文章/答案/技术大牛

发布

社区首页 >问答首页 >使用AES-128/PKCS-1#rsaes-kem-kdf2-kw- encryptedKey 128解密Soap xml会话密钥

问使用AES-128/PKCS-1#rsaes-kem-kdf2-kw- encryptedKey 128解密Soap xml会话密钥
EN

Stack Overflow用户

提问于 2021-06-11 18:14:58

回答 1查看 213关注 0票数 0

我熟悉密码学，我对加密算法的工作原理有基本的了解，比如RSA，AES等等。我有一个用AES和RSA加密的XML响应。我尝试使用OpenSSL解密几个步骤，但我很确定我遗漏了或者没有正确的术语。

我已经仔细地遵循了这个步骤，如何使用openssl手动解密SOAP消息？

    <roap:protectedRO xmlns:roap="urn:oma:bac:dldrm:roap-1.0">
        <roap:ro id="a7b226f223a7b22757365724964223a2232313532333738222c226d65726368616e74223a2269726f6b6f222c2273657373696f6e4964223a2265794a68624763694f694a49557a49314e694973496e523563434936496b705856434a392e65794a6b5a585a7059325666615751694f694a6b51584d3163544a355a46647964794973496d5634634349364d5459794e7a55334d4467794d53776961574630496a6f784e6a49794d7a67324f4449784c434a7063334d694f694a70636d3972623352324c6d4e7662534973496d703061534936496c526a5556525163315661516c5a4d656d52546231465a51334661646a5979526a5a32656e6c77643235364969776963324e76634755694f694a7462324a70624755694c434a7a645749694f6a49784e54497a4e7a68392e426637695649416d69796d694f676e70774467336b3548356372624878615f476d586b53732d3537496845227d2c226964223a7b2274223a2261222c22614964223a2269726f6b6f74763a636f6e74656e743a39393439227d7d" stateful="true" version="1.1">
            <riID>
                <keyIdentifier xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xsi:type="roap:X509SPKIHash">
                    <hash>od6D5p9bah7N0kyo9JrscpOdK2I=</hash>
                </keyIdentifier>
            </riID>
            <rights xmlns:o-ex="http://odrl.net/1.1/ODRL-EX" o-ex:id="REL0">
                <o-ex:context>
                    <o-dd:version xmlns:o-dd="http://odrl.net/1.1/ODRL-DD">2.1</o-dd:version>
                    <o-dd:uid xmlns:o-dd="http://odrl.net/1.1/ODRL-DD">a7b226f223a7b22757365724964223a2232313532333738222c226d65726368616e74223a2269726f6b6f222c2273657373696f6e4964223a2265794a68624763694f694a49557a49314e694973496e523563434936496b705856434a392e65794a6b5a585a7059325666615751694f694a6b51584d3163544a355a46647964794973496d5634634349364d5459794e7a55334d4467794d53776961574630496a6f784e6a49794d7a67324f4449784c434a7063334d694f694a70636d3972623352324c6d4e7662534973496d703061534936496c526a5556525163315661516c5a4d656d52546231465a51334661646a5979526a5a32656e6c77643235364969776963324e76634755694f694a7462324a70624755694c434a7a645749694f6a49784e54497a4e7a68392e426637695649416d69796d694f676e70774467336b3548356372624878615f476d586b53732d3537496845227d2c226964223a7b2274223a2261222c22614964223a2269726f6b6f74763a636f6e74656e743a39393439227d7d</o-dd:uid>
                </o-ex:context>
                <o-ex:agreement>
                    <o-ex:asset o-ex:id="Audio-Video Key 44fdf37e4b4a4f0380ff5fd7eef1931e">
                        <o-ex:context>
                            <o-dd:uid xmlns:o-dd="http://odrl.net/1.1/ODRL-DD">irtv:content:9949</o-dd:uid>
                        </o-ex:context>
                        <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                            <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"></xenc:EncryptionMethod>
                                <ds:KeyInfo>
                                    <ds:RetrievalMethod URI="#K_MAC_and_K_REK0"></ds:RetrievalMethod>
                                </ds:KeyInfo>
                                <xenc:CipherData>
                                    <xenc:CipherValue>JBg2eP8QUAVX8ZFPfwEccOlMRw7A9yPZ</xenc:CipherValue>
                                </xenc:CipherData>
                            </xenc:EncryptedKey>
                        </ds:KeyInfo>
                    </o-ex:asset>
                    <o-ex:permission>
                        <o-dd:play xmlns:o-dd="http://odrl.net/1.1/ODRL-DD">
                            <o-ex:constraint>
                                <o-dd:datetime>
                                    <o-dd:end>2021-07-03T17:01:54Z</o-dd:end>
                                </o-dd:datetime>
                                <o-dd:interval>P30D</o-dd:interval>
                                <oma-dd:system xmlns:oma-dd="http://www.openmobilealliance.com/oma-dd">
                                    <o-ex:context>
                                        <o-dd:uid>urn:oma:drms:org-cmla:std-def-analog-outputs</o-dd:uid>
                                    </o-ex:context>
                                    <o-ex:context>
                                        <o-dd:uid>urn:oma:drms:org-cmla:dtcp-ip</o-dd:uid>
                                    </o-ex:context>
                                    <o-ex:context>
                                        <o-dd:uid>urn:oma:drms:org-cmla:hdcp</o-dd:uid>
                                    </o-ex:context>
                                </oma-dd:system>
                            </o-ex:constraint>
                        </o-dd:play>
                    </o-ex:permission>
                </o-ex:agreement>
            </rights>
            <timeStamp>2021-06-03T17:01:53Z</timeStamp>
            <encKey Id="K_MAC_and_K_REK0">
                <xenc:EncryptionMethod xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Algorithm="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-1#rsaes-kem-kdf2-kw-aes128"></xenc:EncryptionMethod>
                <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                    <roap:X509SPKIHash algorithm="http://www.w3.org/2000/09/xmldsig#sha1">
                        <hash>DEywldzT1VizGN50Qr0aY0bIq2I=</hash>
                    </roap:X509SPKIHash>
                </ds:KeyInfo>
                <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:CipherValue>qA0lFn4+c8a8s7gzcscwJSafHOsn3DdSTc+lCCCFI0PiuYmTrjyughZgpnbpT1c4aySC0tggm3doklx6pYZrJQCO5uiFiDHs6ILNAIYyrAnD02hWqq6MENMRRSX937p6XQMznUiOiKocRouGPZYrTVOEt1db3Jyo2L89/hAcJGDUxmAo1H0OThgJx+IKi8uS6BOHCB6ODrlW41XGr2mtxz1wbJovCskk6fe4OooHzp8TgVjJpp+6dsoae2pjSnIcBZTYAFiGyWKEtfMC2FgUzAb+eyqBniG95i8S2OQfruL3ZmNMb0GTVCWsUAXk41P3t0OfvPXRwRcCl3b1kCbpLuT0fikOg9zkF3Y4hlDL0OfHVJhkeNsdGZAKxFQ3EbOd8cQe/K2QqrY=</xenc:CipherValue>
                </xenc:CipherData>
            </encKey>
        </roap:ro>
        <mac>
            <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"></ds:SignatureMethod>
                <ds:Reference URI="#a7b226f223a7b22757365724964223a2232313532333738222c226d65726368616e74223a2269726f6b6f222c2273657373696f6e4964223a2265794a68624763694f694a49557a49314e694973496e523563434936496b705856434a392e65794a6b5a585a7059325666615751694f694a6b51584d3163544a355a46647964794973496d5634634349364d5459794e7a55334d4467794d53776961574630496a6f784e6a49794d7a67324f4449784c434a7063334d694f694a70636d3972623352324c6d4e7662534973496d703061534936496c526a5556525163315661516c5a4d656d52546231465a51334661646a5979526a5a32656e6c77643235364969776963324e76634755694f694a7462324a70624755694c434a7a645749694f6a49784e54497a4e7a68392e426637695649416d69796d694f676e70774467336b3548356372624878615f476d586b53732d3537496845227d2c226964223a7b2274223a2261222c22614964223a2269726f6b6f74763a636f6e74656e743a39393439227d7d">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
                    <ds:DigestValue>s3CI9fuxdHH5+SgrMVwz8308a6c=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">W05fEpR97uV4HPCh7J8FgArnL6g=</ds:SignatureValue>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:RetrievalMethod URI="#K_MAC_and_K_REK0"></ds:RetrievalMethod>
            </ds:KeyInfo>
        </mac>
    </roap:protectedRO>

