openssl3.2 - exp - 可以在命令行使用的口令算法名称列表，OpenSSL 3.2命令行中的口令算法名称列表揭秘

2024-04-060阅读0评论

温馨提示：这篇文章已超过399天没有更新，请注意相关的内容是否还可用！

摘要：OpenSSL 3.2版本提供了一个命令行工具exp，该工具可以列出所有可用的口令算法名称。这些算法可用于加密和解密数据，保护信息安全。通过简单的命令行操作，用户可以方便地查看这些算法列表，以便选择最适合其需求的算法。OpenSSL的exp工具为用户提供了便捷的方式来管理和保护敏感信息。

文章目录

- openssl3.2 - exp - 可以在命令行使用的口令算法名称列表
- 概述
- 笔记
- 测试工程实现
- 备注
- 整理 - 总共有126种加密算法可用于命令行参数的密码加密算法
- 备注
- END
  openssl3.2 - exp - 可以在命令行使用的口令算法名称列表
  概述
  上一个笔记openssl3.2 - exp - PEM ＜==＞ DER, 还有个疑问.
  （图片来源网络，侵删）
  openssl pkey -in app_key3.pem -out app_key5_pwd.pem -outform PEM -passout pass:111111 -算法名称
  如果PEM/DER互转时, 要想转换后的文件带口令保护就需要指定用哪种算法来执行口令加密算法.
  （图片来源网络，侵删）
  并不是随便哪一种可见的算法名称就能用的.
  算法有限制
  算法不能有 EVP_CIPH_FLAG_AEAD_CIPHER 标记
  模式不能是 EVP_CIPH_XTS_MODE
  如果想确定哪些是不支持的口令加密算法, 必须要自己写个程序, 将不支持的算法过滤掉.
  参照openssl源码, 写了一个测试程序, 可以将全部算法都列出来, 不支持的算法加上标记.
  运行效果如下, 只要算法后边有标记 " !!! ---------- ", 都是不支持的命令行口令加密算法.
  Legacy:
  AES-128-CBC // ok
  AES-128-CBC-HMAC-SHA1 : !!! ---------- cipher has no object identifier
  AES-128-CBC-HMAC-SHA256 : !!! ---------- cipher has no object identifier
  id-aes128-CCM : !!! ---------- AEAD ciphers not supported
  AES-128-CFB // ok
  AES-128-CFB1 // ok
  AES-128-CFB8 // ok
  AES-128-CTR : !!! ---------- cipher has no object identifier
  AES-128-ECB // ok
  id-aes128-GCM : !!! ---------- AEAD ciphers not supported
  AES-128-OCB : !!! ---------- cipher has no object identifier
  AES-128-OFB // ok
  AES-128-XTS : !!! ---------- XTS ciphers not supported
  AES-192-CBC
  id-aes192-CCM : !!! ---------- AEAD ciphers not supported
  AES-192-CFB // ok
  AES-192-CFB1 // ok
  AES-192-CFB8 // ok
  AES-192-CTR : !!! ---------- cipher has no object identifier
  AES-192-ECB // ok
  id-aes192-GCM : !!! ---------- AEAD ciphers not supported
  AES-192-OCB : !!! ---------- cipher has no object identifier
  AES-192-OFB // ok
  AES-256-CBC // ok
  AES-256-CBC-HMAC-SHA1 : !!! ---------- cipher has no object identifier
  AES-256-CBC-HMAC-SHA256 : !!! ---------- cipher has no object identifier
  id-aes256-CCM : !!! ---------- AEAD ciphers not supported
  AES-256-CFB // ok
  AES-256-CFB1 // ok
  AES-256-CFB8 // ok
  AES-256-CTR : !!! ---------- cipher has no object identifier
  AES-256-ECB // ok
  id-aes256-GCM : !!! ---------- AEAD ciphers not supported
  AES-256-OCB : !!! ---------- cipher has no object identifier
  AES-256-OFB // ok
  AES-256-XTS : !!! ---------- XTS ciphers not supported
  ARIA-128-CBC // ok
  ARIA-128-CCM : !!! ---------- AEAD ciphers not supported
  ARIA-128-CFB // ok
  ARIA-128-CFB1 : !!! ---------- cipher has no object identifier
  ARIA-128-CFB8 : !!! ---------- cipher has no object identifier
  ARIA-128-CTR // ok
  ARIA-128-ECB // ok
  ARIA-128-GCM : !!! ---------- AEAD ciphers not supported
  ARIA-128-OFB // ok
  ARIA-192-CBC // ok
  ARIA-192-CCM : !!! ---------- AEAD ciphers not supported
  ARIA-192-CFB // ok
  ARIA-192-CFB1 : !!! ---------- cipher has no object identifier
  ARIA-192-CFB8 : !!! ---------- cipher has no object identifier
  ARIA-192-CTR // ok
  ARIA-192-ECB // ok
  ARIA-192-GCM : !!! ---------- AEAD ciphers not supported
  ARIA-192-OFB // ok
  ARIA-256-CBC // ok
  ARIA-256-CCM : !!! ---------- AEAD ciphers not supported
  ARIA-256-CFB // ok
  ARIA-256-CFB1 : !!! ---------- cipher has no object identifier
  ARIA-256-CFB8 : !!! ---------- cipher has no object identifier
  ARIA-256-CTR // ok
  ARIA-256-ECB // ok
