aes加密字符串 openssl,使用bash openssl的纯文本密钥的AES加密

I am trying to encrypt a string using AES CBC. The output of the online tool (http://aes.online-domain-tools.com/) and the bash openssl command do not match. Can anyone help me with what I am doing wrong?

key = 12345678912345678912345678912345

iv="e90e89a2277f4f3b6a2080d27f734266" #using the one generated by online tool

openssl enc -aes-256-cbc -in input.txt -out output.txt -K $key -iv $iv

EDIT - more info on the settings chosen on the site -

Input type - plain text

Function - AES

Mode - CBC

Key - (plain) - 12345678912345678912345678912345

Init Vector - e9 0e 89 a2 27 7f 4f 3b 6a 20 80 d2 7f 73 42 66

解决方案

Both

openssl aes-128-cbc -d -in odt-IV-e90e89a2277f4f3b6a2080d27f734266.dat -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad

and

openssl enc -aes-128-cbc -d -in odt-IV-e90e89a2277f4f3b6a2080d27f734266.dat -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad

work for me for the file generated by the online calculator using the following settings:

Input type: Text

Input(Plaintext): TESTTESTTESTTEST

Function: AES

Mode: CBC

Key(HEX): 12345678912345678912345678912345

Init. vector: e90e89a2277f4f3b6a2080d27f734266

Operation: ENCRYPT

EDIT:

I confirmed that the online tool does zero padding, but openssl expects PKCS#5 (also known as PKCS#7) padding:

All the block ciphers normally use PKCS#5 padding also known as

standard block padding: this allows a rudimentary integrity or

password check to be performed. However since the chance of random

data passing the test is better than 1 in 256 it isn't a very good

test.

So the following argument is needed:

-nopad disable standard block padding

See e.g. here.

Beware that your output plaintext will have up to 15 extra binary zero bytes (\x00)

EDIT2:

(I am sorry I misunderstood the question, thought you wanted to check the result of the online tool)

To perform the same operation as the online tool:

echo -n "TESTTESTTESTTEST" | openssl aes-128-cbc -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-1.dat

This one uses echo -n to feed the input data. If you are not working on a system capable of this, you will have to prepare a file input.txt, which contains the string TESTTESTTESTTEST (please do check that its length is 16 bytes -- i.e. no newline at the end). Then use the -in input.txt option:

openssl aes-128-cbc -in input.txt -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-2.dat

When the message is not block-size aligned (i.e. its length is not divisible by 16 without a remainder) you have to apply zero padding (append to end that many binary zeroes, to make it block-aligned).

So to encrypt the string "TESTTESTTEST" (its length is 12, you must add 4 binary zeroes to block-align it to 16):

echo -ne "TESTTESTTEST\x00\x00\x00\x00" | openssl aes-128-cbc -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-3.dat

(The -e in echo enables interpretation of backslash escapes for the \x00 to work)

EDIT3(bonus one):

To perform the zero padding using shell:

input="TESTTESTTEST"

( echo -n "${input}" ; head -c 15 /dev/zero ) | head -c "$((((${#input}+15)/16)*16))" | openssl aes-128-cbc -e -K "12345678912345678912345678912345" -iv "e90e89a2277f4f3b6a2080d27f734266" -nopad > odt-IV-e90e89a2277f4f3b6a2080d27f734266-4.dat