PHP 中的 256 位 AES 解密
256-bit AES decryption in PHP
我在 Java 中有一个如何使用密钥解密(256 位 AES)字符串的工作示例。我需要在 PHP 中复制解密算法并且几乎可以正常工作。
这是Java中的解密消息:
CSM(MCL/KEX RCV/10001031 ORG/Comdata KYN/dsNAX6hFtKvfceT KEY/C062E276949D83554D7B5198C52C4C55ED1C65370FA71F8220538A0C3BA23172)
然而当我调用 PHP 方法时它给出
10001031 ORG/Comdata KYN/dsNAX6hFtKvfceT KEY/C062E276949D83554D7B5198C52C4C55ED1C65370FA71F8220538A0C3BA23172)
如您所见,它相距不远,但 PHP 方法不会返回前 17 个字符(即 "CSM(MCL/KEX RCV/" 位)。
我是不是漏掉了一些琐碎的东西?
这是PHP class:
class OpensslAES
{
const METHOD = 'aes-256-cbc';
public static function encrypt($message, $key)
{
if (mb_strlen($key, '8bit') !== 32) {
throw new Exception("Needs a 256-bit key!");
}
$ivsize = openssl_cipher_iv_length(self::METHOD);
$iv = openssl_random_pseudo_bytes($ivsize);
$ciphertext = openssl_encrypt(
$message,
self::METHOD,
$key,
OPENSSL_RAW_DATA,
$iv
);
return $iv.$ciphertext;
}
public static function decrypt($message, $key)
{
if (mb_strlen($key, '8bit') !== 32) {
throw new Exception("Needs a 256-bit key!");
}
$ivsize = openssl_cipher_iv_length(self::METHOD);
$iv = mb_substr($message, 0, $ivsize, '8bit');
$ciphertext = mb_substr($message, $ivsize, null, '8bit');
return openssl_decrypt(
$ciphertext,
self::METHOD,
$key,
OPENSSL_RAW_DATA,
$iv
);
}
}
$class = new OpensslAES();
var_dump($class->decrypt(base64_decode("cBVlMjBttr7DKW8fhHtqJOLyMBNrgxpIJsgFFPjkA/4MWxMIudOnYzS4WuxIhUjtgGgk4CzrkJ1G60R4OWBljNTMA9ATPKh9PXe7wXAwJfE9zc698bQv4lDkXRME+q4xCb3bK/UGQ/BPVIkmRYdHcBvIHXNzGd36Nn40giigY/g="), hex2bin("SECRET_KEY_GOES_HERE")));
这是Java class:
package javaapplication1;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import org.apache.commons.codec.binary.Hex;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
public class JavaApplication1 {
public static void main(String[] args) {
byte[] ENCRYPTION_KEY = JavaApplication1.toByteArray("SECRET_KEY_GOES_HERE");
String INPUT = new String("cBVlMjBttr7DKW8fhHtqJOLyMBNrgxpIJsgFFPjkA/4MWxMIudOnYzS4WuxIhUjtgGgk4CzrkJ1G60R4OWBljNTMA9ATPKh9PXe7wXAwJfE9zc698bQv4lDkXRME+q4xCb3bK/UGQ/BPVIkmRYdHcBvIHXNzGd36Nn40giigY/g=");
try {
System.out.println(JavaApplication1.decryptStringAES(INPUT, ENCRYPTION_KEY));
} catch (Exception exception) {
System.out.println("Error occured: " + exception);
}
}
public static byte[] toByteArray(String s) {
return DatatypeConverter.parseHexBinary(s);
}
public static String decryptStringAES(String input, byte[] key) throws Exception {
byte[] IV = JavaApplication1.toByteArray("00000000000000000000000000000000");
byte[] inputBytes = Base64.decodeBase64(input.getBytes());
Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
decryptCipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"), new
IvParameterSpec(IV));
byte[] decrypt = decryptCipher.doFinal(inputBytes);
return new String(decrypt);
}
}
您的 Java 实现期望 IV 始终为零,而您的 PHP 实现期望将 IV 添加到消息之前。
如果您希望 PHP 实现与 Java 代码兼容,那么您可以这样更改它:
class OpensslAES
{
const METHOD = 'aes-256-cbc';
public static function encrypt($message, $key)
{
if (mb_strlen($key, '8bit') !== 32) {
throw new Exception("Needs a 256-bit key!");
}
$ivsize = openssl_cipher_iv_length(self::METHOD);
$iv = hex2bin('00000000000000000000000000000000');
return openssl_encrypt(
$message,
self::METHOD,
$key,
OPENSSL_RAW_DATA,
$iv
);
}
public static function decrypt($message, $key)
{
if (mb_strlen($key, '8bit') !== 32) {
throw new Exception("Needs a 256-bit key!");
}
$ivsize = openssl_cipher_iv_length(self::METHOD);
$iv = hex2bin('00000000000000000000000000000000');
return openssl_decrypt(
$message,
self::METHOD,
$key,
OPENSSL_RAW_DATA,
$iv
);
}
}
$class = new OpensslAES();
var_dump($class->decrypt(base64_decode("cBVlMjBttr7DKW8fhHtqJOLyMBNrgxpIJsgFFPjkA/4MWxMIudOnYzS4WuxIhUjtgGgk4CzrkJ1G60R4OWBljNTMA9ATPKh9PXe7wXAwJfE9zc698bQv4lDkXRME+q4xCb3bK/UGQ/BPVIkmRYdHcBvIHXNzGd36Nn40giigY/g="), hex2bin("SECRET_KEY_GOES_HERE")));
我在 Java 中有一个如何使用密钥解密(256 位 AES)字符串的工作示例。我需要在 PHP 中复制解密算法并且几乎可以正常工作。
这是Java中的解密消息:
CSM(MCL/KEX RCV/10001031 ORG/Comdata KYN/dsNAX6hFtKvfceT KEY/C062E276949D83554D7B5198C52C4C55ED1C65370FA71F8220538A0C3BA23172)
然而当我调用 PHP 方法时它给出
10001031 ORG/Comdata KYN/dsNAX6hFtKvfceT KEY/C062E276949D83554D7B5198C52C4C55ED1C65370FA71F8220538A0C3BA23172)
如您所见,它相距不远,但 PHP 方法不会返回前 17 个字符(即 "CSM(MCL/KEX RCV/" 位)。
我是不是漏掉了一些琐碎的东西?