cenc:pssh从Mpd派生

<WRMHEADER xmlns="http://schemas.microsoft.com/DRM/2007/03/PlayReadyHeader" version="4.0.0.0">
  <DATA>
    <PROTECTINFO>
      <KEYLEN>16</KEYLEN>
      <ALGID>AESCTR</ALGID>
    </PROTECTINFO>
    <KID>.....g+nAeyaw==</KID>
    <LA_URL>https://lic.drmtoday.com/license-proxy-headerauth/drmtoday/RightsManager.asmx</LA_URL>
    <LUI_URL>http://...com</LUI_URL>
    <CHECKSUM>....QzCsg=</CHECKSUM>
  </DATA>
</WRMHEADER>

因此，据我所知，主体，EncKey密码值，已经被加密在aes-128对称，然后会话密钥进行这种加密已经用我的公钥不对称或基于密码的加密。最好解释一下https://www.ibm.com/docs/en/zos/2.1.0?topic=openpgp-understanding-session-keys-data-encryption

我的问题是如何手动解密？

--我尝试使用Openssl进行以下操作

将加密的会话密钥复制到文件中，并由base64同时解码。

echo JBg2eP8QUAVX8ZFPfwEccOlMRw7A9yPZ | openssl base64 -d
$↑6x ►P♣W±æO⌂☺∟pΘLG♫└≈#┘

echo JBg2eP8QUAVX8ZFPfwEccOlMRw7A9yPZ | openssl base64 -d > sessionkey.enc

使用OpenSSL和my私钥以pem格式解密会话密钥

openssl rsautl -decrypt -inkey private.pem -raw -in sessionkey.dec -out top_secret.txt

OutputTxt XZmppvpE?usp=sharing会话密钥=> EncryptedKey，不是使用我的公钥加密，就是使用密码库加密

我尝试使用Openssl解密密码，但得到了错误的幻数。

openssl enc -aes-128-ctr -d -in sessionkey.enc -out file.txt

不知道密码有坏的魔法号

XZmppvpE?usp=sharing

encryption

openssl

aes

rsa

回答 1

Stack Overflow用户

发布于 2021-06-12 04:13:12

您的SOAP消息指示用于加密密钥的算法是kw-aes128，该算法使用了NIST的AES 键包装算法。您需要使用-id-aes128-wrap而不是-aes-128-ctr来解密它。

票数 0

页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持

原文链接：

https://stackoverflow.com/questions/68405532

复制

相似问题

问使用AES-128/PKCS-1#rsaes-kem-kdf2-kw- encryptedKey 128解密Soap xml会话密钥
EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问使用AES-128/PKCS-1#rsaes-kem-kdf2-kw- encryptedKey 128解密Soap xml会话密钥EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问使用AES-128/PKCS-1#rsaes-kem-kdf2-kw- encryptedKey 128解密Soap xml会话密钥
EN