堆栈内存溢出
  简体   繁体   English

将 AES 解密从 CryptoJS 移植到 PHP

[英]Porting AES decryption from CryptoJS to Php

 原文  2015-09-16 02:20:59       javascript/ php/ encryption/ aes/ encryption-symmetric

问题描述

I am trying to convert a AES decryption function from JavaScript into PHP script.我正在尝试将 AES 解密函数从 JavaScript 转换为 PHP 脚本。 Ignoring the indentation for easy to read.忽略缩进以方便阅读。

var enc = 'EK/tvL3RsjOY1j82ILXv7W10bEU83JeaiBhlLmcZIrk=';

var key = 'FSHcT+sfRO/siok2ooweuA==' ;

var y = CryptoJS.AES.decrypt({ciphertext:     CryptoJS.enc.Base64.parse(enc)}, 
CryptoJS.enc.Base64.parse(key), 
{iv: CryptoJS.enc.Hex.parse("2323232323232323")});

var dec = y.toString(CryptoJS.enc.Utf8);

In the PHP I have tried在我尝试过的 PHP 中

$iv = mcrypt_create_iv(16, '2323232323232323'); 

$enc = 'EK/tvL3RsjOY1j82ILXv7W10bEU83JeaiBhlLmcZIrk=';

$key = 'FSHcT+sfRO/siok2ooweuA==' ;

$dec = rtrim((mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $enc, MCRYPT_MODE_CBC, $iv)), "\0\3");

In Javascript decrypting working fine but when I execute the PHP it gives me strange charecters.在 Javascript 中解密工作正常,但是当我执行 PHP 时,它给了我奇怪的字符。

2 个解决方案

解决方案1
 5  2015-09-16 04:43:54

Warning: This is Weak Cryptography警告:这是弱加密

  • You're using CBC mode with a constant IV of null bytes (the IV should be randomly generated for each message).您正在使用 CBC 模式和空字节的常量 IV(应该为每条消息随机生成 IV)。
  • You're not authenticating your ciphertext .没有验证你的密文
  • Naive use of rtrim() exposes your application to padding oracle attacks , which wouldn't be a problem if you were following an Encrypt Then MAC construction. rtrim()幼稚使用将您的应用程序暴露给填充 oracle 攻击,如果您遵循 Encrypt Then MAC 构造,这不会成为问题。

The Actual Bugs in Your Code代码中的实际错误

$iv = mcrypt_create_iv(16, '00000000000000000000000000000000');

That's not how this function is meant to be used.这不是这个函数的用途。

string mcrypt_create_iv(int $length, int $source);

For example: mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);例如: mcrypt_create_iv(16, MCRYPT_DEV_URANDOM); will generate 16 bytes of random data from /dev/urandom .将从/dev/urandom生成 16 字节的随机数据。 It looks like you want str_repeat("\\0", 16) here, but as I said above, this is a horrible idea.看起来你想要str_repeat("\\0", 16)在这里,但正如我上面所说,这是一个可怕的想法。

You also didn't base64_decode() the key.您也没有base64_decode()密钥。

I really hope you aren't deploying this code anywhere.我真的希望您不要在任何地方部署此代码。

Recommended reading: Write crypto code!推荐阅读: 编写加密代码! Don't publish it! 不要发布它! by Talyor Hornby.通过泰勒霍恩比。

Also, if you can avoid using mcrypt , you'll find yourself a lot happier.此外,如果您可以避免使用 mcrypt ,您会发现自己更快乐。

解决方案2
 0  2015-09-16 02:30:07

You should use the mcrypt extension (wich is implemented in C), so you don't need to port JS code.您应该使用mcrypt扩展(它是用 C 实现的),因此您不需要移植 JS 代码。

http://php.net/manual/en/book.mcrypt.php http://php.net/manual/en/book.mcrypt.php

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将AES解密从CryptoJS移植到PyCrypto - Porting AES decryption from CryptoJS to PyCrypto PHP中的CryptoJS Aes解密无法正常工作 - CryptoJS Aes decryption in php not working 在PHP中进行AES加密,然后用Javascript解密(cryptojs) - AES encryption in php and then decryption with Javascript (cryptojs) 使用CryptoJS进行渐进式AES解密 - Progressive AES decryption with CryptoJS PHP/Javascript AES 128 CFB 加密/解密 CryptoJS OpenSSL - PHP / Javascript AES 128 CFB Encryption / Decryption CryptoJS OpenSSL 使用CryptoJS和PHP进行AES加密 - AES Encryption with CryptoJS and PHP 使用CryptoJS在javascript中进行AES加密/解密 - AES encryption/decryption in javascript using CryptoJS CryptoJS AES256 解密问题 - CryptoJS AES256 decryption issue AES-256 CBC加密在Ruby / PHP中成功,但是使用CryptoJS解密失败 - AES-256 CBC encryption succeeds in Ruby/PHP, but decryption fails with CryptoJS CryptoJS AES加密和JAVA AES解密值不匹配 - CryptoJS AES encryption and JAVA AES decryption value mismatch
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM