收藏
回答

"加密后的证书内容”解密算法

你好,根据nodejs官网api文档:When using an authenticated encryption mode (GCMCCM and OCB are currently supported), the cipher.getAuthTag() method returns a Buffer containing the authentication tag that has been computed from the given data.采用gcm模式加密的数据,解密时需要一个身份验证数据, 这个身份验证是加密的时候生成, 但是微信没有提供这个身份验证, 只有associated_data, key, nonce和加密数据, 是否无法解密?

最后一次编辑于  04-26
回答关注问题邀请回答
收藏

3 个回答

  • Innocence
    Innocence
    07-02

    老哥解决了吗。。

    07-02
    赞同 1
    回复 3
    • Along
      Along
      08-05
      解决了
      08-05
      回复
    • Henry
      Henry
      08-09回复Along
      请问是怎么解决的?
      08-09
      回复
    • Along
      Along
      08-09回复Henry
      function(cipherText, key, iv, add) { cipherText = Buffer.from(cipherText, 'base64') let authTag = cipherText.slice(cipherText.length - 16) let data = cipherText.slice(0, cipherText.length - 16) let decipher = crypto.createDecipheriv('aes-256-gcm', key, iv) decipher.setAuthTag(authTag) decipher.setAAD(Buffer.from(add)) let decoded = decipher.update(data, null, 'utf8') decipher.final() return JSON.parse(decoded) }
      08-09
      1
      回复
  • 彭晓宇
    彭晓宇
    04-26

    加密使用的AEAD_AES_256_GCM,tag被附加到密文后了。参考rfc5116上写的



    5.1.  AEAD_AES_128_GCM

       An authentication tag with a length of 16 octets (128
       bits) is used.  The AEAD_AES_128_GCM ciphertext is formed by
       appending the authentication tag provided as an output to the GCM
       encryption operation to the ciphertext that is output by that
       operation.  

    (省略)

    5.2.  AEAD_AES_256_GCM

       This algorithm is identical to AEAD_AES_128_GCM, but with the
       following differences:
    
          K_LEN is 32 octets, instead of 16 octets, and
    
          AES-256 GCM is used instead of AES-128 GCM.




    所以,你有两种选择

    1. 自己手动分离ciphertext和authTag,然后按文档setAuthtag(),再final()

    2. 好像设置setAutoPadding(true)可以


    没有用过Node.js,只能帮到这里了

    04-26
    赞同 1
    回复 2
    • Along
      Along
      05-24

      谢谢

      05-24
      回复
    • Innocence
      Innocence
      07-04

      意思是 AES-256 的auth tag是最后32位吗?截取就行?

      07-04
      回复
  • Along
    Along
    04-26

    微信“加密后证书内容”解密算法https://pay.weixin.qq.com/wiki/doc/api/xiaowei.php?chapter=19_11nodejs官方文档:https://nodejs.org/docs/latest-v11.x/api/crypto.html#crypto_cipher_getauthtag


    04-26
    赞同
    回复