使用 SEED 密码算法的 NodeJS Crypto 模块
NodeJS Crypto module using SEED cipher algorithm
我需要用到"SEED"密码算法,好像以前是Crypto模块支持的。当我尝试使用 crypto.getCiphers() 获取当前支持哪些密码时,我得到了这个结果:
'aes-128-cbc',
'aes-128-cfb',
'aes-128-ctr',
'aes-128-ecb',
'aes-128-gcm',
'aes-128-ofb',
'aes-192-cbc',
'aes-192-ctr',
'aes-192-ecb',
'aes-192-gcm',
'aes-192-ofb',
'aes-256-cbc',
'aes-256-cfb',
'aes-256-ctr',
'aes-256-ecb',
'aes-256-gcm',
'aes-256-ofb',
'des-cbc',
'des-ecb',
'des-ede',
'des-ede-cbc',
'des-ede3-cbc',
'rc2-cbc',
'rc4'
我尝试过使用许多 Node 版本,结果总是一样的。另外,我尝试在我的应用程序中使用 openssl,但 SEED 密码不再可用。
如何在我的应用程序中添加对此密码算法的支持?
使用节点 12、11、10、9、8 进行测试。OpenSSL 版本:LibreSSL 2.6.5
TIA !
SEED 只是一个具有 128 位块和 128 位密钥的 16 轮 Feistel 网络,我绝对不会在生产中使用它。
就其价值而言,SEED 仍然存在于 节点 13。
在macOS 10.15.3运行node.js v13.7.0,我执行了这段代码:
1 var crypto = require('crypto')
2 const util = require('util');
3 util.inspect.defaultOptions.maxArrayLength = null;
4
5
6 console.log(crypto.getCiphers())
确实将 SEED 列为受支持的密码:
[
'aes-128-cbc',
'aes-128-ccm',
'aes-128-cfb',
'aes-128-cfb1',
'aes-128-cfb8',
'aes-128-ctr',
'aes-128-ecb',
'aes-128-gcm',
'aes-128-ocb',
'aes-128-ofb',
'aes-128-xts',
'aes-192-cbc',
'aes-192-ccm',
'aes-192-cfb',
'aes-192-cfb1',
'aes-192-cfb8',
'aes-192-ctr',
'aes-192-ecb',
'aes-192-gcm',
'aes-192-ocb',
'aes-192-ofb',
'aes-256-cbc',
'aes-256-ccm',
'aes-256-cfb',
'aes-256-cfb1',
'aes-256-cfb8',
'aes-256-ctr',
'aes-256-ecb',
'aes-256-gcm',
'aes-256-ocb',
'aes-256-ofb',
'aes-256-xts',
'aes128',
'aes128-wrap',
'aes192',
'aes192-wrap',
'aes256',
'aes256-wrap',
'aria-128-cbc',
'aria-128-ccm',
'aria-128-cfb',
'aria-128-cfb1',
'aria-128-cfb8',
'aria-128-ctr',
'aria-128-ecb',
'aria-128-gcm',
'aria-128-ofb',
'aria-192-cbc',
'aria-192-ccm',
'aria-192-cfb',
'aria-192-cfb1',
'aria-192-cfb8',
'aria-192-ctr',
'aria-192-ecb',
'aria-192-gcm',
'aria-192-ofb',
'aria-256-cbc',
'aria-256-ccm',
'aria-256-cfb',
'aria-256-cfb1',
'aria-256-cfb8',
'aria-256-ctr',
'aria-256-ecb',
'aria-256-gcm',
'aria-256-ofb',
'aria128',
'aria192',
'aria256',
'bf',
'bf-cbc',
'bf-cfb',
'bf-ecb',
'bf-ofb',
'blowfish',
'camellia-128-cbc',
'camellia-128-cfb',
'camellia-128-cfb1',
'camellia-128-cfb8',
'camellia-128-ctr',
'camellia-128-ecb',
'camellia-128-ofb',
'camellia-192-cbc',
'camellia-192-cfb',
'camellia-192-cfb1',
'camellia-192-cfb8',
'camellia-192-ctr',
'camellia-192-ecb',
'camellia-192-ofb',
'camellia-256-cbc',
'camellia-256-cfb',
'camellia-256-cfb1',
'camellia-256-cfb8',
'camellia-256-ctr',
'camellia-256-ecb',
'camellia-256-ofb',
'camellia128',
'camellia192',
'camellia256',
'cast',
'cast-cbc',
'cast5-cbc',
'cast5-cfb',
'cast5-ecb',
'cast5-ofb',
'chacha20',
'chacha20-poly1305',
'des',
'des-cbc',
'des-cfb',
'des-cfb1',
'des-cfb8',
'des-ecb',
'des-ede',
'des-ede-cbc',
'des-ede-cfb',
'des-ede-ecb',
'des-ede-ofb',
'des-ede3',
'des-ede3-cbc',
'des-ede3-cfb',
'des-ede3-cfb1',
'des-ede3-cfb8',
'des-ede3-ecb',
'des-ede3-ofb',
'des-ofb',
'des3',
'des3-wrap',
'desx',
'desx-cbc',
'id-aes128-CCM',
'id-aes128-GCM',
'id-aes128-wrap',
'id-aes128-wrap-pad',
'id-aes192-CCM',
'id-aes192-GCM',
'id-aes192-wrap',
'id-aes192-wrap-pad',
'id-aes256-CCM',
'id-aes256-GCM',
'id-aes256-wrap',
'id-aes256-wrap-pad',
'id-smime-alg-CMS3DESwrap',
'idea',
'idea-cbc',
'idea-cfb',
'idea-ecb',
'idea-ofb',
'rc2',
'rc2-128',
'rc2-40',
'rc2-40-cbc',
'rc2-64',
'rc2-64-cbc',
'rc2-cbc',
'rc2-cfb',
'rc2-ecb',
'rc2-ofb',
'rc4',
'rc4-40',
'rc4-hmac-md5',
'seed',
'seed-cbc',
'seed-cfb',
'seed-ecb',
'seed-ofb',
'sm4',
'sm4-cbc',
'sm4-cfb',
'sm4-ctr',
'sm4-ecb',
'sm4-ofb'
]
问题不是 NodeJS 的版本,而是 LibreSSL 库的问题,它可能没有包含它,因为它是国家特定的密码。
它的文档内容如下:
Symmetric ciphers including AES, Blowfish, CAST, Chacha20, IDEA, DES, RC2, and RC4
并且 SEED 也不在 EVP_EncryptInit documentation 中。
但是,如果我查看系统中存在的 OpenSSL v1.1.1c,SEED 密码仍列在 openssl help 页面中。所以你需要使用不同的密码库作为后端。
请注意,LibreSSL 目标页面包含:
Remove obsolete or broken features and operating system support
LibreSSL 尝试删除可能不再需要的功能,而 SEED 很可能是许多可能被遗漏的密码之一。
我需要用到"SEED"密码算法,好像以前是Crypto模块支持的。当我尝试使用 crypto.getCiphers() 获取当前支持哪些密码时,我得到了这个结果:
'aes-128-cbc',
'aes-128-cfb',
'aes-128-ctr',
'aes-128-ecb',
'aes-128-gcm',
'aes-128-ofb',
'aes-192-cbc',
'aes-192-ctr',
'aes-192-ecb',
'aes-192-gcm',
'aes-192-ofb',
'aes-256-cbc',
'aes-256-cfb',
'aes-256-ctr',
'aes-256-ecb',
'aes-256-gcm',
'aes-256-ofb',
'des-cbc',
'des-ecb',
'des-ede',
'des-ede-cbc',
'des-ede3-cbc',
'rc2-cbc',
'rc4'
我尝试过使用许多 Node 版本,结果总是一样的。另外,我尝试在我的应用程序中使用 openssl,但 SEED 密码不再可用。 如何在我的应用程序中添加对此密码算法的支持? 使用节点 12、11、10、9、8 进行测试。OpenSSL 版本:LibreSSL 2.6.5
TIA !