  ARIA-256-GCM : !!! ---------- AEAD ciphers not supported
  ARIA-256-OFB // ok
  BF-CBC // err
  BF-CFB : !!! ---------- cipher has no object identifier
  BF-ECB : !!! ---------- cipher has no object identifier
  BF-OFB : !!! ---------- cipher has no object identifier
  CAMELLIA-128-CBC // ok
  CAMELLIA-128-CFB // ok
  CAMELLIA-128-CFB1 : !!! ---------- cipher has no object identifier
  CAMELLIA-128-CFB8 : !!! ---------- cipher has no object identifier
  CAMELLIA-128-CTR // ok
  CAMELLIA-128-ECB // ok
  CAMELLIA-128-OFB // ok
  CAMELLIA-192-CBC // ok
  CAMELLIA-192-CFB // ok
  CAMELLIA-192-CFB1 : !!! ---------- cipher has no object identifier
  CAMELLIA-192-CFB8 : !!! ---------- cipher has no object identifier
  CAMELLIA-192-CTR // ok
  CAMELLIA-192-ECB // ok
  CAMELLIA-192-OFB // ok
  CAMELLIA-256-CBC // ok
  CAMELLIA-256-CFB // ok
  CAMELLIA-256-CFB1 : !!! ---------- cipher has no object identifier
  CAMELLIA-256-CFB8 : !!! ---------- cipher has no object identifier
  CAMELLIA-256-CTR // ok
  CAMELLIA-256-ECB // ok
  CAMELLIA-256-OFB // ok
  CAST5-CBC // err
  CAST5-CFB : !!! ---------- cipher has no object identifier
  CAST5-ECB : !!! ---------- cipher has no object identifier
  CAST5-OFB : !!! ---------- cipher has no object identifier
  ChaCha20 : !!! ---------- cipher has no object identifier
  ChaCha20-Poly1305 : !!! ---------- cipher has no object identifier
  DES-CBC // err
  DES-CFB // err
  DES-CFB1 // err
  DES-CFB8 // err
  DES-ECB // err
  DES-EDE // ok
  DES-EDE-CBC : !!! ---------- cipher has no object identifier
  DES-EDE-CFB : !!! ---------- cipher has no object identifier
  DES-EDE-OFB : !!! ---------- cipher has no object identifier
  DES-EDE3 : !!! ---------- cipher has no object identifier
  DES-EDE3-CBC // ok
  DES-EDE3-CFB // err
  DES-EDE3-CFB1 // err
  DES-EDE3-CFB8 // err
  DES-EDE3-OFB : !!! ---------- cipher has no object identifier
  DES-OFB // err
  DESX-CBC : !!! ---------- cipher has no object identifier
  id-aes128-CCM : !!! ---------- AEAD ciphers not supported
  id-aes128-GCM : !!! ---------- AEAD ciphers not supported
  id-aes128-wrap // ok
  id-aes128-wrap-pad // ok
  id-aes192-CCM : !!! ---------- AEAD ciphers not supported
  id-aes192-GCM : !!! ---------- AEAD ciphers not supported
  id-aes192-wrap // ok
  id-aes192-wrap-pad // ok
  id-aes256-CCM : !!! ---------- AEAD ciphers not supported
  id-aes256-GCM : !!! ---------- AEAD ciphers not supported
  id-aes256-wrap // ok
  id-aes256-wrap-pad // ok
  id-smime-alg-CMS3DESwrap // err
  IDEA-CBC // err
  IDEA-CFB : !!! ---------- cipher has no object identifier
  IDEA-ECB : !!! ---------- cipher has no object identifier
  IDEA-OFB : !!! ---------- cipher has no object identifier
  RC2-40-CBC // err
  RC2-64-CBC // err
  RC2-CBC
  RC2-CFB : !!! ---------- cipher has no object identifier
  RC2-ECB : !!! ---------- cipher has no object identifier
  RC2-OFB : !!! ---------- cipher has no object identifier
  RC4 // err
  RC4-40 // err
  RC4-HMAC-MD5 : !!! ---------- cipher has no object identifier
  SEED-CBC // err
  SEED-CFB // err
  SEED-ECB // err
  SEED-OFB // err
  SM4-CBC // ok
  SM4-CFB // ok
  SM4-CTR // ok
  SM4-ECB // ok
  SM4-OFB // ok
  Provided:
  { 1.2.410.200046.1.1.12, ARIA-256-CBC, ARIA256 } // ok
  { 2.16.840.1.101.3.4.1.22, AES-192-CBC, AES192 } // ok
  { 2.16.840.1.101.3.4.1.4, AES-128-CFB } // ok
  ARIA-192-CCM : !!! ---------- AEAD ciphers not supported
  { 1.2.410.200046.1.1.1, ARIA-128-ECB } // ok
