堆栈内存溢出
  简体   繁体   English

如何使用PHP解密对称加密的OpenPGP消息?

[英]How to decrypt a symmetrically encrypted OpenPGP message using PHP?

 原文  2016-04-04 02:58:30       php/ encryption/ gnupg/ openpgp

问题描述

I have an OpenPGP message which looks something like this given to me in a file: 我有一个OpenPGP消息,看起来像这样在文件中给我: 

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.9 (MingW32)

jA0EAgMCtCzaGHIQXY9g0sBnAeDOQ9GuVA/uICuP+7Z2dnjNCLgRN0J/TzJs1qcW
aJYBTkH5KQCClCxjwTYbHZCox1sENfIS+KxpCKJQqAX3SNEFm0ORNE6RNwEgb1Zj
uOdIw8auxUsjmQKFLAcZIPKjBjyJqSQVfmEoteVn1n+pwm8RdIZevCHwLF2URStB
nBVuycaxcaxcaxcxccxcxacqweqweqwe123fsMqQPaTusOBGpEQrWC9jArtvYEUpY
aNF6BfQ0y2CYrZrmzRoQnmtnVu10PagEuWmVxCucyhVwlthVgN0iBog9jhjliQkc
rrDTupqB4IimMEjElGUHtkuvrCQ0jQnOHEAJmmefMDH0NkYKGd5Ngt21I5ge5tob
/uBjHKMxjNgg1nWfg6Lz4jqoKe/EweuEeg==
=+N9N
-----END PGP MESSAGE-----

and was given a 15 character passphrase to decrypt it, I suppose. 我想,并给了一个15个字符的密码来解密它。 But I really don't have any idea to decrypt the file using PHP. 但我真的不知道用PHP解密文件。 I take a look at PHP's GnuPG manual page and under the gnugpg_decrypt() example it gives this code: 我看一下PHP的GnuPG手册页 ,在gnugpg_decrypt()示例下,它提供了以下代码: 

$res = gnupg_init();
gnupg_adddecryptkey($res,"8660281B6051D071D94B5B230549F9DC851566DC","test");
$plain = gnupg_decrypt($res,$encrypted_text);
echo $plain;

So taking a look at this function gnupg_adddecryptkey , it mentioned I need a fingerprint. 所以看看这个函数gnupg_adddecryptkey ,它提到我需要一个指纹。 What is that actually? 实际上是什么? And where can I get it? 我在哪里可以得到它?

2 个解决方案

解决方案1
 10 已采纳  2016-04-04 05:58:35

The fingerprint is a hash sum calculated on the public key and some meta data like key creation time. 指纹是在公钥和一些元数据(如密钥创建时间)上计算的哈希和。 It is also returned after importing a key through gnupg_import as fingerprint attribute. 通过gnupg_import作为fingerprint属性导入密钥后,也会返回它。

This is for public/private key cryptography, which you're seemingly not using: when encrypting with a passphrase, you're omitting the public/private key cryptography part and directly use symmetric encryption for the message, with a session key (sometimes also called cipher block or symmetric key) derived from your passphrase. 这是用于公钥/私钥加密,您似乎没有使用:当使用密码加密时,您省略了公钥/私钥加密部分,并使用会话密钥直接对邮件使用对称加密(有时也是称为密码块或对称密钥),源自您的密码。

Symmetric encryption is not supported by PHP's GnuPG module. PHP的GnuPG模块不支持对称加密。 There are no functions to perform symmetric decryption, and this limitation is also described in the module's source documentation : 没有执行对称解密的功能,这个限制也在模块的源文档中描述:

This class provides an object oriented interface to GNU Privacy Guard (GPG). 该类为GNU Privacy Guard(GPG)提供了面向对象的接口。

Though GPG can support symmetric-key cryptography, this class is intended only to facilitate public-key cryptography. 尽管GPG可以支持对称密钥加密,但此类仅用于促进公钥加密。

You will have to perform decryption manually by calling gpg . 您必须通过调用gpg手动执行解密。 An example command line would be 一个示例命令行将是 

gpg --symmetric --decrypt [file]

(alternatively, you can also provide the input through STDIN). (或者,您也可以通过STDIN提供输入)。 For handing over the passphrase, have a look at GnuPG's --passphrase... options: 要交出密码,请查看GnuPG的--passphrase...选项:

--passphrase-fd n

Read the passphrase from file descriptor n. 从文件描述符n中读取密码。 Only the first line will be read from file descriptor n. 只从文件描述符n中读取第一行。 If you use 0 for n, the passphrase will be read from STDIN. 如果对n使用0,则将从STDIN读取密码。 This can only be used if only one passphrase is supplied. 仅在仅提供一个密码短语时才能使用此选项。

--passphrase-file file

Read the passphrase from file file. 从文件文件中读取密码。 Only the first line will be read from file file. 只从文件文件中读取第一行。 This can only be used if only one passphrase is supplied. 仅在仅提供一个密码短语时才能使用此选项。 Obviously, a passphrase stored in a file is of questionable security if other users can read this file. 显然,如果其他用户可以读取此文件,则存储在文件中的密码短语具有可疑的安全性。 Don't use this option if you can avoid it. 如果可以避免,请不要使用此选项。

--passphrase string

Use string as the passphrase. 使用字符串作为密码。 This can only be used if only one passphrase is supplied. 仅在仅提供一个密码短语时才能使用此选项。 Obviously, this is of very questionable security on a multi-user system. 显然,这在多用户系统上的安全性非常可疑。 Don't use this option if you can avoid it. 如果可以避免,请不要使用此选项。

Be aware that all other users of a computer can read all other user's command line arguments, so especially for shared hosting platforms, --passphrase is a definite no-go. 请注意,计算机的所有其他用户都可以读取所有其他用户的命令行参数,因此特别是对于共享主机平台, - --passphrase是明确禁止的。

解决方案2
 3  2017-08-30 06:34:42

This answer is compatible with not just PHP, but GnuGPG in general. 这个答案不仅与PHP兼容,而且与GnuGPG兼容。 To summarize Jens Erat's answer and adding the encryption step for anyone else who comes across this question, here's a solution, assuming a file exists called passwords.txt : 总结一下Jens Erat的答案并为遇到此问题的其他人添加加密步骤,这里有一个解决方案,假设存在一个名为passwords.txt的文件: 

// encrypt
gpg --output passwords.gpg --symmetric passwords.txt
// decrypt
gpg —decrypt  passwords.gpg

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何解密加密的“.php”文件 - How to decrypt an encrypted '.php' files 如何使用aes解密php mysql中的加密数据? - how to decrypt the encrypted data in php mysql using aes? PHP 使用 openssl 解密数据(使用 mcrypt 加密) - PHP Decrypt data (encrypted with mcrypt) using openssl 使用 PHP 加密的 Python 解密密文 - Decrypt a ciphertext with Python that was encrypted using PHP 无法在使用php脚本加密的mysql中解密 - Not able to decrypt in mysql that was encrypted using the php script 如何在php中解密.net加密字符串 - How to decrypt a .net encrypted string in php 如何使用 PHP 解密在 javascript 中的 CryptoJS 中加密的字符串 - How to decrypt with PHP a string that is encrypted in CryptoJS in javascript 如何在用 JSEncrypt 加密的 PHP 中解密数据 - How to decrypt data in PHP encrypted with JSEncrypt 如何在Java中解密来自PHP的加密响应? - How to decrypt in Java an encrypted response from PHP? 如何解密在 Java 中加密的 PHP 中的字符串? - How to decrypt a string in PHP that was encrypted in Java?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM