[英]How to decrypt in Java an encrypted response from PHP?
Goal: I intend to encrypt a JSON response in PHP, and once the android app receives that response, it decrypts it. 目标:我打算用PHP加密JSON响应,并且一旦android应用接收到该响应,它将对其解密。
I was able to find the Encryption and Decryption functions in PHP: 我能够在PHP中找到Encryption和Decryption函数:
<?php
function simple_encrypt($text)
{
$salt = "anything";
return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
}
function simple_decrypt($text)
{
$salt = "anything";
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $salt, base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
}
?>
(I do not actually need the simple_decrypt
function, I'm just testing it. What I need actually is simply the encryption on server side, and decryption on client side ( my android app) ) (我实际上并不需要
simple_decrypt
函数,我只是对其进行测试。实际上,我需要的只是服务器端的加密和客户端的解密(我的android应用))
So I need a function similar to the simple_decrypt but written in Java so I can decrypt my response. 因此,我需要一个类似于simple_decrypt的函数,但是它是用Java编写的,因此我可以解密响应。
I have no idea how to do it as I'm very new to Encryption/Decryption. 我不知道该怎么做,因为我是加密/解密的新手。 I hope some experts here can guide me to the appropriate solution.
我希望这里的一些专家可以指导我找到合适的解决方案。
Here is some PHP/Java code I found - this is an improvement on your PHP code because it uses Cipher Feedback Mode (CFB), which is more secure than ECB (Electronic Codebook). 这是我发现的一些PHP / Java代码 -这是对您的PHP代码的改进,因为它使用了密码反馈模式(CFB),它比ECB(电子密码本)更安全。 To use 256-bit AES in Java you'll need to install the Java Cryptography Extension, available on the bottom of this page .
要在Java中使用256位AES,您需要安装Java密码术扩展(位于此页面底部)。 Note that both the PHP and Java code will need to use the same initialization vector - this should be unique to each ciphertext, but can be transmitted in plaintext.
请注意,PHP和Java代码都将需要使用相同的初始化向量-这对于每个密文都应该是唯一的,但是可以以明文形式传输。
If you're using SSL then this isn't necessary - you only need to do this if the data is going from PHP to a database / file / some other persistent storage and then to Java. 如果您使用的是SSL,则没有必要-仅当数据从PHP到数据库/文件/其他持久性存储,再到Java时,才需要这样做。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.