  { 2.16.840.1.101.3.4.1.2, AES-128-CBC, AES128 } // ok
  { 2.16.840.1.101.3.4.1.24, AES-192-CFB } // ok
  { 1.2.392.200011.61.1.1.1.2, CAMELLIA-128-CBC, CAMELLIA128 } // ok
  { 1.2.392.200011.61.1.1.1.4, CAMELLIA-256-CBC, CAMELLIA256 } // ok
  ARIA-192-GCM : !!! ---------- AEAD ciphers not supported
  { 2.16.840.1.101.3.4.1.42, AES-256-CBC, AES256 } // ok
  { 2.16.840.1.101.3.4.1.28, AES-192-WRAP-PAD, AES192-WRAP-PAD, id-aes192-wrap-pad } // ok
  ARIA-256-GCM : !!! ---------- AEAD ciphers not supported
  AES-256-XTS : !!! ---------- XTS ciphers not supported
  { 2.16.840.1.101.3.4.1.8, AES-128-WRAP-PAD, AES128-WRAP-PAD, id-aes128-wrap-pad } // ok
  { 1.2.840.113549.1.9.16.3.6, DES3-WRAP, id-smime-alg-CMS3DESwrap } // err
  { 2.16.840.1.101.3.4.1.48, AES-256-WRAP-PAD, AES256-WRAP-PAD, id-aes256-wrap-pad } // ok
  { 1.2.156.10197.1.104.3, SM4-OFB, SM4-OFB128 } // ok
  { 2.16.840.1.101.3.4.1.25, AES-192-WRAP, AES192-WRAP, id-aes192-wrap } // ok
  { 2.16.840.1.101.3.4.1.41, AES-256-ECB } // ok
  { 0.3.4401.5.3.1.9.49, CAMELLIA-256-CTR } // ok
  { 1.2.410.200046.1.1.2, ARIA-128-CBC, ARIA128 } // ok
  AES-128-GCM : !!! ---------- AEAD ciphers not supported
  { 0.3.4401.5.3.1.9.41, CAMELLIA-256-ECB } // ok
  { 2.16.840.1.101.3.4.1.44, AES-256-CFB } // ok
  { 1.2.156.10197.1.104.4, SM4-CFB, SM4-CFB128 } // ok
  { 0.3.4401.5.3.1.9.4, CAMELLIA-128-CFB } // ok
  ARIA-256-CCM : !!! ---------- AEAD ciphers not supported
  { 1.2.410.200046.1.1.14, ARIA-256-OFB } // ok
  AES-256-GCM : !!! ---------- AEAD ciphers not supported
  { 0.3.4401.5.3.1.9.9, CAMELLIA-128-CTR } // ok
  { 2.16.840.1.101.3.4.1.23, AES-192-OFB } // ok
  { 1.2.156.10197.1.104.1, SM4-ECB } // ok
  AES-128-CCM : !!! ---------- AEAD ciphers not supported
  AES-256-CCM : !!! ---------- AEAD ciphers not supported
  { 1.2.410.200046.1.1.7, ARIA-192-CBC, ARIA192 } // ok
  { 2.16.840.1.101.3.4.1.45, AES-256-WRAP, AES256-WRAP, id-aes256-wrap } // ok
  { 1.2.410.200046.1.1.15, ARIA-256-CTR } // ok
  { 1.2.410.200046.1.1.3, ARIA-128-CFB } // ok
  ARIA-128-GCM : !!! ---------- AEAD ciphers not supported
  { 1.2.410.200046.1.1.6, ARIA-192-ECB } // ok
  AES-192-GCM : !!! ---------- AEAD ciphers not supported
  { 0.3.4401.5.3.1.9.29, CAMELLIA-192-CTR } // ok
  { 0.3.4401.5.3.1.9.43, CAMELLIA-256-OFB } // ok
  { 1.2.156.10197.1.104.2, SM4, SM4-CBC } // ok
  ARIA-128-CCM : !!! ---------- AEAD ciphers not supported
  AES-192-CCM : !!! ---------- AEAD ciphers not supported
  { 1.3.14.3.2.17, DES-EDE, DES-EDE-ECB } // ok
  { 1.2.410.200046.1.1.11, ARIA-256-ECB } // ok
  AES-128-XTS : !!! ---------- XTS ciphers not supported
  { 2.16.840.1.101.3.4.1.5, AES-128-WRAP, AES128-WRAP, id-aes128-wrap } // ok
  { 2.16.840.1.101.3.4.1.3, AES-128-OFB } // ok
  { 0.3.4401.5.3.1.9.3, CAMELLIA-128-OFB } // ok
  { 0.3.4401.5.3.1.9.1, CAMELLIA-128-ECB } // ok
  { 1.2.840.113549.3.7, DES-EDE3-CBC, DES3 } // ok
  { 0.3.4401.5.3.1.9.44, CAMELLIA-256-CFB } // ok
  { 1.2.410.200046.1.1.10, ARIA-192-CTR } // ok
  { 0.3.4401.5.3.1.9.23, CAMELLIA-192-OFB } // ok
  { 0.3.4401.5.3.1.9.24, CAMELLIA-192-CFB } // ok
  { 1.2.410.200046.1.1.9, ARIA-192-OFB } // ok
  { 1.2.410.200046.1.1.13, ARIA-256-CFB } // 好使
  { 2.16.840.1.101.3.4.1.1, AES-128-ECB } // 好使
  { 1.2.410.200046.1.1.8, ARIA-192-CFB } // 好使
  { 1.2.156.10197.1.104.7, SM4-CTR } // 好使
  { 2.16.840.1.101.3.4.1.43, AES-256-OFB } // 好使
  { 1.2.410.200046.1.1.4, ARIA-128-OFB } // 好使
