[英]Openssl aes-256-cbc encryption from command prompt and decryption in PHP (and vice versa)
I am trying to encrypt (openssl aes-256-cbc) a string through Windows command prompt and decrypt the result in PHP.我正在尝试通过 Windows 命令提示符加密 (openssl aes-256-cbc) 一个字符串,并在 PHP 中解密结果。
I have done the encryption through:我通过以下方式完成了加密:
echo {un:est@test.com,upass:klkKJS*dfd!j@d76w} | openssl enc -e -aes-256-cbc -a -salt -pass pass:sw8/M!CLl:=cmgtHts?v/Wb7C$Vk9Sy-{go.*+E;[GAg~KQi*rI!1#z;x/KT
For decryption, my php code is:解密的话,我的php密码是:
$ivlen = openssl_cipher_iv_length('aes-256-cbc');
$iv = openssl_random_pseudo_bytes($ivlen);
echo openssl_decrypt('U2FsdGVkX18ruQUgA9LEOOvdOUQXv/o8z6ZNO820MKzSIbMjFcyfNo1efQwAOINxMY9+UxZjxaT+JEWmlUyYQw==', 'aes-256-cbc', 'sw8/M!CLl:=cmgtHts?v/Wb7C$Vk9Sy-{go.*+E;[GAg~KQi*rI!1#z;x/KT', $options=0, $iv);
But the decrypted string is empty.但是解密后的字符串是空的。 Please help.
请帮忙。
(Note: I also need to do the reverse procedure, ie encryption in php and decryption from WIN command prompt. So please add any suggestion that may help.) (注意:我还需要做相反的过程,即在 php 中加密,然后在 WIN 命令提示符下解密。所以请添加任何可能有帮助的建议。)
The OpenSSL statement generates a random 8 bytes salt during encryption, which is used together with the password to derive a 32 bytes key and a 16 bytes IV with the OpenSSL function EVP_BytesToKey()
. OpenSSL 语句在加密期间生成一个随机的 8 字节盐,它与密码一起使用以派生一个 32 字节密钥和一个 16 字节 IV 与 OpenSSL function
EVP_BytesToKey()
。
With key and IV the encryption is performed with AES-256 in CBC mode.使用密钥和 IV,在 CBC 模式下使用 AES-256 执行加密。 The result consists of the concatenation of the ASCII encoding of
Salted__
, followed by the salt and the actual ciphertext, all Base64 encoded.结果由
Salted__
的 ASCII 编码串联组成,后跟盐和实际密文,所有 Base64 编码。
The decryption in PHP/OpenSSL must be implemented as follows: PHP/OpenSSL 中的解密必须按如下方式实现:
EVP_BytesToKey()
to get key and IV.EVP_BytesToKey()
获取密钥和 IV。 One possible implementation is:一种可能的实现是:
<?php
function EVP_BytesToKey($salt, $password) {
$bytes = '';
$last = '';
while(strlen($bytes) < 48) {
$last = hash('md5', $last . $password . $salt, true);
$bytes.= $last;
}
return $bytes;
}
$saltCiphertext = base64_decode('U2FsdGVkX18ruQUgA9LEOOvdOUQXv/o8z6ZNO820MKzSIbMjFcyfNo1efQwAOINxMY9+UxZjxaT+JEWmlUyYQw==');
$salt = substr($saltCiphertext, 8, 8);
$ciphertext = substr($saltCiphertext, 16);
$keyIv = EVP_BytesToKey($salt, 'sw8/M!CLl:=cmgtHts?v/Wb7C$Vk9Sy-{go.*+E;[GAg~KQi*rI!1#z;x/KT');
$key = substr($keyIv, 0, 32);
$iv = substr($keyIv, 32);
echo openssl_decrypt($ciphertext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); // {un:est@test.com,upass:klkKJS*dfd!j@d76w}
?>
In earlier versions OpenSSL used MD5 as digest in EVP_BytesToKey()
by default, from version V1.1.0 SHA256.在早期版本中,OpenSSL 默认使用 MD5 作为
EVP_BytesToKey()
中的摘要,从版本 V1.1.0 SHA256 开始。 In the posted example, decryption with MD5 is successful, so obviously MD5 was used in encryption.在贴出的例子中,用MD5解密是成功的,所以显然加密时使用了MD5。
Note that key derivation with EVP_BytesToKey()
is deemed insecure nowadays.请注意,如今使用
EVP_BytesToKey()
进行密钥派生被认为是不安全的。
As suggested by @Topaco for PHP openssl decryption of a string encoded through command prompt, here is an example of the opposite (PHP encryption to decode in command line).正如@Topaco针对 PHP openssl 解密通过命令提示符编码的字符串所建议的那样,这里是一个相反的示例(PHP 加密以在命令行中解码)。 Thanks to @Topaco's comment and this piece of code .
感谢@Topaco 的评论和这段代码。
<?php
function EVP_BytesToKey($salt, $password) {
$bytes = '';
$last = '';
while(strlen($bytes) < 48) {
$last = hash('md5', $last . $password . $salt, true);
$bytes.= $last;
}
return $bytes;
}
$saltDeciphertext= '{un:est@test.com,upass:klkKJS*dfd!j@d76w}';
$crypttext = "Salted__";
$salt= random_bytes(8);
$crypttext .= $salt;
$keyIV= EVP_BytesToKey($salt, 'sw8/M!CLl:=cmgtHts?v/Wb7C$Vk9Sy-{go.*+E;[GAg~KQi*rI!1#z;x/KT');
$key = substr($keyIV, 0, 32);
$iv = substr($keyIV, 32);
$crypttext .= openssl_encrypt($saltDeciphertext, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
echo base64_encode($crypttext);
?>
Subsequent decryption command:后续解密命令:
echo U2FsdGVkX1+rDCycmwvc6rImKmrzaC9WTlzFanXt476975aYQcxPt2fgnRazm7CorGkpAWm9vmcu33YpiTYziw== | openssl enc -d -aes-256-cbc -a -salt -pass pass:sw8/M!CLl:=cmgtHts?v/Wb7C$Vk9Sy-{go.*+E;[GAg~KQi*rI!1#z;x/KT
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.