我可以帮您翻译以下内容,涉及IT技术相关:
最初的回答:
我一直在尝试使用AES 256与GCM在Javascript中进行加密,并在Elixir中进行解密。我从这里和那里借鉴了一些例子,得出了以下结论。
Javascript中的加密
"Original Answer" 翻译成中文为 "最初的回答"const _crypto = require('crypto');
function encrypt(message, secret) {
// random initialization vector
const iv = _crypto.randomBytes(16);
// extract the auth tag
const cipher = _crypto.createCipheriv('aes-256-gcm', secret, iv);
// encrypt the given text
const encrypted = Buffer.concat([cipher.update(message, 'utf8'), cipher.final()]);
// extract the auth tag
const tag = cipher.getAuthTag();
const encrypted_message = Buffer.concat([iv, tag, encrypted]).toString('base64');
return encrypted_message;
}
const secret = _crypto.randomBytes(32);
encrypt("secret message", secret);
Decryption in Elixir
def decrypt(encrypted_message, secret) do
secret_key = :base64.decode(secret)
ciphertext = :base64.decode(encrypted_message)
<<iv::binary-16, tag::binary-16, ciphertext::binary>> = ciphertext
:crypto.block_decrypt(:aes_gcm, secret_key, iv, {"AES256GCM", ciphertext, tag})
end
# secret would be the secret from javascript encoded in base64
decrypt(encrypted_message, secret)
我的Elixir端结果一直是:error
。我有一种感觉,那就是它与编码和解码有关,但我似乎找不到出了什么问题。
如果有人能指导我正确的方向,将不胜感激。
谢谢!
更新后的工作版本
对于那些打算使用相同语言的人:
Javascript加密
const _crypto = require('crypto');
function encrypt(message, secret) {
// random initialization vector
const iv = _crypto.randomBytes(16);
// extract the auth tag
const cipher = _crypto.createCipheriv('aes-256-gcm', secret, iv);
// add the following line if you want to include "AES256GCM" on the elixir side
// cipher.setAAD(Buffer.from("AES256GCM", 'utf8'));
// encrypt the given text
const encrypted = Buffer.concat([cipher.update(message, 'utf8'), cipher.final()]);
// extract the auth tag
const tag = cipher.getAuthTag();
const encrypted_message = Buffer.concat([iv, tag, encrypted]).toString('base64');
return encrypted_message;
}
const secret = _crypto.randomBytes(32);
encrypt("secret message", secret);
最初的回答:
解密Elixir
def decrypt(encrypted_message, secret) do
secret_key = :base64.decode(secret)
ciphertext = :base64.decode(encrypted_message)
<<iv::binary-16, tag::binary-16, ciphertext::binary>> = ciphertext
// make sure _AAD is an empty string "" if you didn't set it during encryption
:crypto.block_decrypt(:aes_gcm, secret_key, iv, {_AAD, ciphertext, tag})
// otherwise, you would need to set _AAD to whatever you set during encryption, using "AES256GCM" as example
// Note: AAD (Associated Authenticated Data) can be whatever string you want to my knowledge, just to make sure you have the same in both encryption and decryption process
// :crypto.block_decrypt(:aes_gcm, secret_key, iv, {"AES256GCM", ciphertext, tag})
end
# secret would be the secret from javascript encoded in base64
decrypt(encrypted_message, secret)
aes-256-gcm
相对应。非常感谢! - undefined