  { 1.2.392.200011.61.1.1.1.3, CAMELLIA-192-CBC, CAMELLIA192 } // 好使
  { 0.3.4401.5.3.1.9.21, CAMELLIA-192-ECB } // 好使
  { 1.2.410.200046.1.1.5, ARIA-128-CTR } // 好使
  { 2.16.840.1.101.3.4.1.21, AES-192-ECB } // 好使
  NULL : !!! ---------- cipher has no object identifier
  AES-128-CBC-CTS : !!! ---------- cipher has no object identifier
  AES-192-CBC-CTS : !!! ---------- cipher has no object identifier
  AES-256-CBC-CTS : !!! ---------- cipher has no object identifier
  AES-256-CFB1 // 好使
  AES-192-CFB1 // 好使
  AES-128-CFB1 // 好使
  AES-256-CFB8 // 好使
  AES-192-CFB8 // 好使
  AES-128-CFB8 // 可以
  AES-256-CTR : !!! ---------- cipher has no object identifier
  AES-192-CTR : !!! ---------- cipher has no object identifier
  AES-128-CTR : !!! ---------- cipher has no object identifier
  AES-256-OCB : !!! ---------- cipher has no object identifier
  AES-192-OCB : !!! ---------- cipher has no object identifier
  AES-128-OCB : !!! ---------- cipher has no object identifier
  AES-128-SIV : !!! ---------- cipher has no object identifier
  AES-192-SIV : !!! ---------- cipher has no object identifier
  AES-256-SIV : !!! ---------- cipher has no object identifier
  AES-128-GCM-SIV : !!! ---------- cipher has no object identifier
  AES-192-GCM-SIV : !!! ---------- cipher has no object identifier
  AES-256-GCM-SIV : !!! ---------- cipher has no object identifier
  AES-256-WRAP-INV : !!! ---------- cipher has no object identifier
  AES-192-WRAP-INV : !!! ---------- cipher has no object identifier
  AES-128-WRAP-INV : !!! ---------- cipher has no object identifier
  AES-256-WRAP-PAD-INV : !!! ---------- cipher has no object identifier
  AES-192-WRAP-PAD-INV : !!! ---------- cipher has no object identifier
  AES-128-WRAP-PAD-INV : !!! ---------- cipher has no object identifier
  AES-128-CBC-HMAC-SHA1 : !!! ---------- cipher has no object identifier
  AES-256-CBC-HMAC-SHA1 : !!! ---------- cipher has no object identifier
  AES-128-CBC-HMAC-SHA256 : !!! ---------- cipher has no object identifier
  AES-256-CBC-HMAC-SHA256 : !!! ---------- cipher has no object identifier
  ARIA-256-CFB1 : !!! ---------- cipher has no object identifier
  ARIA-192-CFB1 : !!! ---------- cipher has no object identifier
  ARIA-128-CFB1 : !!! ---------- cipher has no object identifier
  ARIA-256-CFB8 : !!! ---------- cipher has no object identifier
  ARIA-192-CFB8 : !!! ---------- cipher has no object identifier
  ARIA-128-CFB8 : !!! ---------- cipher has no object identifier
  CAMELLIA-128-CBC-CTS : !!! ---------- cipher has no object identifier
  CAMELLIA-192-CBC-CTS : !!! ---------- cipher has no object identifier
  CAMELLIA-256-CBC-CTS : !!! ---------- cipher has no object identifier
  CAMELLIA-256-CFB1 : !!! ---------- cipher has no object identifier
  CAMELLIA-192-CFB1 : !!! ---------- cipher has no object identifier
  CAMELLIA-128-CFB1 : !!! ---------- cipher has no object identifier
  CAMELLIA-256-CFB8 : !!! ---------- cipher has no object identifier
  CAMELLIA-192-CFB8 : !!! ---------- cipher has no object identifier
  CAMELLIA-128-CFB8 : !!! ---------- cipher has no object identifier
  DES-EDE3-ECB : !!! ---------- cipher has no object identifier
  DES-EDE3-OFB : !!! ---------- cipher has no object identifier
  DES-EDE3-CFB // 不行
  DES-EDE3-CFB8 // 不行
  DES-EDE3-CFB1 // 不行
  DES-EDE-CBC : !!! ---------- cipher has no object identifier
  DES-EDE-OFB : !!! ---------- cipher has no object identifier
