PHP 中的 AES 加密和 Javascript 中的解密
[英]AES Encryption in PHP and Decryption in Javascript
问题描述
I have an application in which I am encrypting a json encoded array using AES CBC 128 algorithm and then Decrypting it in javascript(React/Next Js Project).
我有一个应用程序,我在其中使用 AES CBC 128 算法加密 json 编码数组,然后在 javascript(React/Next Js Project)中解密它。 My Encryption in php is as shown in the below code我在 php 中的加密如下面的代码所示
ENCRYPTION PHP加密 PHP
$plaintext = "message to be encrypted";
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
$ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );
I am facing problems in decryption of this in Javascript我在 Javascript 中遇到解密问题
my code so far is as shown below到目前为止我的代码如下所示
const baseenc = CryptoJS.enc.Base64.parse(cipher).toString();
var encrypted = CryptoJS.AES.decrypt(cipher, key, { iv: iv }).toString();
var plaintext = CryptoJS.enc.Latin1.stringify(encrypted);
Can any body please show what is the error or help me in getting the correct output任何人都可以请显示错误是什么或帮助我获得正确的 output
1 个解决方案
解决方案1
4 已采纳 2021-01-07 17:15:31
The following steps must be implemented in the CryptoJS code:必须在 CryptoJS 代码中实现以下步骤:
- Separate IV, HMAC and ciphertext (after Base64 decoding)分离IV、HMAC和密文(Base64解码后)
- Calculate the HMAC for the ciphertext计算密文的 HMAC
- Check the authenticity of the ciphertext.检查密文的真实性。 The ciphertext is authentic if the received and calculated HMAC are identical.如果接收和计算的 HMAC 相同,则密文是真实的。
- Perform decryption, only if the ciphertext is authentic执行解密,只有密文是真实的
The following code is a possible implementation.下面的代码是一个可能的实现。 As key 0123456789012345 was applied and with the PHP code the used ciphertext was generated:应用密钥0123456789012345并使用 PHP 代码生成使用的密文:
var ciphertext = 'WqfMfCxKg7U7h5S1mbx7mSHOkkkIrUUpg++mX4ZdWt0I26VfKn7bsi60Oo/SIsWQGyC4dF5z081NvjTXwZGjIpguA0k/QqIM/GDEpCojaro='; var key = '0123456789012345'; // Convert key and ciphertext into WordArrays var ciphertextWA = CryptoJS.enc.Base64.parse(ciphertext); var keyWA = CryptoJS.enc.Utf8.parse(key); // Separate IV, HMAC and ciphertext var ivWA = CryptoJS.lib.WordArray.create(ciphertextWA.words.slice(0, 4)); var hmacWA = CryptoJS.lib.WordArray.create(ciphertextWA.words.slice(4, 4 + 8)); var actualCiphertextWA = CryptoJS.lib.WordArray.create(ciphertextWA.words.slice(4 + 8)); // Authenticate var hmacCalculatedWA = CryptoJS.HmacSHA256(actualCiphertextWA, keyWA); if(CryptoJS.enc.Base64.stringify(hmacCalculatedWA) === CryptoJS.enc.Base64.stringify(hmacWA)) { // Decrypt if authentication is successfull var decryptedMessageWA = CryptoJS.AES.decrypt({ciphertext: actualCiphertextWA}, keyWA, {iv: ivWA}); var decryptedMessage = CryptoJS.enc.Utf8.stringify(decryptedMessageWA); console.log(decryptedMessage); } else { console.log('Authentication failed;'); }
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>
Please note that it is better to use different keys for encryption and authentication, see here .请注意,最好使用不同的密钥进行加密和身份验证,请参见此处。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.