sha256"
        "fmt"
        "io"
        "crypto/rand"
        //"encoding/hex"
        "golang.org/x/crypto/chacha20"
)

func main() {

        pass := "Hello"
        msg := []byte("Pass")
        //msg, _ := hex.DecodeString("e07a6838")

        key := sha256.Sum256([]byte(pass))

        //nonce := make([]byte, chacha20.NonceSize)
        nonce := make([]byte, chacha20.NonceSizeX)
        if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
                panic(err.Error())
        }

        cip, _ := chacha20.NewUnauthenticatedCipher(key[:], nonce)
        ciphertext := make([]byte, len(msg))
        plaintext  := make([]byte, len(msg))
        cip.XORKeyStream(ciphertext, msg)

        cip2, _ := chacha20.NewUnauthenticatedCipher(key[:], nonce)
        cip2.XORKeyStream(plaintext, ciphertext)

        fmt.Printf("Message:\t%s\n", msg)
        fmt.Printf("Passphrase:\t%s\n", pass)
        fmt.Printf("Key:\t%x\n", key)
        fmt.Printf("Nonce:\t%x\n", nonce)
        fmt.Printf("Cipher stream:\t%x\n", ciphertext)
        fmt.Printf("Plain text:\t%s\n", plaintext)

}

XChaCha20-Poly1305和ChaCha20-Poly1305加密,分别调用NewX和New初始化,nonce同上ChaCha20和XChaCha20的大小。

package main

import (
        "crypto/rand"
        "crypto/sha256"
        "fmt"
        "golang.org/x/crypto/chacha20poly1305"
        "io"
)

func main() {

        pass := "Hello"
        msg := "Pass"

        key := sha256.Sum256([]byte(pass))
        //aead, _ := chacha20poly1305.NewX(key[:])
        aead, _ := chacha20poly1305.New(key[:])

        //nonce := make([]byte, chacha20poly1305.NonceSizeX)
        nonce := make([]byte, chacha20poly1305.NonceSize)
        if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
                panic(err.Error())
        }

        ciphertext := aead.Seal(nil, nonce, []byte(msg), nil)
        plaintext, _ := aead.Open(nil, nonce, ciphertext, nil)

        fmt.Printf("Message:\t%s\n", msg)
        fmt.Printf("Passphrase:\t%s\n", pass)
        fmt.Printf("Key:\t%x\n", key)
        fmt.Printf("Nonce:\t%x\n", nonce)
        fmt.Printf("Cipher stream:\t%x\n", ciphertext)
        fmt.Printf("Plain text:\t%s\n", plaintext)

}
分类
最新文章
最近回复
  • spartan2: https://dashboard.hcaptcha.com/welcome_accessib...
  • 海运: 应该能,在购买页面先手工跳过cf机器验证,后续一定时间内不更换ip应该不会再次验证。
  • spartan: 大佬斯巴达开启了CF的机器识别验证,请问插件能自动跳过吗? 另外这个脚本有没有简单使用说明,新...
  • vincent: 膜拜大佬
  • 海运: proxy-header或proxy_protocol
  • liangjw: 如果是 内部调用 或者 中间存在 代理 而上一个代理又在内网 ,那怎么处理来自代理私有IP?
  • chainofhonor: 感谢,用dnsmasq设置自动判断BIOS和UEFI成功了
  • 海运: 不好意思,这个是很多年前的,现在也许已经不适用,我现在也不用多线了。
  • CQ: -m state --state NEW 替换成-m conntrack --ctstate NEW
  • CQ: 你好,我入站已经成功分流,但是不知道出站怎么设置,PREROUTING替换成POSTROUTI...