2021年6月

“欲速则不达,见小利则大事不成。”

高级加密标准(英语:Advanced Encryption Standard,缩写:AES),又称Rijndael加密法,是美国联邦政府采用的一种区块加密标准。这个标准用来替代原先的DES,已经被多方分析且广为全世界所使用。经过五年的甄选流程,高级加密标准由美国国家标准与技术研究院(NIST)于2001年11月26日发布于FIPS PUB 197,并在2002年5月26日成为有效的标准。现在,高级加密标准已然成为对称密钥加密中最流行的算法之一。
aes-192密钥的长度为24字节,aes-256密钥的长度为32字节,aes-128密码的长度为16字节。aes-ccm需要key,nonce,adata,另外aes-gcm不需要填充。
GCM ( Galois/Counter Mode) 指的是该对称加密采用Counter模式,并带有GMAC消息认证码。
aes-gcm 在线加密工具:https://const.net.cn/tool/aes/aes-gcm/
代码:

package main

import (
    "bytes"
    "crypto/aes"
    "crypto/cipher"
    "crypto/md5"
    "fmt"
)

func main() {
    fmt.Println("go crypto aes-256-gcm demo/example.")
    message := []byte("https://const.net.cn/ aes-256-gcm test vectors.")
    //指定密钥h
    key := []byte("12345678123456781234567812345678")
    fmt.Printf("key.size = %d\n", len(key))
    //加密
    cipherText := AES_GCM_Encrypt(message, key)
    fmt.Printf("加密后:%x len = %d\n", cipherText, len(cipherText))
    fmt.Printf("MD5后为:%x\n", md5.Sum(cipherText))
    //解密
    plainText := AES_GCM_Decrypt(cipherText, key)
    fmt.Println("解密后为:", string(plainText))
}

//AES加密(GCM模式)
func AES_GCM_Encrypt(plainText []byte, key []byte) []byte {
    //指定加密算法,返回一个AES算法的Block接口对象
    block, err := aes.NewCipher(key)
    if err != nil {
        panic(err)
    }
    //指定初始向量vi,长度为12
    iv := []byte("123456781234")
    additionalData := []byte("12345678")
    //指定分组模式,返回一个BlockMode接口对象
    blockMode, _ := cipher.NewGCMWithNonceSize(block, len(iv))
    //blockMode, _ := cipher.NewGCM(block)
    //加密连续
    cipherText := make([]byte, len(plainText))
    cipherText = blockMode.Seal(cipherText[:0], iv, plainText, additionalData)
    //返回密文
    return cipherText
}

//AES解密(GCM模式)
func AES_GCM_Decrypt(cipherText []byte, key []byte) []byte {
    //指定解密算法,返回一个AES算法的Block接口对象
    block, err := aes.NewCipher(key)
    if err != nil {
        panic(err)
    }
    //指定初始化向量IV,和加密的一致
    iv := []byte("123456781234")
    additionalData := []byte("12345678")
    //指定分组模式,返回一个BlockMode接口对象
    blockMode, _ := cipher.NewGCMWithNonceSize(block, len(iv))
    //解密
    plainText := make([]byte, len(cipherText))
    plainText, _ = blockMode.Open(plainText[:0], iv, cipherText, additionalData)

    return plainText
}

输出:

go run .
go crypto aes-256-gcm demo/example.
key.size = 32
加密后:e256d43a63f05a71c64a3c20ecd1cf579acbb1f7463a15b5c0c72ea4c78139d6b67bb344c1595d6ba24e9e6398193b887e85677cbdde78218b5bccd96532d5 len = 63
MD5后为:8874a42e73b2df1f8831e4710c7f8744
解密后为: https://const.net.cn/ aes-256-gcm test vectors.


echo -n "https://const.net.cn" > openssl_test.txt
echo -n "https://const.net.cn" | openssl dgst -md5

