[英]AES encryption using Php , javascript and vise versa
I am doing client side encryption using javascript and server side using PHP.我正在使用 javascript 和服务器端使用 PHP 进行客户端加密。 Both side we are using same key and IV.
我们双方都使用相同的密钥和 IV。
Php Encryption : PHP加密:
$string='test data';
$output = '';
$encrypt_method = 'AES-256-CBC';
$secret_key = 'secret key in hex';
$secret_iv = 'iv in hex';
$key = hash('sha256',$secret_key);
$output = openssl_encrypt($string,$encrypt_method,$key,0,$initialization_vector);
//Encrypted text in php
$output = base64_encode($output);
Javascript Encryption Code: Javascript 加密代码:
var key = 'secret key in hex';
key = CryptoJS.SHA256(key);
var ivHex = CryptoJS.enc.Hex.parse(' IV in hex ');
var options = { mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7, iv:ivHex};
var obj='test data';
var encrypted = CryptoJS.AES.encrypt(obj,key ,options);
var encryptedBase64 = encrypted.toString();
//Encrypted text in javascript
console.log(encryptedBase64);
Both are giving different output.两者都给出不同的输出。 Am I doing anything wrong?
我做错了什么吗?
$secret_iv
is defined, but an undefined $initialization_vector
is used in openssl_encrypt()
. $secret_iv
已定义,但在openssl_encrypt()
使用了未定义的$initialization_vector
。0
, you want to pass OPENSSL_RAW_DATA
(a constant).0
,而是希望传递OPENSSL_RAW_DATA
(一个常量)。hash('sha256', $secret_key)
in PHP but using secret_key
directly in Javascript.hash('sha256', $secret_key)
但在 Javascript 中直接使用secret_key
。
hash('sha256', $some_text_input)
) is very weak.hash('sha256', $some_text_input)
)非常弱。 Consider PBKDF2-SHA256 instead. Important: AES-CBC without an HMAC is vulnerable to padding-oracle attacks .重要提示:没有 HMAC 的 AES-CBC 容易受到padding-oracle 攻击。 You should always use authenticated encryption .
您应该始终使用经过身份验证的加密。
An example of secure encryption looks like this .安全加密的示例如下所示。 Decryption is a little more involved.
解密涉及更多。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.