PHP openssl MCRYPT_RIJNDAEL_128 等效
[英]PHP openssl MCRYPT_RIJNDAEL_128 equivalent
问题描述
I have an encrypted value, which I know has been encrypted via the following obsolete php function:
我有一个加密值,我知道它已通过以下过时的 php 函数加密:
$encrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, trim($encryptedValue), MCRYPT_MODE_CBC, $iv);
I'm trying to decrypt this value using openssl_decrypt with this function :我正在尝试使用 openssl_decrypt 和这个函数来解密这个值:
$decryptedValue = openssl_decrypt("QTu07uBvWSJHmN7gqGIaJg==", 'aes-256-cbc', $key, $options = 0, $iv);
I know that the encryptedValue should return the value '1000' but the function don't work (return false)我知道 encryptedValue 应该返回值 '1000' 但该函数不起作用(返回 false)
What I did wrong ?我做错了什么? Is the AES mode incorrect or something like that ?是 AES 模式不正确还是类似的东西?
I also tried this :我也试过这个:
$encryptedValue = "QTu07uBvWSJHmN7gqGIaJg=="; // = "1000"
if (strlen($encryptedValue) % 8) {
$encryptedValue = str_pad($encryptedValue, strlen($encryptedValue) + 8 - strlen($encryptedValue) % 8, "\0");
}
$decryptedValue = openssl_decrypt($encryptedValue, 'aes-256-cbc', $key, $options = 0, $iv);
dd($decryptedValue);
But this function still return false with the dump.但是这个函数在转储时仍然返回 false。
1 个解决方案
解决方案1
0 2021-07-22 20:08:19
I hope you've found a better solution in the months past, as this seems outdated, but for the sake of answering the question:我希望你在过去几个月里找到了更好的解决方案,因为这似乎已经过时了,但为了回答这个问题:
The correct cipher to use with OpenSSL depends on the keysize from your original code using mcrypt.与 OpenSSL 一起使用的正确密码取决于使用 mcrypt 的原始代码的密钥大小。 Both AES-128 and AES-256 are variants of Rijndael-128, they just differ in key size. AES-128 和 AES-256 都是 Rijndael-128 的变体,它们只是密钥大小不同。 If you have a 128-bit (16-byte) key, then you have AES-128;如果您有一个 128 位(16 字节)的密钥,那么您就有 AES-128; if it's larger than that (and ideally exactly 256 bits), then you have AES-256.如果它大于那个(理想情况下正好是 256 位),那么你就有了 AES-256。
Then, seeing that your cipherText is Base64-encoded, you need to either base64_decode() it before passing to openssl_decrypt() OR don't use OPENSSL_RAW_DATA - the only thing this flag does is to tell the function to not perform Base64 decoding itself.然后,看到你的密文是Base64编码的,你需要或者base64_decode()将它传递给前openssl_decrypt()或者不使用OPENSSL_RAW_DATA -此标志所作的唯一的事情就是告诉不执行Base64编码解码本身的功能。
And finally, yes, mcrypt will apply zero-padding, but that extra step you tried is just unnecessarily adding it again, just use OPENSSL_ZERO_PADDING while decrypting.最后,是的,mcrypt 将应用零填充,但是您尝试的额外步骤只是不必要地再次添加它,只需在解密时使用OPENSSL_ZERO_PADDING 。 So, you end up with something like this:所以,你最终会得到这样的结果:
$cipher = (mb_strlen($key, '8bit') <= 8) ? 'aes-128-cbc' : 'aes-256-cbc';
$plainText = openssl_decrypt($encryptedValue, $cipher, $key, OPENSSL_ZERO_PADDING, $iv);
There are other possible variables, like the key also being encoded or not, the IV being prepended or appended to the cipherText already, etc, but with the information that you provided, this should be all you need to recover the data.还有其他可能的变量,例如密钥是否也被编码,IV 已经预先或附加到 cipherText 等,但是根据您提供的信息,这应该是恢复数据所需的全部内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.