(stdin)= 682d2c63236af6e721794b2988fc1d44

md5sum openssl_test.txt

682d2c63236af6e721794b2988fc1d44 openssl_test.txt

openssl dgst -md5 openssl_test.txt

MD5(openssl_test.txt)= 682d2c63236af6e721794b2988fc1d44

openssl dgst -md5 -c openssl_test.txt

MD5(openssl_test.txt)= 68:2d:2c:63:23:6a:f6:e7:21:79:4b:29:88:fc:1d:44

openssl dgst -md5 -r openssl_test.txt

682d2c63236af6e721794b2988fc1d44 *openssl_test.txt

openssl dgst -md5 -r *.txt

682d2c63236af6e721794b2988fc1d44 *openssl_test.txt

openssl dgst -md5 -r *

682d2c63236af6e721794b2988fc1d44 *openssl_test.txt

openssl dgst -md5 -r * > openssl_test.md5
cat openssl_test.md5

682d2c63236af6e721794b2988fc1d44 *openssl_test.txt

openssl dgst -md5 -c  *

MD5(openssl_test.md5)= f8:ca:f5:9a:35:44:19:c3:95:17:c4:19:47:40:8b:d2
MD5(openssl_test.txt)= 68:2d:2c:63:23:6a:f6:e7:21:79:4b:29:88:fc:1d:44

openssl md5 -c *

MD5(openssl_test.md5)= f8:ca:f5:9a:35:44:19:c3:95:17:c4:19:47:40:8b:d2
MD5(openssl_test.txt)= 68:2d:2c:63:23:6a:f6:e7:21:79:4b:29:88:fc:1d:44

BLAKE和BLAKE2是基于丹尼尔·J·伯恩斯坦ChaCha流密码的密码散列函数。与SHA-2一样,有两种不同字大小的变体。BLAKE-256和BLAKE-224使用32位字,分别产生256位和224位的摘要大小,而BLAKE-512和BLAKE-384分别使用64位字,产生512位和384位的摘要大小。在64位的x64和ARM体系结构上运行时,BLAKE2b比SHA-3,SHA-2,SHA-1和MD5更快。BLAKE2的安全性提供类似于SHA-3,优于SHA-2:免疫长度扩展攻击,来自随机预言机的无差异性等。BLAKE的改进版本BLAKE2于2012年12月21日宣布推出。BLAKE3于2020年1月9日宣布推出。

openssl dgst -list

Supported digests:
-blake2b512 -blake2s256 -md4
-md5 -md5-sha1 -ripemd
-ripemd160 -rmd160 -sha1
-sha224 -sha256 -sha3-224
-sha3-256 -sha3-384 -sha3-512
-sha384 -sha512 -sha512-224
-sha512-256 -shake128 -shake256
-sm3 -ssl3-md5 -ssl3-sha1
-whirlpool

openssl dgst -blake2b512 可以简写为 openssl blake2b512,openssl BLAKE2b512

echo -n "https://const.net.cn" > openssl_test.txt 
openssl dgst -blake2b512 openssl_test.txt

BLAKE2b512(openssl_test.txt)= 701fd7a8c7104bd71497d3f4d9cbaa82b392aa132dbddc02e323243a60363bb9dbd3d4ae597f9ec862695d52ab85066df22d9c4aca04df11fd9dfe4e2542ab3e

openssl dgst -blake2b512 -c openssl_test.txt

BLAKE2b512(openssl_test.txt)= 70:1f:d7:a8:c7:10:4b:d7:14:97:d3:f4:d9:cb:aa:82:b3:92:aa:13:2d:bd:dc:02:e3:23:24:3a:60:36:3b:b9:db:d3:d4:ae:59:7f:9e:c8:62:69:5d:52:ab:85:06:6d:f2:2d:9c:4a:ca:04:df:11:fd:9d:fe:4e:25:42:ab:3e

openssl dgst -blake2b512 -r openssl_test.txt

701fd7a8c7104bd71497d3f4d9cbaa82b392aa132dbddc02e323243a60363bb9dbd3d4ae597f9ec862695d52ab85066df22d9c4aca04df11fd9dfe4e2542ab3e *openssl_test.txt

echo -n "https://const.net.cn" | openssl dgst -blake2b512

(stdin)= 701fd7a8c7104bd71497d3f4d9cbaa82b392aa132dbddc02e323243a60363bb9dbd3d4ae597f9ec862695d52ab85066df22d9c4aca04df11fd9dfe4e2542ab3e

openssl blake2b512 openssl_test.txt

BLAKE2b512(openssl_test.txt)= 701fd7a8c7104bd71497d3f4d9cbaa82b392aa132dbddc02e323243a60363bb9dbd3d4ae597f9ec862695d52ab85066df22d9c4aca04df11fd9dfe4e2542ab3e

