[英]Delphi: AES CBC encryption compatible with PHP mcrypt_encrypt
[英]php mcrypt_encrypt encryption mismatch with android AES-128 encryption
我在使用以下代码的所有api请求和响应中都需要加密。 但是php代码的加密值与android生成的值不匹配。
function encrypt($input,$key) {
$size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$input = $this->pkcs5_pad($input, $size);
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key);
$data = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$data = base64_encode($data);
return $data;
}
function aesdecrypt($sStr,$sKey){
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$decrypted= mcrypt_decrypt(
MCRYPT_RIJNDAEL_128,
$sKey,
base64_decode($sStr),
MCRYPT_MODE_CBC
);
$dec_s = strlen($decrypted);
$padding = ord($decrypted[$dec_s-1]);
$decrypted = substr($decrypted, 0, -$padding);
return $decrypted;
}
android代码(用于加密和解密):
public static String encode(String password, String text)
throws NoPassGivenException, NoTextGivenException {
/*if (password.length() == 0 || password == null) {
throw new NoPassGivenException("Please give Password");
}
if (text.length() == 0 || text == null) {
throw new NoTextGivenException("Please give text");
}*/
try {
SecretKeySpec skeySpec = getKey(password);
byte[] clearText = text.getBytes("UTF8");
//IMPORTANT TO GET SAME RESULTS ON iOS and ANDROID
final byte[] iv = new byte[16];
Arrays.fill(iv, (byte) 0x00);
IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
//System.out.println(iv);
// Cipher is not thread safe
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivParameterSpec);
String encrypedValue = new Base64().encodeAsString(
cipher.doFinal(clearText));
//Log.d(TAG, "Encrypted: " + text + " -> " + encrypedValue);
return encrypedValue;
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (InvalidAlgorithmParameterException e) {
e.printStackTrace();
}
return "";
}
public static String decode(String password, String text)
throws NoPassGivenException, NoTextGivenException {
/*if (password.length() == 0 || password == null) {
throw new NoPassGivenException("Please give Password");
}
if (text.length() == 0 || text == null) {
throw new NoTextGivenException("Please give text");
}*/
try {
SecretKey key = getKey(password);
//IMPORTANT TO GET SAME RESULTS ON iOS and ANDROID
final byte[] iv = new byte[16];
Arrays.fill(iv, (byte) 0x00);
IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
//System.out.println(iv);
byte[] encrypedPwdBytes = new Base64().decodeBase64(text);
// cipher is not thread safe
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, key, ivParameterSpec);
byte[] decrypedValueBytes = (cipher.doFinal(encrypedPwdBytes));
String decrypedValue = new String(decrypedValueBytes);
// BigDecimal bd = new BigDecimal(decrypedValue);
//Log.d(TAG, "Decrypted: " + text + " -> " + decrypedValue);
// String data = Long.toString(bd.longValue());
return decrypedValue;
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (InvalidAlgorithmParameterException e) {
e.printStackTrace();
}
return "";
}
密文应该与随机语言没有区别。 这是产生唯一IV或-在CBC模式下为随机IV的主要原因。 如果您要使用静态IV(和相同的密钥),则对于相同的(第一块)明文,您将获得相同的(第一块)密文。 换句话说,您将信息泄露给攻击者。
因此,您应该使用随机IV,可以将其与密文一起安全存储。 最好通过解密来测试加密。 同样可以最好使用签名验证来测试签名生成。 如果您设法两次生成相同的CBC密文,则表明存在问题-并非正确。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.