SEED 只是一个具有 128 位块和 128 位密钥的 16 轮 Feistel 网络,我绝对不会在生产中使用它。
就其价值而言,SEED 仍然存在于 节点 13。
在macOS 10.15.3运行node.js v13.7.0,我执行了这段代码:
1 var crypto = require('crypto')
2 const util = require('util');
3 util.inspect.defaultOptions.maxArrayLength = null;
4
5
6 console.log(crypto.getCiphers())
确实将 SEED 列为受支持的密码:
[
'aes-128-cbc',
'aes-128-ccm',
'aes-128-cfb',
'aes-128-cfb1',
'aes-128-cfb8',
'aes-128-ctr',
'aes-128-ecb',
'aes-128-gcm',
'aes-128-ocb',
'aes-128-ofb',
'aes-128-xts',
'aes-192-cbc',
'aes-192-ccm',
'aes-192-cfb',
'aes-192-cfb1',
'aes-192-cfb8',
'aes-192-ctr',
'aes-192-ecb',
'aes-192-gcm',
'aes-192-ocb',
'aes-192-ofb',
'aes-256-cbc',
'aes-256-ccm',
'aes-256-cfb',
'aes-256-cfb1',
'aes-256-cfb8',
'aes-256-ctr',
'aes-256-ecb',
'aes-256-gcm',
'aes-256-ocb',
'aes-256-ofb',
'aes-256-xts',
'aes128',
'aes128-wrap',
'aes192',
'aes192-wrap',
'aes256',
'aes256-wrap',
'aria-128-cbc',
'aria-128-ccm',
'aria-128-cfb',
'aria-128-cfb1',
'aria-128-cfb8',
'aria-128-ctr',
'aria-128-ecb',
'aria-128-gcm',
'aria-128-ofb',
'aria-192-cbc',
'aria-192-ccm',
'aria-192-cfb',
'aria-192-cfb1',
'aria-192-cfb8',
'aria-192-ctr',
'aria-192-ecb',
'aria-192-gcm',
'aria-192-ofb',
'aria-256-cbc',
'aria-256-ccm',
'aria-256-cfb',
'aria-256-cfb1',
'aria-256-cfb8',
'aria-256-ctr',
'aria-256-ecb',
'aria-256-gcm',
'aria-256-ofb',
'aria128',
'aria192',
'aria256',
'bf',
'bf-cbc',
'bf-cfb',
'bf-ecb',
'bf-ofb',
'blowfish',
'camellia-128-cbc',
'camellia-128-cfb',
'camellia-128-cfb1',
'camellia-128-cfb8',
'camellia-128-ctr',
'camellia-128-ecb',
'camellia-128-ofb',
'camellia-192-cbc',
'camellia-192-cfb',
'camellia-192-cfb1',
'camellia-192-cfb8',
'camellia-192-ctr',
'camellia-192-ecb',
'camellia-192-ofb',
'camellia-256-cbc',
'camellia-256-cfb',
'camellia-256-cfb1',
'camellia-256-cfb8',
'camellia-256-ctr',
'camellia-256-ecb',
'camellia-256-ofb',
'camellia128',
'camellia192',
'camellia256',
'cast',
'cast-cbc',
'cast5-cbc',
'cast5-cfb',
'cast5-ecb',
'cast5-ofb',
'chacha20',
'chacha20-poly1305',
'des',
'des-cbc',
'des-cfb',
'des-cfb1',
'des-cfb8',
'des-ecb',
'des-ede',
'des-ede-cbc',
'des-ede-cfb',
'des-ede-ecb',
'des-ede-ofb',
'des-ede3',
'des-ede3-cbc',
'des-ede3-cfb',
'des-ede3-cfb1',
'des-ede3-cfb8',
'des-ede3-ecb',
'des-ede3-ofb',
'des-ofb',
'des3',
'des3-wrap',
'desx',
'desx-cbc',
'id-aes128-CCM',
'id-aes128-GCM',
'id-aes128-wrap',
'id-aes128-wrap-pad',
'id-aes192-CCM',
'id-aes192-GCM',
'id-aes192-wrap',
'id-aes192-wrap-pad',
'id-aes256-CCM',
'id-aes256-GCM',
'id-aes256-wrap',
'id-aes256-wrap-pad',
'id-smime-alg-CMS3DESwrap',
'idea',
'idea-cbc',
'idea-cfb',
'idea-ecb',
'idea-ofb',
'rc2',
'rc2-128',
'rc2-40',
'rc2-40-cbc',
'rc2-64',
'rc2-64-cbc',
'rc2-cbc',
'rc2-cfb',
'rc2-ecb',
'rc2-ofb',
'rc4',
'rc4-40',
'rc4-hmac-md5',
'seed',
'seed-cbc',
'seed-cfb',
'seed-ecb',
'seed-ofb',
'sm4',
'sm4-cbc',
'sm4-cfb',
'sm4-ctr',
'sm4-ecb',
'sm4-ofb'
]
问题不是 NodeJS 的版本,而是 LibreSSL 库的问题,它可能没有包含它,因为它是国家特定的密码。
它的文档内容如下:
Symmetric ciphers including AES, Blowfish, CAST, Chacha20, IDEA, DES, RC2, and RC4
并且 SEED 也不在 EVP_EncryptInit documentation 中。
但是,如果我查看系统中存在的 OpenSSL v1.1.1c,SEED 密码仍列在 openssl help 页面中。所以你需要使用不同的密码库作为后端。
请注意,LibreSSL 目标页面包含:
Remove obsolete or broken features and operating system support
LibreSSL 尝试删除可能不再需要的功能,而 SEED 很可能是许多可能被遗漏的密码之一。