Python AES 点击率提高到 PHP
Python AES CTR to PHP
我尝试在 php
中进行此 AES CTR 加密(在 python 中工作正常)
工作python
from Crypto.Cipher import AES
import Crypto.Util.Counter
from Crypto.Util import Counter
key = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]
encryptkey = bytes(key)
ctr = Counter.new(128)
crypto = AES.new(encryptkey, AES.MODE_CTR, counter=ctr)
text = "E5ZA,K2JV,PA01,J1W3,386S,AGVZ,9O9T,F640,FR20,40LX,D443,1913,031V"
bytetext = bytes(text,'utf-8')
encryptedtext = crypto.encrypt(bytetext)
encryptedtext = encryptedtext.hex()
print(encryptedtext)
我的php试试
<?php
function strToHex($string){
$hex='';
for ($i=0; $i < strlen($string); $i++){
$hex .= dechex(ord($string[$i]));
}
return $hex;
}
$bytes = array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31);
$lkey= implode(array_map("chr", $bytes));
$method = "AES-256-CTR";
$password = $lkey;
$data = array("E5ZA", "K2JV", "PA01", "J1W3", "386S", "AGVZ", "9O9T", "F640", "FR20", "40LX", "D443", "1913", "031V");
$string= implode(array_map("chr", $data));
$valid = openssl_encrypt ($string, $method, $password);
echo strToHex($valid)
?>
我得到的错误和错误的结果
Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in /test.php on line 16
387041417471684a6c74437032356f5477673d3d
我期望的响应:
b5682cef66f2adaff0dacb7078f31a773feb86f28614b5ee24e9ee634200a8d6eb177a151eb55003c6cc81b3e9cb6d1a1673a2881ec194370af242d9f1fd5818
在此先感谢您的帮助
在 openssl_encrypt 中,您需要一个 IV 来确保加密的文本是唯一的。
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$generatediv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
之后
$valid = openssl_encrypt ($string, $method, $password, 0, $generatediv);
希望有用
两种代码给出不同的结果,原因如下:
- 在Python代码中,计数器的大小为16字节。计数器的初始值为 1(默认)。正如另一个答案
中已经提到的,PHP 代码缺少 IV。要在两种代码中获得相同的结果,必须在每种情况下使用 same IV。
- 在 Python 代码中,数据以逗号分隔。因此,在 PHP 代码中连接时必须使用逗号作为分隔符。
- 在PHP代码中,返回的数据(关于后面的16进制编码)不得以Base64编码返回,而是作为原始数据返回,即必须设置flag
OPENSSL_RAW_DATA。
- 当转换为十六进制字符串时,每个值必须以两位数字输出,即如果需要,带前导
0。
以下 PHP 代码包含必要的更改,因此给出与 Python 代码相同的结果:
function strToHex($string){
$hex='';
for ($i=0; $i < strlen($string); $i++){
$hex .= sprintf("%02s",dechex(ord($string[$i]))); // 4. formatting
}
return $hex;
}
$bytes = array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31);
$lkey= implode(array_map("chr", $bytes));
$method = "AES-256-CTR";
$password = $lkey;
$data = array("E5ZA", "K2JV", "PA01", "J1W3", "386S", "AGVZ", "9O9T", "F640", "FR20", "40LX", "D443", "1913", "031V");
$string= implode(",", $data); // 2. delimiter
$iv = hex2bin("00000000000000000000000000000001"); // 1. right IV
$valid = openssl_encrypt ($string, $method, $password, OPENSSL_RAW_DATA, $iv); // 3. raw data
echo "Result: " . strToHex($valid) . "\n";
echo "Result from Python: " . "b5682cef66f2adaff0dacb7078f31a773feb86f28614b5ee24e9ee634200a8d6eb177a151eb55003c6cc81b3e9cb6d1a1673a2881ec194370af242d9f1fd5818" . "\n";
顺便说一下,可以使用内置函数 bin2hex 而不是 strToHex。
注意:对于 CTR,在同一密钥下重复使用 IV 会破坏安全性 [2]. Thus, with the current implementation, a new key must be used for each encryption (since a fix IV is used). Another approach is to split the IV into a nonce and a counter, with the nonce being generated randomly for each encryption [3][4]。