openssl blake2b512 *

BLAKE2b512(openssl_test.md5)= 72cc4d0b342d407a0063b1c5a647f7385c81c8864e52ccb10665bc00742b00e6157826b69bd81c890f7b4545b0f6634f18f97231109980b995a1f333746587d8
BLAKE2b512(openssl_test.txt)= 701fd7a8c7104bd71497d3f4d9cbaa82b392aa132dbddc02e323243a60363bb9dbd3d4ae597f9ec862695d52ab85066df22d9c4aca04df11fd9dfe4e2542ab3e

openssl BLAKE2b512 *

BLAKE2b512(openssl_test.md5)= 72cc4d0b342d407a0063b1c5a647f7385c81c8864e52ccb10665bc00742b00e6157826b69bd81c890f7b4545b0f6634f18f97231109980b995a1f333746587d8
BLAKE2b512(openssl_test.txt)= 701fd7a8c7104bd71497d3f4d9cbaa82b392aa132dbddc02e323243a60363bb9dbd3d4ae597f9ec862695d52ab85066df22d9c4aca04df11fd9dfe4e2542ab3e

openssl dgst -list
Supported digests:
-blake2b512 -blake2s256 -md4
-md5 -md5-sha1 -ripemd
-ripemd160 -rmd160 -sha1
-sha224 -sha256 -sha3-224
-sha3-256 -sha3-384 -sha3-512
-sha384 -sha512 -sha512-224
-sha512-256 -shake128 -shake256
-sm3 -ssl3-md5 -ssl3-sha1
-whirlpool

用法:
openssl dgst [-digest]
或者
openssl digest
参数:
-c 参数是以冒号分隔HexString.
-hex 是输出16进制字符串,默认就是这个
-binary 是输出二进制的结果
-d 调试信息,没什么用
-out filename 将计算结果输出到文件,默认输出控制台

官方手册地址:https://www.openssl.org/docs/man1.1.1/man1/dgst.html

示例:

echo -n "https://const.net.cn" > openssl_test.txt

openssl blake2s256  openssl_test.txt

BLAKE2s256(openssl_test.txt)= 1d550a31cf7034f24aac69abb8430474610522a8fc844ef4584d364789890feb

openssl blake2b512  openssl_test.txt

BLAKE2b512(openssl_test.txt)= 701fd7a8c7104bd71497d3f4d9cbaa82b392aa132dbddc02e323243a60363bb9dbd3d4ae597f9ec862695d52ab85066df22d9c4aca04df11fd9dfe4e2542ab3e

openssl md4  openssl_test.txt

MD4(openssl_test.txt)= d6dd1d2a616b6a480c6ce417b517734b

openssl md5  openssl_test.txt

MD5(openssl_test.txt)= 682d2c63236af6e721794b2988fc1d44

openssl md5-sha1  openssl_test.txt

MD5-SHA1(openssl_test.txt)= 682d2c63236af6e721794b2988fc1d44520fc9bd671e47fd9bd8961d88baacb4d356494a

openssl ripemd  openssl_test.txt

RIPEMD160(openssl_test.txt)= b4967924b4475514dba56090e82656d710e92d1c

openssl ripemd160  openssl_test.txt

RIPEMD160(openssl_test.txt)= b4967924b4475514dba56090e82656d710e92d1c

openssl rmd160  openssl_test.txt

RIPEMD160(openssl_test.txt)= b4967924b4475514dba56090e82656d710e92d1c

openssl sha1  openssl_test.txt

SHA1(openssl_test.txt)= 520fc9bd671e47fd9bd8961d88baacb4d356494a

openssl sha224  openssl_test.txt

SHA224(openssl_test.txt)= 4a4c7f39fe288a3125e1095cc940d13efd18a61839611b0ac5865738

openssl sha256  openssl_test.txt

SHA256(openssl_test.txt)= 8564929a323c97aa80d5be728fc2b7c53241926d138decb4d30f8cae1e36750f

openssl sha3-224  openssl_test.txt

SHA3-224(openssl_test.txt)= 3f91daa869ff38c9e289d8b20bfb30f35cd24b1ade2d60e117b6f705