  DES-EDE-CFB : !!! ---------- cipher has no object identifier
  SM4-GCM : !!! ---------- cipher has no object identifier
  SM4-CCM : !!! ---------- cipher has no object identifier
  SM4-XTS : !!! ---------- cipher has no object identifier
  ChaCha20 : !!! ---------- cipher has no object identifier
  ChaCha20-Poly1305 : !!! ---------- cipher has no object identifier
  free map, g_mem_hook_map.size() = 0
  笔记
  测试工程实现
```
/*!
* \file main.cpp
*/
#include "my_openSSL_lib.h"
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include "CMemHookRec.h"
BIO* bio_out = NULL;
BIO* bio_err = NULL;
static const char* select_name = NULL;
void my_openssl_app();
void list_ciphers(const char* prefix);
int cipher_cmp(const EVP_CIPHER* const* a, const EVP_CIPHER* const* b);
void collect_ciphers(EVP_CIPHER* cipher, void* stack);
int main(int argc, char** argv)
{
	setvbuf(stdout, NULL, _IONBF, 0); // 清掉stdout缓存, 防止调用printf时阻塞
	mem_hook();
	my_openssl_app();
	mem_unhook();
	return 0;
}
void my_openssl_app()
{
    bio_out = BIO_new_fp(stdout, 0);
    bio_err = BIO_new_fp(stdout, 0);
    if ((NULL != bio_out) && (NULL != bio_err))
    {
        list_ciphers(" ");
    }
    
    if (NULL != bio_out)
    {
        BIO_free(bio_out);
        bio_out = NULL;
    }
    if (NULL != bio_err)
    {
        BIO_free(bio_err);
        bio_err = NULL;
    }
}
void legacy_cipher_fn(const EVP_CIPHER* c,
    const char* from, const char* to, void* arg)
{
    int mode = 0;
    unsigned long int flags = 0;
    int alg_nid = 0;
    if (select_name != NULL
        && (c == NULL
            || OPENSSL_strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0))
    {
        return;
    }
        
    if (c != NULL) {
        mode = EVP_CIPHER_get_mode(c);
        flags = EVP_CIPHER_get_flags(c);
        alg_nid = EVP_CIPHER_get_type(c);
        if (alg_nid == NID_undef) {
            BIO_printf(bio_out, "  %s :                               !!! ---------- cipher has no object identifier\n", EVP_CIPHER_get0_name(c));
        }
        else if (mode == EVP_CIPH_XTS_MODE) {
            BIO_printf((BIO*)arg, "  %s :                               !!! ---------- XTS ciphers not supported\n", EVP_CIPHER_get0_name(c));
        }
        else if ((flags & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
            BIO_printf((BIO*)arg, "  %s :                               !!! ---------- AEAD ciphers not supported\n", EVP_CIPHER_get0_name(c));
        }
        else {
            BIO_printf((BIO*)arg, "  %s \n", EVP_CIPHER_get0_name(c));
        }
        
    }
}
int name_cmp(const char* const* a, const char* const* b)
{
    return OPENSSL_strcasecmp(*a, *b);
}
void collect_names(const char* name, void* vdata)
{
    STACK_OF(OPENSSL_CSTRING)* names = (STACK_OF(OPENSSL_CSTRING)*)vdata;
    sk_OPENSSL_CSTRING_push(names, name);
}
void print_names(BIO* out, STACK_OF(OPENSSL_CSTRING)* names)
{
    int i = sk_OPENSSL_CSTRING_num(names);
    int j;
    sk_OPENSSL_CSTRING_sort(names);
    if (i > 1)
        BIO_printf(out, "{ ");
    for (j = 0; j  0)
            BIO_printf(out, ", ");
        BIO_printf(out, "%s", name);
    }
    if (i > 1)
        BIO_printf(out, " }");
}
DEFINE_STACK_OF(EVP_CIPHER)
void list_ciphers(const char* prefix)
{
    STACK_OF(EVP_CIPHER)* ciphers = sk_EVP_CIPHER_new(cipher_cmp);
    int i;
    int mode = 0;
    int flags = 0;
    int alg_nid = 0;
    if (ciphers == NULL) {
