php openssl enc 的实现
php implementation of openssl enc
使用 guacamole-auth-json,编码 php 客户端实现。
我需要能够使用 aes-128-cbc 密码对 hmac sha256 哈希 json 进行加密。我有相同的哈希输入数据,但未能实现加密。
工作 guacamole-auth-json bash
中的示例
#!/bin/bash -e
##
## Encryption/signing key.
##
SECRET_KEY=""
##
## The filename of the JSON data being signed and encrypted.
##
JSON_FILENAME=""
##
## A null (all zeroes) IV.
##
NULL_IV="00000000000000000000000000000000"
##
## Signs the contents of the given file using the given key. The signature is
## created using HMAC/SHA-256, and is output in binary form to STDOUT, followed
## by the raw contents of the file.
##
## @param KEY
## The key to use to sign the contents of the given file with HMAC/SHA-256.
##
## @param FILENAME
## The filename of the file to sign.
##
sign() {
KEY=""
FILENAME=""
#
# Write out signature
#
openssl dgst \
-sha256 -mac HMAC -macopt hexkey:"$KEY" \
-binary "$FILENAME"
#
# Write out file contents
#
cat "$FILENAME"
}
##
## Encrypts all data received through STDIN using the provided key. Data is
## encrypted using 128-bit AES in CBC mode (with a null IV). The encrypted
## result is printed to STDOUT encoded with base64.
##
## @param KEY
## The key to encrypt STDIN with, as a 16-byte (32-digit) hexadecimal
## value.
##
encrypt() {
KEY=""
#
# Encrypt STDIN
#
openssl enc -aes-128-cbc -K "$KEY" -iv "$NULL_IV" -nosalt -a
}
#
# Sign and encrypt file using secret key
#
sign "$SECRET_KEY" "$JSON_FILENAME" | encrypt "$SECRET_KEY"
我的其他数据生成 php 实施
$auth_json = "{\n";
$auth_json = $auth_json . " \"username\" : \"\",\n";
$auth_json = $auth_json . " \"expires\" : \"1607500000000\",\n";
$auth_json = $auth_json . " \"connections\" : {\n";
$auth_json = $auth_json . " \"Trading server 001\" : {\n";
$auth_json = $auth_json . " \"protocol\" : \"" . get_post_meta( $post->ID,'trading_server_protocol', true ) . "\",\n";
$auth_json = $auth_json . " \"parameters\" : {\n";
$auth_json = $auth_json . " \"hostname\" : \"" . get_post_meta( $post->ID,'trading_server_hostname', true ) . "\",\n";
$auth_json = $auth_json . " \"port\" : \"" . get_post_meta( $post->ID,'trading_server_port', true ) . "\",\n";
$auth_json = $auth_json . " \"password\" : \"" . get_post_meta( $post->ID,'trading_server_password', true ) . "\",\n";
$auth_json = $auth_json . " \"read-only\" : \"" . get_post_meta( $post->ID,'trading_server_readonly', true ) . "\"\n";
$auth_json = $auth_json . " }\n";
$auth_json = $auth_json . " }\n";
$auth_json = $auth_json . " }\n";
$auth_json = $auth_json . "}";
$encrypt_key = "12345678901234567890123456789012";
$NULL_IV="00000000000000000000000000000000";
// HMAC Hex to byte
$secret = hex2bin($encrypt_key);
$auth_json_hash = hash_hmac("sha256", $auth_json, $secret);
$auth_json_hash_bin = hash_hmac("sha256", $auth_json, $secret, true);
$cipher = "AES-128-CBC";
$data = $auth_json_hash_bin . $auth_json;
$auth_json_encrypted_raw = openssl_encrypt( $data, $cipher, $encrypt_key, $options = OPENSSL_RAW_DATA, $NULL_IV );
$auth_json_encrypted_base64 = base64_encode( $auth_json_encrypted_raw );
我有相同的散列,但无法调用 openssl_encrypt 函数得到与使用 bash 示例生成的结果相同的结果。
之间的差异可能存在一些问题
openssl enc -aes-128-cbc -K "$KEY" -iv "$NULL_IV" -nosalt -a
和
openssl_encrypt($data, $cipher, $encrypt_key, $options = OPENSSL_RAW_DATA, $NULL_IV )
我明白,我需要在 php(-a 开关)中对结果进行 base64 编码,并且需要一些针对(-nosalt 开关)的解决方案。
问题出在 php 中的十六进制参数 (encrypt_key、NULL_IV)。
正确的代码应该是
$encrypt_key = "12345678901234567890123456789012";
$NULL_IV="00000000000000000000000000000000";
..
$auth_json_encrypted_raw = openssl_encrypt( $data, $cipher, hex2bin($encrypt_key), $options = OPENSSL_RAW_DATA, hex2bin($NULL_IV) );
使用 guacamole-auth-json,编码 php 客户端实现。
我需要能够使用 aes-128-cbc 密码对 hmac sha256 哈希 json 进行加密。我有相同的哈希输入数据,但未能实现加密。
工作 guacamole-auth-json bash
中的示例#!/bin/bash -e
##
## Encryption/signing key.
##
SECRET_KEY=""
##
## The filename of the JSON data being signed and encrypted.
##
JSON_FILENAME=""
##
## A null (all zeroes) IV.
##
NULL_IV="00000000000000000000000000000000"
##
## Signs the contents of the given file using the given key. The signature is
## created using HMAC/SHA-256, and is output in binary form to STDOUT, followed
## by the raw contents of the file.
##
## @param KEY
## The key to use to sign the contents of the given file with HMAC/SHA-256.
##
## @param FILENAME
## The filename of the file to sign.
##
sign() {
KEY=""
FILENAME=""
#
# Write out signature
#
openssl dgst \
-sha256 -mac HMAC -macopt hexkey:"$KEY" \
-binary "$FILENAME"
#
# Write out file contents
#
cat "$FILENAME"
}
##
## Encrypts all data received through STDIN using the provided key. Data is
## encrypted using 128-bit AES in CBC mode (with a null IV). The encrypted
## result is printed to STDOUT encoded with base64.
##
## @param KEY
## The key to encrypt STDIN with, as a 16-byte (32-digit) hexadecimal
## value.
##
encrypt() {
KEY=""
#
# Encrypt STDIN
#
openssl enc -aes-128-cbc -K "$KEY" -iv "$NULL_IV" -nosalt -a
}
#
# Sign and encrypt file using secret key
#
sign "$SECRET_KEY" "$JSON_FILENAME" | encrypt "$SECRET_KEY"
我的其他数据生成 php 实施
$auth_json = "{\n";
$auth_json = $auth_json . " \"username\" : \"\",\n";
$auth_json = $auth_json . " \"expires\" : \"1607500000000\",\n";
$auth_json = $auth_json . " \"connections\" : {\n";
$auth_json = $auth_json . " \"Trading server 001\" : {\n";
$auth_json = $auth_json . " \"protocol\" : \"" . get_post_meta( $post->ID,'trading_server_protocol', true ) . "\",\n";
$auth_json = $auth_json . " \"parameters\" : {\n";
$auth_json = $auth_json . " \"hostname\" : \"" . get_post_meta( $post->ID,'trading_server_hostname', true ) . "\",\n";
$auth_json = $auth_json . " \"port\" : \"" . get_post_meta( $post->ID,'trading_server_port', true ) . "\",\n";
$auth_json = $auth_json . " \"password\" : \"" . get_post_meta( $post->ID,'trading_server_password', true ) . "\",\n";
$auth_json = $auth_json . " \"read-only\" : \"" . get_post_meta( $post->ID,'trading_server_readonly', true ) . "\"\n";
$auth_json = $auth_json . " }\n";
$auth_json = $auth_json . " }\n";
$auth_json = $auth_json . " }\n";
$auth_json = $auth_json . "}";
$encrypt_key = "12345678901234567890123456789012";
$NULL_IV="00000000000000000000000000000000";
// HMAC Hex to byte
$secret = hex2bin($encrypt_key);
$auth_json_hash = hash_hmac("sha256", $auth_json, $secret);
$auth_json_hash_bin = hash_hmac("sha256", $auth_json, $secret, true);
$cipher = "AES-128-CBC";
$data = $auth_json_hash_bin . $auth_json;
$auth_json_encrypted_raw = openssl_encrypt( $data, $cipher, $encrypt_key, $options = OPENSSL_RAW_DATA, $NULL_IV );
$auth_json_encrypted_base64 = base64_encode( $auth_json_encrypted_raw );
我有相同的散列,但无法调用 openssl_encrypt 函数得到与使用 bash 示例生成的结果相同的结果。
之间的差异可能存在一些问题openssl enc -aes-128-cbc -K "$KEY" -iv "$NULL_IV" -nosalt -a
和
openssl_encrypt($data, $cipher, $encrypt_key, $options = OPENSSL_RAW_DATA, $NULL_IV )
我明白,我需要在 php(-a 开关)中对结果进行 base64 编码,并且需要一些针对(-nosalt 开关)的解决方案。
问题出在 php 中的十六进制参数 (encrypt_key、NULL_IV)。
正确的代码应该是
$encrypt_key = "12345678901234567890123456789012";
$NULL_IV="00000000000000000000000000000000";
..
$auth_json_encrypted_raw = openssl_encrypt( $data, $cipher, hex2bin($encrypt_key), $options = OPENSSL_RAW_DATA, hex2bin($NULL_IV) );