openssl sha3-256  openssl_test.txt

SHA3-256(openssl_test.txt)= 2d2120298f04f9ccf45eb104a1a832b72dc36e92df83697ddf41381937f8a9d7

openssl sha3-384  openssl_test.txt

SHA3-384(openssl_test.txt)= 9a5de69d2997788656d11b8dbe3007e74c4c116aa4759495e684d6a6cda9adff29e815235fcf110b799ab62ccaa0c029

openssl sha3-512  openssl_test.txt

SHA3-512(openssl_test.txt)= bcaeaeace4c0f640325b76cda96ad8e527eedacb256afc42d3e8d68842fc694a3355d034c31faa8f8c8b00a869215a3342883f94a06503eb0c350382ae5f430e

openssl sha384  openssl_test.txt

SHA384(openssl_test.txt)= b13f0e9e1b0a3230346eae998b4e58721afd42926625b3de532c4f13e7d70b62ab51497078de8ef394f34356da39e7bc

openssl sha512  openssl_test.txt

SHA512(openssl_test.txt)= 8513a9c64d9f897546b9eff11a03182f000dee5df2d3c48dc24a4ac7840ec2e90eae1b99cd05f125e28ca28328b6fda9e287f725164b7c380844071c3a53a025

openssl sha512-224  openssl_test.txt

SHA512-224(openssl_test.txt)= 1a1b23c9a9b105ef19f0bb5d95077c2fe1995f0fd90729ebc9afe42c

openssl sha512-256  openssl_test.txt

SHA512-256(openssl_test.txt)= 6eefb9b7ea272dd7374749eeeb59b3bf399652918032810e214cd7d86e9e52c6

openssl shake128  openssl_test.txt

SHAKE128(openssl_test.txt)= e3aeecee8d193be5c58ba3df620abb03

openssl shake256  openssl_test.txt

SHAKE256(openssl_test.txt)= 1acf0858f828d2fc6c429561c96061c73d200929ef1d05b925d19d71d2030ecb

openssl sm3  openssl_test.txt

SM3(openssl_test.txt)= bb1318898097df76a8a992ec2ac3dac85914db06dae0851bebd4a5de9a13369f

openssl ssl3-md5  openssl_test.txt

MD5(openssl_test.txt)= 682d2c63236af6e721794b2988fc1d44

openssl ssl3-sha1  openssl_test.txt

SHA1(openssl_test.txt)= 520fc9bd671e47fd9bd8961d88baacb4d356494a

openssl whirlpool  openssl_test.txt

whirlpool(openssl_test.txt)= a57446d6ff2e44fa7a72d7c6739960e6c17f9ea38a8d4032ba163ebe3c0f6d95b7e96c3dbcede63f3e7632462643d3dd10c3272e139bb1cca1873dfc2b86ab3f

PSAM 卡授权流程APDU参考

PSAM获取终端机编号 00 B0 96 00 06

读版本号:

选MF 00 A4 00 00 02 3f 00
选0015 00 A4 00 00 02 00 15
读0015 00 B0 00 00 10
选并读0015用一条命令
00 B0 95 00 0E
示例应答
33 01 03 01 00 00 00 00 00 01 05 01 01 01 90 00
PSAM序列号:33010301000000000001
PSAM版本号:05
PSAM版本号 ≥ 0x05,支持国密SM4算法!

返回的PSAM版本号>=0x05 且不为0xFF则判断为国密PSAM;否则为3DES

国密PSAM继续:
选DF01 00 A4 00 00 02 df 01
*选0017 00 A4 00 00 02 00 15
读0017 00 B0 00 00 20*
选并读0017
00 B0 97 00 1B
应答
01 00 FF FF FF FF FF FF FF D5 E3 BD AD 33 01 00 01 20 20 04 08 20 25 04 07 41 40 90 00

判断是否已授权

选DF01 00 A4 00 00 02 df 01

二级分散 返回6982则为待授权

801A48011000000000000000000000000000000000

返回:9000-无需授权; 6982-需要授权

PSAM授权初始化

选DF01-选0017-读0017-选MF目录-选0015-读0015->
取随机数(4字节/8字节)

PSAM授权

外部认证 00 82 00 41[len code_buff[8]]
选DF01

  1. 1
  2. ...
  3. 16
  4. 17
  5. 18
  6. 19
  7. 20
  8. 21