        BIO_printf(bio_err, "ERROR: Memory allocation\n");
        return;
    }
    if (true) {
        BIO_printf(bio_out, "%sLegacy:\n", prefix);
        EVP_CIPHER_do_all_sorted(legacy_cipher_fn, bio_out);
    }
    BIO_printf(bio_out, "%sProvided:\n", prefix);
    EVP_CIPHER_do_all_provided(NULL, collect_ciphers, ciphers);
    sk_EVP_CIPHER_sort(ciphers);
    for (i = 0; i  0)
        EVP_CIPHER_up_ref(cipher);
}
```
  备注
  我们自己写的工程, 只能调用openssl对外提供的接口, 没办法用openssl内部接口(包括内部函数, 内部头文件, 内部结构定义)
  像这个列出openssl全部加密算法的实现, 用的是openssl接口上的回调函数入参. 传入我们自己的回调函数指针, 在回调函数中判断算法功能是否在命令行参数中可用于口令加密.
  现在知道了支持口令加密的加密算法名称, 试几个不常见的口令加密算法, 看看是否好使?
  openssl pkey -in app_key.pem -passin pass:my_pwd_for_app_key -out app_key.der -outform DER
  app_key.pem是带口令保护的, 执行上面的命令, 转为一个不带口令的.der
  现在用这个不带口令的.der, 转成带口令的.der, 加密算法用上面测试工程找到的有效算法名称, 试试好使不?
  openssl pkey -in app_key.der -out app_key_pwd1.pem -outform DER -passout pass:111111 -ChaCha20
  Error: Cipher options are supported only for PEM output
  看到口令加密算法只支持.PEM格式…
  那算了, 就实验.der/.pem转成.pem的场景.
  openssl pkey -in app_key.der -out app_key_no_pwd.pem -outform PEM
  先将上面实验的.der转成不带口令保护的.pem
  openssl pkey -in app_key_no_pwd.pem -out app_key_pwd1.pem -outform PEM -passout pass:111111 -ChaCha20
  cipher has no object identifier
  说明还有限制条件, 选用的算法必须有obj_id, 那将这个条件也加入算法选择逻辑里面.
  程序修改完了, 上面的工程副本已经更新. 现在能看到, 算法ChaCha20在列表中已经标记为了不支持.
  再试试其他支持的不常见加密算法.
  openssl pkey -in app_key_no_pwd.pem -out app_key_pwd1.pem -outform PEM -passout pass:111111 -DES-EDE3-CFB1
  BC570600:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto\evp\evp_fetch.c:342:Global default library context, Algorithm (DES-CFB : 6), Properties ()
  可以看到, 也不是每种算法都支持.
  跟了一下openssl源码, 都是宏写的, 调用的都是内部函数, 不好弄清为啥不行.
  那就试试找到的其他算法, 看行不行.
  下面列出的都是好使的算法, 没有都列出, 在上面的算法列表中写上了是否好使.
  openssl pkey -in app_key_no_pwd.pem -out app_key_pwd1.pem -outform PEM -passout pass:111111 -AES-128-CFB8
  过滤掉的算法中, 不好通过程序来判断了, 只能一个一个实验.
  整理 - 总共有126种加密算法可用于命令行参数的密码加密算法
  // 总共有126种加密算法可用于命令行参数的密码加密算法
  Legacy:
  AES-128-CBC // ok
  AES-128-CFB // ok
  AES-128-CFB1 // ok
  AES-128-CFB8 // ok
  AES-128-ECB // ok
  AES-128-OFB // ok
  AES-192-CBC // ok
  AES-192-CFB // ok
  AES-192-CFB1 // ok
  AES-192-CFB8 // ok
  AES-192-ECB // ok
  AES-192-OFB // ok
  AES-256-CBC // ok
  AES-256-CFB // ok
  AES-256-CFB1 // ok
  AES-256-CFB8 // ok
  AES-256-ECB // ok
  AES-256-OFB // ok
  ARIA-128-CBC // ok
  ARIA-128-CFB // ok
  ARIA-128-CTR // ok
  ARIA-128-ECB // ok
  ARIA-128-OFB // ok
  ARIA-192-CBC // ok
  ARIA-192-CFB // ok
  ARIA-192-CTR // ok
  ARIA-192-ECB // ok
  ARIA-192-OFB // ok
  ARIA-256-CBC // ok
  ARIA-256-CFB // ok
  ARIA-256-CTR // ok
  ARIA-256-ECB // ok
  ARIA-256-OFB // ok
  CAMELLIA-128-CBC // ok
  CAMELLIA-128-CFB // ok
  CAMELLIA-128-CTR // ok
  CAMELLIA-128-ECB // ok
  CAMELLIA-128-OFB // ok
  CAMELLIA-192-CBC // ok
  CAMELLIA-192-CFB // ok
  CAMELLIA-192-CTR // ok
  CAMELLIA-192-ECB // ok
  CAMELLIA-192-OFB // ok
  CAMELLIA-256-CBC // ok
  CAMELLIA-256-CFB // ok
  CAMELLIA-256-CTR // ok
  CAMELLIA-256-ECB // ok
  CAMELLIA-256-OFB // ok
  DES-EDE // ok
  DES-EDE3-CBC // ok
  DES-EDE3-CFB // err
  DES-EDE3-CFB1 // err
  DES-EDE3-CFB8 // err
  id-aes128-wrap // ok
  id-aes128-wrap-pad // ok
  id-aes192-wrap // ok
  id-aes192-wrap-pad // ok
  id-aes256-wrap // ok
  id-aes256-wrap-pad // ok
  SM4-CBC // ok
  SM4-CFB // ok
  SM4-CTR // ok
  SM4-ECB // ok
  SM4-OFB // ok
  Provided:
