我想创建一个在Windows和Unix上使用Ansible Vault的工具,不幸的是,在Windows机器上安装Ansible并不方便。但是我注意到加密算法是AES256,所以我认为可以使用pythons-Chipper或pyAesCrypt包。 但它们产生二进制输入和输出。Ansible Vault将二进制文件转换为ASCII格式
如何在不安装Ansible的情况下解密Ansible vault
小更新(EDIT1)
import os, binascii
from backports.pbkdf2 import pbkdf2_hmac
test = """\
39646166383265396433613964363733633431323236303136643162393233313763346431323836
3437633530383663633066636461643366663561636637320a613939343931376638386539623131
39333661336633626330373263323239663462383561646266663835666663386561666666353232
6662623338646636620a333063613932633762613737326364373265306661356235313935623036
6634"""
print(ord('\n'))
test = test.replace('\n', '')
output = []
#for (int charIdx = 0; charIdx < dataLen; charIdx+=2) {
# output[charIdx/2] = (byte) ((Character.digit(hexed.charAt(charIdx), 16) << 4)
# + Character.digit(hexed.charAt(charIdx+1), 16));
# }
for charIdx in range(0, int(len(test) / 2)):
tests = ord('3')
out = int(test[charIdx * 2], base=16) * 16 + int(test[charIdx * 2 + 1], base=16)
output.append(out)
str_salt_id = 0
str_hcm_id = 0
for index, item in enumerate(output):
if item == ord('\n'):
break
str_salt_id += 1
for index, item in enumerate(output):
if item == ord('\n') and index > str_salt_id:
break
str_hcm_id += 1
print(output[str_salt_id])
print(output[str_hcm_id])
str_salt = output[:str_salt_id]
str_hcm = output[str_salt_id + 1:str_hcm_id]
str_data = output[str_hcm_id + 1:]
print('-')
print(len(str_salt))
print(len(str_hcm))
print(len(str_data))
print('-')
str_salt_byte = bytearray(str_salt)
print(output.index(ord('\n')))
print(output.index(ord('\n')))
b_output = bytearray(output)
# salt = binascii.unhexlify('aaef2d3f4d77ac66e9c5a6c3d8f921d1')
passwd = "test".encode("utf8")
key = pbkdf2_hmac("sha256", passwd, str_salt_byte, 1000, 32)
print("Derived key:", binascii.hexlify(key))
def print_hi(name):
# Use a breakpoint in the code line below to debug your script.
print(f'Hi, {name}') # Press Strg+F8 to toggle the breakpoint.
# Press the green button in the gutter to run the script.
if __name__ == '__main__':
print_hi('PyCharm')
# See PyCharm help at https://www.jetbrains.com/help/pycharm/
我将结果与java版本进行了比较,似乎所有的东西都是正确的,正确的芯片密钥,正确的数据。现在,我正在寻找一个可以像以下java SnipSet一样解密的库:
// Class CypherAES256.java in github.com/Wedjaa/JavaAnsibleVault
public byte[] decryptAES(byte[] cypher, byte[] key, byte[] iv) throws IOException
{
SecretKeySpec keySpec = new SecretKeySpec(key, CYPHER_KEY_ALGO);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
try
{
Cipher cipher = Cipher.getInstance(CYPHER_ALGO);
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
byte[] decrypted = cipher.doFinal(cypher);
return unpad(decrypted);
}
catch (Exception ex)
{
throw new IOException("Failed to decrypt data: " + ex.getMessage());
}
}
我的文件是:
$ANSIBLE_VAULT;1.1;AES256
39646166383265396433613964363733633431323236303136643162393233313763346431323836
3437633530383663633066636461643366663561636637320a613939343931376638386539623131
39333661336633626330373263323239663462383561646266663835666663386561666666353232
6662623338646636620a333063613932633762613737326364373265306661356235313935623036
6634
密码为“test”,加密文本为“This is a test”
目前没有回答
相关问题 更多 >
编程相关推荐