[英]Porting AES decryption from CryptoJS to Php
I am trying to convert a AES decryption function from JavaScript into PHP script.我正在尝试将 AES 解密函数从 JavaScript 转换为 PHP 脚本。 Ignoring the indentation for easy to read.忽略缩进以方便阅读。
var enc = 'EK/tvL3RsjOY1j82ILXv7W10bEU83JeaiBhlLmcZIrk=';
var key = 'FSHcT+sfRO/siok2ooweuA==' ;
var y = CryptoJS.AES.decrypt({ciphertext: CryptoJS.enc.Base64.parse(enc)},
CryptoJS.enc.Base64.parse(key),
{iv: CryptoJS.enc.Hex.parse("2323232323232323")});
var dec = y.toString(CryptoJS.enc.Utf8);
In the PHP I have tried在我尝试过的 PHP 中
$iv = mcrypt_create_iv(16, '2323232323232323');
$enc = 'EK/tvL3RsjOY1j82ILXv7W10bEU83JeaiBhlLmcZIrk=';
$key = 'FSHcT+sfRO/siok2ooweuA==' ;
$dec = rtrim((mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $enc, MCRYPT_MODE_CBC, $iv)), "\0\3");
In Javascript decrypting working fine but when I execute the PHP it gives me strange charecters.在 Javascript 中解密工作正常,但是当我执行 PHP 时,它给了我奇怪的字符。
rtrim()
exposes your application to padding oracle attacks , which wouldn't be a problem if you were following an Encrypt Then MAC construction. rtrim()
幼稚使用将您的应用程序暴露给填充 oracle 攻击,如果您遵循 Encrypt Then MAC 构造,这不会成为问题。$iv = mcrypt_create_iv(16, '00000000000000000000000000000000');
That's not how this function is meant to be used.这不是这个函数的用途。
string mcrypt_create_iv(int $length, int $source);
For example: mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
例如: mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
will generate 16 bytes of random data from /dev/urandom
.将从/dev/urandom
生成 16 字节的随机数据。 It looks like you want str_repeat("\\0", 16)
here, but as I said above, this is a horrible idea.看起来你想要str_repeat("\\0", 16)
在这里,但正如我上面所说,这是一个可怕的想法。
You also didn't base64_decode()
the key.您也没有base64_decode()
密钥。
I really hope you aren't deploying this code anywhere.我真的希望您不要在任何地方部署此代码。
Recommended reading: Write crypto code!推荐阅读: 编写加密代码! Don't publish it! 不要发布它! by Talyor Hornby.通过泰勒霍恩比。
Also, if you can avoid using mcrypt , you'll find yourself a lot happier.此外,如果您可以避免使用 mcrypt ,您会发现自己更快乐。
You should use the mcrypt
extension (wich is implemented in C), so you don't need to port JS code.您应该使用mcrypt
扩展(它是用 C 实现的),因此您不需要移植 JS 代码。
http://php.net/manual/en/book.mcrypt.php http://php.net/manual/en/book.mcrypt.php
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.