  { 1.2.410.200046.1.1.12, ARIA-256-CBC, ARIA256 } // ok
  { 2.16.840.1.101.3.4.1.22, AES-192-CBC, AES192 } // ok
  { 2.16.840.1.101.3.4.1.4, AES-128-CFB } // ok
  { 1.2.410.200046.1.1.1, ARIA-128-ECB } // ok
  { 2.16.840.1.101.3.4.1.2, AES-128-CBC, AES128 } // ok
  { 2.16.840.1.101.3.4.1.24, AES-192-CFB } // ok
  { 1.2.392.200011.61.1.1.1.2, CAMELLIA-128-CBC, CAMELLIA128 } // ok
  { 1.2.392.200011.61.1.1.1.4, CAMELLIA-256-CBC, CAMELLIA256 } // ok
  { 2.16.840.1.101.3.4.1.42, AES-256-CBC, AES256 } // ok
  { 2.16.840.1.101.3.4.1.28, AES-192-WRAP-PAD, AES192-WRAP-PAD, id-aes192-wrap-pad } // ok
  { 2.16.840.1.101.3.4.1.8, AES-128-WRAP-PAD, AES128-WRAP-PAD, id-aes128-wrap-pad } // ok
  { 1.2.840.113549.1.9.16.3.6, DES3-WRAP, id-smime-alg-CMS3DESwrap } // err
  { 2.16.840.1.101.3.4.1.48, AES-256-WRAP-PAD, AES256-WRAP-PAD, id-aes256-wrap-pad } // ok
  { 1.2.156.10197.1.104.3, SM4-OFB, SM4-OFB128 } // ok
  { 2.16.840.1.101.3.4.1.25, AES-192-WRAP, AES192-WRAP, id-aes192-wrap } // ok
  { 2.16.840.1.101.3.4.1.41, AES-256-ECB } // ok
  { 0.3.4401.5.3.1.9.49, CAMELLIA-256-CTR } // ok
  { 1.2.410.200046.1.1.2, ARIA-128-CBC, ARIA128 } // ok
  { 0.3.4401.5.3.1.9.41, CAMELLIA-256-ECB } // ok
  { 2.16.840.1.101.3.4.1.44, AES-256-CFB } // ok
  { 1.2.156.10197.1.104.4, SM4-CFB, SM4-CFB128 } // ok
  { 0.3.4401.5.3.1.9.4, CAMELLIA-128-CFB } // ok
  { 1.2.410.200046.1.1.14, ARIA-256-OFB } // ok
  { 0.3.4401.5.3.1.9.9, CAMELLIA-128-CTR } // ok
  { 2.16.840.1.101.3.4.1.23, AES-192-OFB } // ok
  { 1.2.156.10197.1.104.1, SM4-ECB } // ok
  { 1.2.410.200046.1.1.7, ARIA-192-CBC, ARIA192 } // ok
  { 2.16.840.1.101.3.4.1.45, AES-256-WRAP, AES256-WRAP, id-aes256-wrap } // ok
  { 1.2.410.200046.1.1.15, ARIA-256-CTR } // ok
  { 1.2.410.200046.1.1.3, ARIA-128-CFB } // ok
  { 1.2.410.200046.1.1.6, ARIA-192-ECB } // ok
  { 0.3.4401.5.3.1.9.29, CAMELLIA-192-CTR } // ok
  { 0.3.4401.5.3.1.9.43, CAMELLIA-256-OFB } // ok
  { 1.2.156.10197.1.104.2, SM4, SM4-CBC } // ok
  { 1.3.14.3.2.17, DES-EDE, DES-EDE-ECB } // ok
  { 1.2.410.200046.1.1.11, ARIA-256-ECB } // ok
  { 2.16.840.1.101.3.4.1.5, AES-128-WRAP, AES128-WRAP, id-aes128-wrap } // ok
  { 2.16.840.1.101.3.4.1.3, AES-128-OFB } // ok
  { 0.3.4401.5.3.1.9.3, CAMELLIA-128-OFB } // ok
  { 0.3.4401.5.3.1.9.1, CAMELLIA-128-ECB } // ok
  { 1.2.840.113549.3.7, DES-EDE3-CBC, DES3 } // ok
  { 0.3.4401.5.3.1.9.44, CAMELLIA-256-CFB } // ok
  { 1.2.410.200046.1.1.10, ARIA-192-CTR } // ok
  { 0.3.4401.5.3.1.9.23, CAMELLIA-192-OFB } // ok
  { 0.3.4401.5.3.1.9.24, CAMELLIA-192-CFB } // ok
  { 1.2.410.200046.1.1.9, ARIA-192-OFB } // ok
  { 1.2.410.200046.1.1.13, ARIA-256-CFB } // 好使
  { 2.16.840.1.101.3.4.1.1, AES-128-ECB } // 好使
  { 1.2.410.200046.1.1.8, ARIA-192-CFB } // 好使
  { 1.2.156.10197.1.104.7, SM4-CTR } // 好使
  { 2.16.840.1.101.3.4.1.43, AES-256-OFB } // 好使
  { 1.2.410.200046.1.1.4, ARIA-128-OFB } // 好使
  { 1.2.392.200011.61.1.1.1.3, CAMELLIA-192-CBC, CAMELLIA192 } // 好使
  { 0.3.4401.5.3.1.9.21, CAMELLIA-192-ECB } // 好使
  { 1.2.410.200046.1.1.5, ARIA-128-CTR } // 好使
  { 2.16.840.1.101.3.4.1.21, AES-192-ECB } // 好使
  AES-256-CFB1 // 好使
  AES-192-CFB1 // 好使
  AES-128-CFB1 // 好使
  AES-256-CFB8 // 好使
  AES-192-CFB8 // 好使
  AES-128-CFB8 // 可以
  备注
  如果想要转换后的.der/.pem受口令密码和加密算法保护, 必须是.pem格式.
  如果怕逆向的用户看到程序中的.pem内容的数组, 可以将.pem放到参数文件中.
  文件的组织可以用多个buffer合成一个buffer的方法(C++ - 多个buffer合并成一个buffer的管理类).
  对一个大buffer加密(非对称/对称), 只有正版用户才能载入, 间接保护了程序被逆向.
  END

