OpenSSL::Cipher::CipherError:github CI 上不受支持

问题描述 投票:0回答:1

我正在尝试用快速对称算法加密一个短字符串(安全性并不重要)。我只需要短的加密字符串。

def encrypt(msg)
  KEY = "346x4".freeze
  ALGORITHM = "rc2-40-cbc".freeze
  cipher = OpenSSL::Cipher.new(ALGORITHM)
  cipher.encrypt 
  cipher.key = KEY
  crypt = cipher.update(msg.to_s) + cipher.final
  crypt_string = Base64.encode64(crypt)
  crypt_string.rstrip
end

这适用于开发,但在 Github CI 上失败并出现错误:

OpenSSL::Cipher::CipherError: unsupported

我跑了(在 Github CI 上):

OpenSSL::Cipher.ciphers

并获得支持的算法列表:

["aes-128-cbc","aes-128-cbc-hmac-sha1","aes-128-cbc-hmac-sha256","aes-128-ccm","aes-128-cfb","aes-128-cfb1","aes-128-cfb8","aes-128-ctr","aes-128-ecb","aes-128-gcm","aes-128-ocb","aes-128-ofb","aes-128-xts","aes-192-cbc","aes-192-ccm","aes-192-cfb","aes-192-cfb1","aes-192-cfb8","aes-192-ctr","aes-192-ecb","aes-192-gcm","aes-192-ocb","aes-192-ofb","aes-256-cbc","aes-256-cbc-hmac-sha1","aes-256-cbc-hmac-sha256","aes-256-ccm","aes-256-cfb","aes-256-cfb1","aes-256-cfb8","aes-256-ctr","aes-256-ecb","aes-256-gcm","aes-256-ocb","aes-256-ofb","aes-256-xts","aes128","aes128-wrap","aes192","aes192-wrap","aes256","aes256-wrap","aria-128-cbc","aria-128-ccm","aria-128-cfb","aria-128-cfb1","aria-128-cfb8","aria-128-ctr","aria-128-ecb","aria-128-gcm","aria-128-ofb","aria-192-cbc","aria-192-ccm","aria-192-cfb","aria-192-cfb1","aria-192-cfb8","aria-192-ctr","aria-192-ecb","aria-192-gcm","aria-192-ofb","aria-256-cbc","aria-256-ccm","aria-256-cfb","aria-256-cfb1","aria-256-cfb8","aria-256-ctr","aria-256-ecb","aria-256-gcm","aria-256-ofb","aria128","aria192","aria256","bf","bf-cbc","bf-cfb","bf-ecb","bf-ofb","blowfish","camellia-128-cbc","camellia-128-cfb","camellia-128-cfb1","camellia-128-cfb8","camellia-128-ctr","camellia-128-ecb","camellia-128-ofb","camellia-192-cbc","camellia-192-cfb","camellia-192-cfb1","camellia-192-cfb8","camellia-192-ctr","camellia-192-ecb","camellia-192-ofb","camellia-256-cbc","camellia-256-cfb","camellia-256-cfb1","camellia-256-cfb8","camellia-256-ctr","camellia-256-ecb","camellia-256-ofb","camellia128","camellia192","camellia256","cast","cast-cbc","cast5-cbc","cast5-cfb","cast5-ecb","cast5-ofb","chacha20","chacha20-poly1305","des","des-cbc","des-cfb","des-cfb1","des-cfb8","des-ecb","des-ede","des-ede-cbc","des-ede-cfb","des-ede-ecb","des-ede-ofb","des-ede3","des-ede3-cbc","des-ede3-cfb","des-ede3-cfb1","des-ede3-cfb8","des-ede3-ecb","des-ede3-ofb","des-ofb","des3","des3-wrap","desx","desx-cbc","id-aes128-CCM","id-aes128-GCM","id-aes128-wrap","id-aes128-wrap-pad","id-aes192-CCM","id-aes192-GCM","id-aes192-wrap","id-aes192-wrap-pad","id-aes256-CCM","id-aes256-GCM","id-aes256-wrap","id-aes256-wrap-pad","id-smime-alg-CMS3DESwrap","rc2","rc2-128","rc2-40","rc2-40-cbc","rc2-64","rc2-64-cbc","rc2-cbc","rc2-cfb","rc2-ecb","rc2-ofb","rc4","rc4-40","rc4-hmac-md5","seed","seed-cbc","seed-cfb","seed-ecb","seed-ofb","sm4","sm4-cbc","sm4-cfb","sm4-ctr","sm4-ecb","sm4-ofb"]

列表包括

rc2-40-cbc
。为什么会抛出异常?

ruby github ssl openssl aes
1个回答
0
投票

在现代版本的 Ubuntu 上,有一个旧版提供程序包含过时的算法。具有 40 位密钥的 RC2 被认为已经过时,因为美国已经不再实行需要此类弱密钥的出口管制,而且十多年来也没有这样做。因此,这些算法的用处极小,因为有更安全、更快的算法可用。

在带有 OpenSSL 3.0 的 Ruby 3.3 上,您可以加载旧提供程序以使用此算法:

ruby -r openssl -e 'OpenSSL::Provider.load("legacy")'

否则,您需要修改系统OpenSSL配置文件。

请注意,在任何情况下,您都必须为每个 CBC 加密拥有一个唯一且不可预测的 IV,而您没有该 IV,否则就没有任何安全性。这将至少为数据长度添加 64 位。一般来说,除 ECB 之外的每种模式都需要某种 IV,您必须包含该 IV,并且该 IV 必须是唯一的。

如果您的目标只是将短字符串转换为不可逆字符串,则不需要解密,并且可以处理重复的可能性,您可以简单地选择使用像 SHA-256 这样的哈希函数并将其截断为您的所需的长度。 SHA-256 可在现代机器的硬件中使用,并且速度非常快。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.