我尝试在 php
中进行此 AES CTR 加密(在 python 中工作正常)工作python
from Crypto.Cipher import AES
import Crypto.Util.Counter
from Crypto.Util import Counter
key = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]
encryptkey = bytes(key)
ctr = Counter.new(128)
crypto = AES.new(encryptkey, AES.MODE_CTR, counter=ctr)
text = "E5ZA,K2JV,PA01,J1W3,386S,AGVZ,9O9T,F640,FR20,40LX,D443,1913,031V"
bytetext = bytes(text,'utf-8')
encryptedtext = crypto.encrypt(bytetext)
encryptedtext = encryptedtext.hex()
print(encryptedtext)
我的php试试
<?php
function strToHex($string){
$hex='';
for ($i=0; $i < strlen($string); $i++){
$hex .= dechex(ord($string[$i]));
}
return $hex;
}
$bytes = array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31);
$lkey= implode(array_map("chr", $bytes));
$method = "AES-256-CTR";
$password = $lkey;
$data = array("E5ZA", "K2JV", "PA01", "J1W3", "386S", "AGVZ", "9O9T", "F640", "FR20", "40LX", "D443", "1913", "031V");
$string= implode(array_map("chr", $data));
$valid = openssl_encrypt ($string, $method, $password);
echo strToHex($valid)
?>
我得到的错误和错误的结果
Warning: openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended in /test.php on line 16
387041417471684a6c74437032356f5477673d3d
我期望的响应:
b5682cef66f2adaff0dacb7078f31a773feb86f28614b5ee24e9ee634200a8d6eb177a151eb55003c6cc81b3e9cb6d1a1673a2881ec194370af242d9f1fd5818
在此先感谢您的帮助
在 openssl_encrypt 中,您需要一个 IV 来确保加密的文本是唯一的。
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$generatediv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
之后
$valid = openssl_encrypt ($string, $method, $password, 0, $generatediv);
希望有用
两种代码给出不同的结果,原因如下:
- 在Python代码中,计数器的大小为16字节。计数器的初始值为 1(默认)。正如另一个答案
- 在 Python 代码中,数据以逗号分隔。因此,在 PHP 代码中连接时必须使用逗号作为分隔符。
- 在PHP代码中,返回的数据(关于后面的16进制编码)不得以Base64编码返回,而是作为原始数据返回,即必须设置flag
OPENSSL_RAW_DATA。 - 当转换为十六进制字符串时,每个值必须以两位数字输出,即如果需要,带前导
0。
以下 PHP 代码包含必要的更改,因此给出与 Python 代码相同的结果:
function strToHex($string){
$hex='';
for ($i=0; $i < strlen($string); $i++){
$hex .= sprintf("%02s",dechex(ord($string[$i]))); // 4. formatting
}
return $hex;
}
$bytes = array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31);
$lkey= implode(array_map("chr", $bytes));
$method = "AES-256-CTR";
$password = $lkey;
$data = array("E5ZA", "K2JV", "PA01", "J1W3", "386S", "AGVZ", "9O9T", "F640", "FR20", "40LX", "D443", "1913", "031V");
$string= implode(",", $data); // 2. delimiter
$iv = hex2bin("00000000000000000000000000000001"); // 1. right IV
$valid = openssl_encrypt ($string, $method, $password, OPENSSL_RAW_DATA, $iv); // 3. raw data
echo "Result: " . strToHex($valid) . "\n";
echo "Result from Python: " . "b5682cef66f2adaff0dacb7078f31a773feb86f28614b5ee24e9ee634200a8d6eb177a151eb55003c6cc81b3e9cb6d1a1673a2881ec194370af242d9f1fd5818" . "\n";
顺便说一下,可以使用内置函数 bin2hex 而不是 strToHex。
注意:对于 CTR,在同一密钥下重复使用 IV 会破坏安全性 [2]. Thus, with the current implementation, a new key must be used for each encryption (since a fix IV is used). Another approach is to split the IV into a nonce and a counter, with the nonce being generated randomly for each encryption [3][4]。