相关阅读：

1、替换FeedBurner邮件为Follow.it，FeedBurner邮件替换为Follow.it，全新邮件订阅体验

2、Windows 10下注册32位OCX控件的方法，Windows 10下如何注册32位OCX控件指南，Windows 10注册32位OCX控件指南，操作方法与步骤解析，Windows 10注册32位OCX控件的详细指南与操作解析，Windows 10注册32位OCX控件详解，方法与步骤指南

3、小储云商城V1.78破解版，小储云商城V1.78破解版揭秘与评测，小储云商城V1.78破解版深度解析与评测揭秘，小储云商城V1.78破解版深度解析、揭秘与评测报告

4、wordpress阿里百xiu主题破解版，WordPress阿里百秀主题破解版，涉及违法犯罪的警示，WordPress阿里百秀主题破解版警示，涉及违法犯罪风险，谨慎使用

5、如何 BestTrace 在 Linux VPS 上查看回程路由？，Linux VPS上如何使用BestTrace查看回程路由指南，Linux VPS上BestTrace查看回程路由指南，Linux VPS上BestTrace查看回程路由指南，操作方法与步骤解析，Linux VPS上BestTrace查看回程路由的指南与操作解析，Linux VPS上BestTrace查看回程路由指南与操作解析

赞0

☆收藏0

文章版权声明：除非注明，否则均为VPS857原创文章，转载或复制请以超链接形式并注明出处。

【LangChain学习之旅】—（19）BabyAGI，根据气候变化自动制定鲜花存储策略，LangChain学习之旅，BabyAGI智能应对气候变化——自动制定鲜花存储策略，LangChain学习之旅，BabyAGI智能应对气候变化，自动制定鲜花存储策略新策略探索

【计算机网络】HTTPS 协议原理，计算机网络，HTTPS协议原理详解

相关阅读

【研发日记】Matlab/Simulink自动生成代码(二)——五种选择结构实现方法，Matlab/Simulink自动生成代码的五种选择结构实现方法（二），Matlab/Simulink自动生成代码的五种选择结构实现方法详解（二）

超级好用的C++实用库之跨平台实用方法，跨平台实用方法的C++实用库超好用指南，C++跨平台实用库使用指南，超好用实用方法集合，C++跨平台实用库超好用指南，方法与技巧集合

【动态规划】斐波那契数列模型（C++），斐波那契数列模型（C++实现与动态规划解析），斐波那契数列模型解析与C++实现（动态规划）

【C++】，string类底层的模拟实现，C++中string类的模拟底层实现探究

uniapp 小程序实现微信授权登录（前端和后端），Uniapp小程序实现微信授权登录全流程（前端后端全攻略），Uniapp小程序微信授权登录全流程攻略，前端后端全指南

Vue脚手架的安装（保姆级教程），Vue脚手架保姆级安装教程，Vue脚手架保姆级安装指南，Vue脚手架保姆级安装指南，从零开始教你如何安装Vue脚手架

如何在树莓派 Raspberry Pi中本地部署一个web站点并实现无公网IP远程访问，树莓派上本地部署Web站点及无公网IP远程访问指南，树莓派部署Web站点及无公网IP远程访问指南，本地部署与远程访问实践，树莓派部署Web站点及无公网IP远程访问实践指南，树莓派部署Web站点及无公网IP远程访问实践指南，本地部署与远程访问详解，树莓派部署Web站点及无公网IP远程访问实践详解，本地部署与远程访问指南，树莓派部署Web站点及无公网IP远程访问实践详解，本地部署与远程访问指南。

vue2技术栈实现AI问答机器人功能（流式与非流式两种接口方法），Vue2技术栈实现AI问答机器人功能，流式与非流式接口方法探究，Vue2技术栈实现AI问答机器人功能，流式与非流式接口方法详解

发表评论取消回复

评论列表（暂无评论，0人围观）

还没有评论，来说两句吧...

目录[+]

微信二维码

微信二维码

支付宝二维码