这是PHP class:
class OpensslAES
{
const METHOD = 'aes-256-cbc';
public static function encrypt($message, $key)
{
if (mb_strlen($key, '8bit') !== 32) {
throw new Exception("Needs a 256-bit key!");
}
$ivsize = openssl_cipher_iv_length(self::METHOD);
$iv = openssl_random_pseudo_bytes($ivsize);
$ciphertext = openssl_encrypt(
$message,
self::METHOD,
$key,
OPENSSL_RAW_DATA,
$iv
);
return $iv.$ciphertext;
}
public static function decrypt($message, $key)
{
if (mb_strlen($key, '8bit') !== 32) {
throw new Exception("Needs a 256-bit key!");
}
$ivsize = openssl_cipher_iv_length(self::METHOD);
$iv = mb_substr($message, 0, $ivsize, '8bit');
$ciphertext = mb_substr($message, $ivsize, null, '8bit');
return openssl_decrypt(
$ciphertext,
self::METHOD,
$key,
OPENSSL_RAW_DATA,
$iv
);
}
}
$class = new OpensslAES();
var_dump($class->decrypt(base64_decode("cBVlMjBttr7DKW8fhHtqJOLyMBNrgxpIJsgFFPjkA/4MWxMIudOnYzS4WuxIhUjtgGgk4CzrkJ1G60R4OWBljNTMA9ATPKh9PXe7wXAwJfE9zc698bQv4lDkXRME+q4xCb3bK/UGQ/BPVIkmRYdHcBvIHXNzGd36Nn40giigY/g="), hex2bin("SECRET_KEY_GOES_HERE")));
这是Java class:
package javaapplication1;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import org.apache.commons.codec.binary.Hex;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
public class JavaApplication1 {
public static void main(String[] args) {
byte[] ENCRYPTION_KEY = JavaApplication1.toByteArray("SECRET_KEY_GOES_HERE");
String INPUT = new String("cBVlMjBttr7DKW8fhHtqJOLyMBNrgxpIJsgFFPjkA/4MWxMIudOnYzS4WuxIhUjtgGgk4CzrkJ1G60R4OWBljNTMA9ATPKh9PXe7wXAwJfE9zc698bQv4lDkXRME+q4xCb3bK/UGQ/BPVIkmRYdHcBvIHXNzGd36Nn40giigY/g=");
try {
System.out.println(JavaApplication1.decryptStringAES(INPUT, ENCRYPTION_KEY));
} catch (Exception exception) {
System.out.println("Error occured: " + exception);
}
}
public static byte[] toByteArray(String s) {
return DatatypeConverter.parseHexBinary(s);
}
public static String decryptStringAES(String input, byte[] key) throws Exception {
byte[] IV = JavaApplication1.toByteArray("00000000000000000000000000000000");
byte[] inputBytes = Base64.decodeBase64(input.getBytes());
Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
decryptCipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"), new
IvParameterSpec(IV));
byte[] decrypt = decryptCipher.doFinal(inputBytes);
return new String(decrypt);
}
}
您的 Java 实现期望 IV 始终为零,而您的 PHP 实现期望将 IV 添加到消息之前。
如果您希望 PHP 实现与 Java 代码兼容,那么您可以这样更改它:
class OpensslAES
{
const METHOD = 'aes-256-cbc';
public static function encrypt($message, $key)
{
if (mb_strlen($key, '8bit') !== 32) {
throw new Exception("Needs a 256-bit key!");
}
$ivsize = openssl_cipher_iv_length(self::METHOD);
$iv = hex2bin('00000000000000000000000000000000');
return openssl_encrypt(
$message,
self::METHOD,
$key,
OPENSSL_RAW_DATA,
$iv
);
}
public static function decrypt($message, $key)
{
if (mb_strlen($key, '8bit') !== 32) {
throw new Exception("Needs a 256-bit key!");
}
$ivsize = openssl_cipher_iv_length(self::METHOD);
$iv = hex2bin('00000000000000000000000000000000');
return openssl_decrypt(
$message,
self::METHOD,
$key,
OPENSSL_RAW_DATA,
$iv
);
}
}
$class = new OpensslAES();
var_dump($class->decrypt(base64_decode("cBVlMjBttr7DKW8fhHtqJOLyMBNrgxpIJsgFFPjkA/4MWxMIudOnYzS4WuxIhUjtgGgk4CzrkJ1G60R4OWBljNTMA9ATPKh9PXe7wXAwJfE9zc698bQv4lDkXRME+q4xCb3bK/UGQ/BPVIkmRYdHcBvIHXNzGd36Nn40giigY/g="), hex2bin("SECRET_KEY_GOES_HERE")));