from: http://www.lovelucy.info/openssl-aes-encryption.html
AES是一套对称密钥的密码术,目前已广泛使用,用于替代已经不够安全的DES算法 。所谓对称密钥,就是说加密和解密用的是同一个密钥,消息的发送方和接收方在消息传递前需要享有这个密钥。和非对称密钥体系不同,这里的密钥是双方保密的,不会让任何第三方知道。
对称密钥加密法主要基于块加密,选取固定长度的密钥,去加密明文中固定长度的块,生成的密文块与明文块长度一样。显然密钥长度十分重要,块的长度也很重要。如果太短,则很容易枚举出所有的明文-密文映射;如果太长,性能则会急剧下降。AES中规定块长度为128 bit,而密钥长度可以选择128, 192或256 bit 。暴力破解密钥需要万亿年,这保证了AES的安全性。
AES的算法较为复杂,在此不细加阐述。下面是使用openssl进行AES加密和解密的示例程序:
#include <stdio.h> #include <string.h> #include <stdlib.h> #include <openssl/aes.h> int main( int argc, char ** argv) { AES_KEY aes; unsigned char key[AES_BLOCK_SIZE]; unsigned char iv[AES_BLOCK_SIZE]; unsigned char * input_string; unsigned char * encrypt_string; unsigned char * decrypt_string; unsigned int len; unsigned int i; if (argc != 2) { fprintf(stderr, "%s <plain text>\n" , argv[0]); exit(-1); } len = 0; if ((strlen(argv[1]) + 1) % AES_BLOCK_SIZE == 0) { len = strlen(argv[1]) + 1; } else { len = ((strlen(argv[1]) + 1) / AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE; } input_string = (unsigned char *)calloc(len, sizeof (unsigned char )); if (input_string == NULL) { fprintf(stderr, "Unable to allocate memory for input_string\n" ); exit(-1); } strncpy((char *)input_string, argv[1], strlen(argv[1])); for (i=0; i<16; ++i) { key[i] = 32 + i; } for (i=0; i<AES_BLOCK_SIZE; ++i) { iv[i] = 0; } if (AES_set_encrypt_key(key, 128, &aes) < 0) { fprintf(stderr, "Unable to set encryption key in AES\n" ); exit(-1); } encrypt_string = (unsigned char *)calloc(len, sizeof (unsigned char )); if (encrypt_string == NULL) { fprintf(stderr, "Unable to allocate memory for encrypt_string\n" ); exit(-1); } AES_cbc_encrypt(input_string, encrypt_string, len, &aes, iv, AES_ENCRYPT); decrypt_string = (unsigned char *)calloc(len, sizeof (unsigned char )); if (decrypt_string == NULL) { fprintf(stderr, "Unable to allocate memory for decrypt_string\n" ); exit(-1); } for (i=0; i<AES_BLOCK_SIZE; ++i) { iv[i] = 0; } if (AES_set_decrypt_key(key, 128, &aes) < 0) { fprintf(stderr, "Unable to set decryption key in AES\n" ); exit(-1); } AES_cbc_encrypt(encrypt_string, decrypt_string, len, &aes, iv, AES_DECRYPT); printf("input_string = %s\n" , input_string); printf("encrypted string = " ); for (i=0; i<len; ++i) { printf("%x%x" , (encrypt_string[i] >> 4) & 0xf, encrypt_string[i] & 0xf); } printf("\n" ); printf("decrypted string = %s\n" , decrypt_string); return 0; }
编译Makefile:
CC=g++ CFLAGS=-Wall -g -O2 LIBS=-lcrypto all: aes aes: aes.cc $(CC) $(CFLAGS) aes.cc -o $@ $(LIBS) clean: @rm -f aes