使用 PHP 解密 C# 加密
Decrypt C# Encryption with PHP
前段时间我实现了一个 C# web API 来提供信息。
此信息已加密并由其他 C# 或经典 ASP 网站使用。
这就是我使用 EncryptRijndael 和 DecryptRijndael 方法进行加密/解密的方式。
using System;
using System.Text;
namespace Encryption_Test
{
using System.IO;
using System.Security.Cryptography;
using System.Text.RegularExpressions;
using System.Windows.Forms;
class RijndaelManagedEncryption
{
//http://www.codeproject.com/Tips/704372/How-to-use-Rijndael-ManagedEncryption-with-Csharp
#region Rijndael Encryption
/// <summary>
/// Encrypt the given text and give the byte array back as a BASE64 string
/// </summary>
/// <param name="text" />The text to encrypt
/// <param name="salt" />The pasword salt
/// <returns>The encrypted text</returns>
public static string EncryptRijndael(string text, string salt, string inputKey)
{
if (string.IsNullOrEmpty(text))
throw new ArgumentNullException("text");
var aesAlg = NewRijndaelManaged(salt, inputKey);
var blockSize = aesAlg.BlockSize;
var strK = System.Text.Encoding.ASCII.GetString(aesAlg.Key);
string s = strK;
var encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
var msEncrypt = new MemoryStream();
using (var csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
using (var swEncrypt = new StreamWriter(csEncrypt))
{
swEncrypt.Write(text);
}
return Convert.ToBase64String(msEncrypt.ToArray());
}
#endregion
#region Rijndael Dycryption
/// <summary>
/// Checks if a string is base64 encoded
/// </summary>
/// <param name="base64String" />The base64 encoded string
/// <returns>
public static bool IsBase64String(string base64String)
{
base64String = base64String.Trim();
return (base64String.Length%4 == 0) &&
Regex.IsMatch(base64String, @"^[a-zA-Z0-9\+/]*={0,3}$", RegexOptions.None);
}
/// <summary>
/// Decrypts the given text
/// </summary>
/// <param name="cipherText" />The encrypted BASE64 text
/// <param name="salt" />
/// <param name="inputKey"></param>
/// The pasword salt
/// <returns>De gedecrypte text</returns>
public static string DecryptRijndael(string cipherText, string salt, string inputKey)
{
if (string.IsNullOrEmpty(cipherText))
throw new ArgumentNullException("cipherText");
if (!IsBase64String(cipherText))
throw new Exception("The cipherText input parameter is not base64 encoded");
string text;
var aesAlg = NewRijndaelManaged(salt, inputKey);
var decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
var cipher = Convert.FromBase64String(cipherText);
using (var msDecrypt = new MemoryStream(cipher))
{
using (var csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (var srDecrypt = new StreamReader(csDecrypt))
{
text = srDecrypt.ReadToEnd();
}
}
}
return text;
}
#endregion
#region NewRijndaelManaged
/// <summary>
/// Create a new RijndaelManaged class and initialize it
/// </summary>
/// <param name="salt" />
/// <param name="inputKey"></param>
/// The pasword salt
/// <returns>
private static RijndaelManaged NewRijndaelManaged(string salt, string inputKey)
{
if (salt == null) throw new ArgumentNullException("salt");
var saltBytes = Encoding.ASCII.GetBytes(salt);
var key = new Rfc2898DeriveBytes(inputKey, saltBytes);
var aesAlg = new RijndaelManaged();
aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8); //256 / 8 = 32
aesAlg.IV = key.GetBytes(aesAlg.BlockSize / 8); //128 / 8 = 16
//string k = System.Text.Encoding.Default.GetString(aesAlg.Key);
//string i = System.Text.Encoding.Default.GetString(aesAlg.IV);
//string l = k + i;
#region testPHP
///*
// So it would seem the week point in the chain for PHP is the Rfc2898DeriveBytes
// */
//aesAlg.Key = Encoding.UTF8.GetBytes(inputKey);
//aesAlg.IV = Encoding.UTF8.GetBytes(salt);
//k = System.Text.Encoding.Default.GetString(aesAlg.Key);
//i = System.Text.Encoding.Default.GetString(aesAlg.IV);
//l = k + i;
#endregion testPHP
return aesAlg;
}
#endregion
}
}
你可以在接近尾声时看到注释掉,我只是通过将提供的参数转换为 byte[] 来设置 Key 和 IV。 PHP 似乎没问题,但我不想省略 Rfc2898DeriveBytes。
它工作得很好,消费网站能够解密信息。
现在这是我的(别人的问题,但我想帮忙),一个 PHP 站点现在需要使用我的 Web API。他们似乎做不到。他们认为这是由于 IV 的创建方式所致。
现在这让我想知道是否
- 他们不能胜任这份工作
- 我的实现让他们无法做到。
现在我对PHP知之甚少,但大体上能跟上它的一段代码的流程。
如果有人能首先告诉我是否应该可以用 PHP 实现目标,我将不胜感激,如果是的话,也许可以提供一些关于如何实现的指示。
注意 - 这是在利用 Rfc2898DeriveBytes,我认为这是问题的症结所在,并将此问题与其他类似问题区分开来。
一个例子
- 要加密的字符串:
Co-operation is the key to success!
- 盐:
This_is_the_password_salt
- 输入键:
This_is_the_input_key
- 加密字符串:
pLgIEjhNGDMfI0IynoAdbey3NKbOJzgUzYAlU14OWOpuZy7/lr7HRtFhiRKfjbZz
好吧 - 在找到一个可以 hash_hmac 的沙盒之后,我似乎已经在你们和你们的评论的刺激下推测出来了……
以及其中的以下代码(我只是希望它在实际情况下表现相同)
<?php
class Foo {
public function decrypt_full($key, $iv, $encrypted)
{
$dev = $this->pbkdf2("sha1", $key, $iv, 1000, 48, true);
$derived_key = substr($dev, 0, 32); //Keylength: 32
$derived_iv = substr($dev, 32, 16); // IV-length: 16
return mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $derived_key, base64_decode($encrypted), MCRYPT_MODE_CBC, $derived_iv);
}
private function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
{
$algorithm = strtolower($algorithm);
if(!in_array($algorithm, hash_algos(), true))
die('PBKDF2 ERROR: Invalid hash algorithm.');
if($count <= 0 || $key_length <= 0)
die('PBKDF2 ERROR: Invalid parameters.');
$hash_length = strlen(hash($algorithm, "", true));
$block_count = ceil($key_length / $hash_length);
$output = "";
for($i = 1; $i <= $block_count; $i++) {
// $i encoded as 4 bytes, big endian.
$last = $salt . pack("N", $i);
// first iteration
$last = $xorsum = hash_hmac($algorithm, $last, $password, true);
// perform the other $count - 1 iterations
for ($j = 1; $j < $count; $j++) {
$xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true));
}
$output .= $xorsum;
}
return substr($output, 0, $key_length);
}
}
//###########################################################################################
$encrypted = "pLgIEjhNGDMfI0IynoAdbey3NKbOJzgUzYAlU14OWOpuZy7/lr7HRtFhiRKfjbZz";
$iv = "This_is_the_password_salt";
$key = "This_is_the_input_key";
$foo = new foo;
echo "<br/>";
echo "Encrypted String: ".$encrypted."<br/>";
echo "Decrypted string: ".$foo->decrypt_full($key, $iv, $encrypted )."<br/>";
?>
输出是...
Key: .g���13f^sI>M��j$\�+�od�mY# �!
IV: �2]��&y�q� WJ��
Decrypted: Co-operation is the key to success!
迫不及待地想告诉 PHP 伙计们 ;)
前段时间我实现了一个 C# web API 来提供信息。
此信息已加密并由其他 C# 或经典 ASP 网站使用。
这就是我使用 EncryptRijndael 和 DecryptRijndael 方法进行加密/解密的方式。
using System;
using System.Text;
namespace Encryption_Test
{
using System.IO;
using System.Security.Cryptography;
using System.Text.RegularExpressions;
using System.Windows.Forms;
class RijndaelManagedEncryption
{
//http://www.codeproject.com/Tips/704372/How-to-use-Rijndael-ManagedEncryption-with-Csharp
#region Rijndael Encryption
/// <summary>
/// Encrypt the given text and give the byte array back as a BASE64 string
/// </summary>
/// <param name="text" />The text to encrypt
/// <param name="salt" />The pasword salt
/// <returns>The encrypted text</returns>
public static string EncryptRijndael(string text, string salt, string inputKey)
{
if (string.IsNullOrEmpty(text))
throw new ArgumentNullException("text");
var aesAlg = NewRijndaelManaged(salt, inputKey);
var blockSize = aesAlg.BlockSize;
var strK = System.Text.Encoding.ASCII.GetString(aesAlg.Key);
string s = strK;
var encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
var msEncrypt = new MemoryStream();
using (var csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
using (var swEncrypt = new StreamWriter(csEncrypt))
{
swEncrypt.Write(text);
}
return Convert.ToBase64String(msEncrypt.ToArray());
}
#endregion
#region Rijndael Dycryption
/// <summary>
/// Checks if a string is base64 encoded
/// </summary>
/// <param name="base64String" />The base64 encoded string
/// <returns>
public static bool IsBase64String(string base64String)
{
base64String = base64String.Trim();
return (base64String.Length%4 == 0) &&
Regex.IsMatch(base64String, @"^[a-zA-Z0-9\+/]*={0,3}$", RegexOptions.None);
}
/// <summary>
/// Decrypts the given text
/// </summary>
/// <param name="cipherText" />The encrypted BASE64 text
/// <param name="salt" />
/// <param name="inputKey"></param>
/// The pasword salt
/// <returns>De gedecrypte text</returns>
public static string DecryptRijndael(string cipherText, string salt, string inputKey)
{
if (string.IsNullOrEmpty(cipherText))
throw new ArgumentNullException("cipherText");
if (!IsBase64String(cipherText))
throw new Exception("The cipherText input parameter is not base64 encoded");
string text;
var aesAlg = NewRijndaelManaged(salt, inputKey);
var decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
var cipher = Convert.FromBase64String(cipherText);
using (var msDecrypt = new MemoryStream(cipher))
{
using (var csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (var srDecrypt = new StreamReader(csDecrypt))
{
text = srDecrypt.ReadToEnd();
}
}
}
return text;
}
#endregion
#region NewRijndaelManaged
/// <summary>
/// Create a new RijndaelManaged class and initialize it
/// </summary>
/// <param name="salt" />
/// <param name="inputKey"></param>
/// The pasword salt
/// <returns>
private static RijndaelManaged NewRijndaelManaged(string salt, string inputKey)
{
if (salt == null) throw new ArgumentNullException("salt");
var saltBytes = Encoding.ASCII.GetBytes(salt);
var key = new Rfc2898DeriveBytes(inputKey, saltBytes);
var aesAlg = new RijndaelManaged();
aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8); //256 / 8 = 32
aesAlg.IV = key.GetBytes(aesAlg.BlockSize / 8); //128 / 8 = 16
//string k = System.Text.Encoding.Default.GetString(aesAlg.Key);
//string i = System.Text.Encoding.Default.GetString(aesAlg.IV);
//string l = k + i;
#region testPHP
///*
// So it would seem the week point in the chain for PHP is the Rfc2898DeriveBytes
// */
//aesAlg.Key = Encoding.UTF8.GetBytes(inputKey);
//aesAlg.IV = Encoding.UTF8.GetBytes(salt);
//k = System.Text.Encoding.Default.GetString(aesAlg.Key);
//i = System.Text.Encoding.Default.GetString(aesAlg.IV);
//l = k + i;
#endregion testPHP
return aesAlg;
}
#endregion
}
}
你可以在接近尾声时看到注释掉,我只是通过将提供的参数转换为 byte[] 来设置 Key 和 IV。 PHP 似乎没问题,但我不想省略 Rfc2898DeriveBytes。
它工作得很好,消费网站能够解密信息。
现在这是我的(别人的问题,但我想帮忙),一个 PHP 站点现在需要使用我的 Web API。他们似乎做不到。他们认为这是由于 IV 的创建方式所致。
现在这让我想知道是否
- 他们不能胜任这份工作
- 我的实现让他们无法做到。
现在我对PHP知之甚少,但大体上能跟上它的一段代码的流程。 如果有人能首先告诉我是否应该可以用 PHP 实现目标,我将不胜感激,如果是的话,也许可以提供一些关于如何实现的指示。
注意 - 这是在利用 Rfc2898DeriveBytes,我认为这是问题的症结所在,并将此问题与其他类似问题区分开来。
一个例子
- 要加密的字符串:
Co-operation is the key to success!
- 盐:
This_is_the_password_salt
- 输入键:
This_is_the_input_key
- 加密字符串:
pLgIEjhNGDMfI0IynoAdbey3NKbOJzgUzYAlU14OWOpuZy7/lr7HRtFhiRKfjbZz
好吧 - 在找到一个可以 hash_hmac 的沙盒之后,我似乎已经在你们和你们的评论的刺激下推测出来了……
以及其中的以下代码(我只是希望它在实际情况下表现相同)
<?php
class Foo {
public function decrypt_full($key, $iv, $encrypted)
{
$dev = $this->pbkdf2("sha1", $key, $iv, 1000, 48, true);
$derived_key = substr($dev, 0, 32); //Keylength: 32
$derived_iv = substr($dev, 32, 16); // IV-length: 16
return mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $derived_key, base64_decode($encrypted), MCRYPT_MODE_CBC, $derived_iv);
}
private function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
{
$algorithm = strtolower($algorithm);
if(!in_array($algorithm, hash_algos(), true))
die('PBKDF2 ERROR: Invalid hash algorithm.');
if($count <= 0 || $key_length <= 0)
die('PBKDF2 ERROR: Invalid parameters.');
$hash_length = strlen(hash($algorithm, "", true));
$block_count = ceil($key_length / $hash_length);
$output = "";
for($i = 1; $i <= $block_count; $i++) {
// $i encoded as 4 bytes, big endian.
$last = $salt . pack("N", $i);
// first iteration
$last = $xorsum = hash_hmac($algorithm, $last, $password, true);
// perform the other $count - 1 iterations
for ($j = 1; $j < $count; $j++) {
$xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true));
}
$output .= $xorsum;
}
return substr($output, 0, $key_length);
}
}
//###########################################################################################
$encrypted = "pLgIEjhNGDMfI0IynoAdbey3NKbOJzgUzYAlU14OWOpuZy7/lr7HRtFhiRKfjbZz";
$iv = "This_is_the_password_salt";
$key = "This_is_the_input_key";
$foo = new foo;
echo "<br/>";
echo "Encrypted String: ".$encrypted."<br/>";
echo "Decrypted string: ".$foo->decrypt_full($key, $iv, $encrypted )."<br/>";
?>
输出是...
Key: .g���13f^sI>M��j$\�+�od�mY# �!
IV: �2]��&y�q� WJ��
Decrypted: Co-operation is the key to success!
迫不及待地想告诉 PHP 伙计们 ;)