[英]PHP AES-256-CBC encrypted data is different from JAVA AES/CBC/PKCS5PADDING
I have a java code working perfectly我有一个完美运行的java代码
public static String encrypt(String message, String sercretKey)
{
String base64EncryptedString = "";
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] digestOfPassword = md.digest(sercretKey.getBytes("utf-8"));
byte[] keyBytes = Arrays.copyOf(digestOfPassword, 24);
byte[] iv = Arrays.copyOf(digestOfPassword, 16);
SecretKey key = new SecretKeySpec(keyBytes, "AES");
javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, key, ivParameterSpec);
byte[] plainTextBytes = message.getBytes("utf-8");
byte[] buf = cipher.doFinal(plainTextBytes);
byte[] base64Bytes = Base64.getEncoder().encode(buf);
base64EncryptedString = new String(base64Bytes);
return base64EncryptedString;
}
I have tried using below code to recreate this above code in PHP我尝试使用下面的代码在 PHP 中重新创建上面的代码
function encryptTest($sSecretKey,$sValue)
{
$key = hash('sha256', $sSecretKey,false);
$key = utf8_encode($key);
$key = substr($key, 0, 24);
$iv = substr($key, 0, 16);
$data = $sValue;
$outEnc = openssl_encrypt($data, "AES-256-CBC", $key, OPENSSL_RAW_DATA, $iv);
return base64_encode($outEnc);
}
But showing different results.但显示出不同的结果。 What I have missed.
我错过了什么。
(Same types of questions are available in StackOverflow, but pointing my issues) (StackOverflow 中提供了相同类型的问题,但指出了我的问题)
There are the following issues:有以下问题:
hash()
must be switched from false
to true
.hash()
中的第三个参数从false
切换为true
。"AES-192-CBC"
must be applied (and not "AES-256-CBC"
)."AES-192-CBC"
(而不是"AES-256-CBC"
)。utf8_encode()
call in the PHP code is to be removed, as this corrupts the key. utf8_encode()
调用将被删除,因为这会损坏密钥。 With these changes, both codes provide the same ciphertext.通过这些更改,两种代码都提供了相同的密文。
Security:安全:
Using SHA256 as key derivation is insecure.使用 SHA256 作为密钥派生是不安全的。 Instead apply a dedicated algorithm like Argon2 or PBKDF2.
而是应用 Argon2 或 PBKDF2 等专用算法。 Also, using the key (or a part of it) as IV is insecure as it results in the reuse of key/IV pairs.
此外,将密钥(或其中的一部分)用作 IV 是不安全的,因为它会导致密钥/IV 对的重复使用。 Instead, a randomly generated IV should be applied for each encryption.
相反,应该为每个加密应用随机生成的 IV。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.