AES/CBC/PKCS5 填充 |在 Php OpenSSL 中替代 mcrypt_get_block_size()
AES/CBC/PKCS5 Padding | Alternate to mcrypt_get_block_size() in Php OpenSSL
问题陈述:
我正在尝试整合 API 其中 AES/CBC/PKCS5 填充。经过一些研究,我在 following 文章中找到了实现。
然而,在本文中使用了mcrypt which is deprecated and removed from PHP 7.2. Hence, I'm looking to modify above implementation in openssl。
有函数pkcs5_pad用于PKCS5填充需要参数为data和blocksize的数据。在 openssl 中没有 mcrypt_get_block_size 的替代方法。
代码片段
pkcs5_pad & pkcs5_unpad
function pkcs5_pad ($text, $blocksize)
{
$pad = $blocksize - (strlen($text) % $blocksize);
return $text . str_repeat(chr($pad), $pad);
}
function pkcs5_unpad($text)
{
$pad = ord($text{strlen($text)-1});
if ($pad > strlen($text)) return false;
if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false;
return substr($text, 0, -1 * $pad);
}
正在尝试转换关注
$paddedData = pkcs5_pad(
$data,
mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)
);
$encrypteddata = mcrypt_encrypt(
MCRYPT_RIJNDAEL_128,
hex2bin(md5($key)),
$paddedData,
MCRYPT_MODE_CBC,
$iv
);
到
$paddedData = pkcs5_pad($data); // How do I getBlock size in OpenSSL. i.e. Alternate to mcrypt_get_block_size
$encrypteddata = openssl_encrypt(
$paddedData,
$cipher,
$key,
$options=OPENSSL_RAW_DATA,
$iv
);
试错:
我在 Github 进行了一些研究后发现了一些 file。但不知道如何使用此文件将数据转换为 pkcs5 填充数据。
好消息是 - OpenSSL 具有“内置”填充,因此您不必担心它。
下面的完整 运行 代码向您展示了如何使用 32 字节长、随机生成的 AES-256 密钥来加密或解密字符串。 AES 模式是 CBC,它使用 PKCS5/7 填充 。加密的输出是Base64编码的(对于通过Email传输很有用),当然你可以在保存密文到文件时不使用Base64en-/decoding,稍后读取文件进行解密。
请注意,没有异常处理,代码仅用于教育目的:
<?php
function generateRandomAesKey()
{
return openssl_random_pseudo_bytes(32, $crypto_strong);
}
function generateRandomInitvector()
{
return openssl_random_pseudo_bytes(16, $crypto_strong);
}
function base64Encoding($input)
{
return base64_encode($input);
}
function base64Decoding($input)
{
return base64_decode($input);
}
function aesCbcEncryptToBase64($key, $data)
{
$iv = generateRandomInitvector();
$ciphertext = openssl_encrypt($data, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
return base64_encode($iv) . ':' . base64_encode($ciphertext);
}
function aesCbcDecryptFromBase64($key, $data)
{
list($iv, $encryptedData) = explode(':', $data, 2);
return openssl_decrypt(base64_decode($encryptedData), 'aes-256-cbc', $key, OPENSSL_RAW_DATA, base64_decode($iv));
}
echo 'AES CBC 256 String encryption with random key full' . PHP_EOL;
$plaintext = 'The quick brown fox jumps over the lazy dog';
echo 'plaintext: ' . $plaintext . PHP_EOL;
// generate random key
$encryptionKey = generateRandomAesKey();
$encryptionKeyBase64 = base64Encoding($encryptionKey);
echo 'encryptionKey (Base64): ' . $encryptionKeyBase64 . PHP_EOL;
// encryption
echo PHP_EOL . '* * * Encryption * * *' . PHP_EOL;
$ciphertextBase64 = aesCbcEncryptToBase64($encryptionKey, $plaintext);
echo 'ciphertext: ' . $ciphertextBase64 . PHP_EOL;
echo 'output is (Base64) iv : (Base64) ciphertext' .PHP_EOL;
echo PHP_EOL;
echo 'Cross platform cryptography: AES CBC 256 String encryption with random key (PHP)' . PHP_EOL;
// decryption
echo PHP_EOL . '* * * Decryption * * *' . PHP_EOL;
$decryptionKeyBase64 = $encryptionKeyBase64;
$ciphertextDecryptionBase64 = $ciphertextBase64;
echo 'decryptionKey (Base64): ' . $decryptionKeyBase64 . PHP_EOL;
echo 'ciphertextDecryption (Base64): ' . $ciphertextDecryptionBase64 . PHP_EOL;
echo 'input is (Base64) iv : (Base64) ciphertext' .PHP_EOL;
$decryptionKey = base64Decoding($decryptionKeyBase64);
$decryptedtext = aesCbcDecryptFromBase64($decryptionKey, $ciphertextDecryptionBase64);
echo 'plaintext: ' . $decryptedtext . PHP_EOL;
?>
输出如下:
AES CBC 256 String encryption with random key full
plaintext: The quick brown fox jumps over the lazy dog
encryptionKey (Base64): DuLNOxN3BUc+htgigTcQOeJsPuMkF/aBcyVSaXhMcEw=
* * * Encryption * * *
ciphertext: XvXGCOyMrj2ohknIr8k1+A==:nPrEGko/7OFRjiRCgX0Hryz0a+Qc6A9RmRlipWl+R6vslqLBf/8EZtGsf+zwwGAV
output is (Base64) iv : (Base64) ciphertext
* * * Decryption * * *
decryptionKey (Base64): DuLNOxN3BUc+htgigTcQOeJsPuMkF/aBcyVSaXhMcEw=
ciphertext (Base64): XvXGCOyMrj2ohknIr8k1+A==:nPrEGko/7OFRjiRCgX0Hryz0a+Qc6A9RmRlipWl+R6vslqLBf/8EZtGsf+zwwGAV
input is (Base64) iv : (Base64) ciphertext
plaintext: The quick brown fox jumps over the lazy dog
问题陈述:
我正在尝试整合 API 其中 AES/CBC/PKCS5 填充。经过一些研究,我在 following 文章中找到了实现。
然而,在本文中使用了mcrypt which is deprecated and removed from PHP 7.2. Hence, I'm looking to modify above implementation in openssl。
有函数pkcs5_pad用于PKCS5填充需要参数为data和blocksize的数据。在 openssl 中没有 mcrypt_get_block_size 的替代方法。
代码片段
pkcs5_pad & pkcs5_unpad
function pkcs5_pad ($text, $blocksize)
{
$pad = $blocksize - (strlen($text) % $blocksize);
return $text . str_repeat(chr($pad), $pad);
}
function pkcs5_unpad($text)
{
$pad = ord($text{strlen($text)-1});
if ($pad > strlen($text)) return false;
if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false;
return substr($text, 0, -1 * $pad);
}
正在尝试转换关注
$paddedData = pkcs5_pad(
$data,
mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)
);
$encrypteddata = mcrypt_encrypt(
MCRYPT_RIJNDAEL_128,
hex2bin(md5($key)),
$paddedData,
MCRYPT_MODE_CBC,
$iv
);
到
$paddedData = pkcs5_pad($data); // How do I getBlock size in OpenSSL. i.e. Alternate to mcrypt_get_block_size
$encrypteddata = openssl_encrypt(
$paddedData,
$cipher,
$key,
$options=OPENSSL_RAW_DATA,
$iv
);
试错:
我在 Github 进行了一些研究后发现了一些 file。但不知道如何使用此文件将数据转换为 pkcs5 填充数据。
好消息是 - OpenSSL 具有“内置”填充,因此您不必担心它。
下面的完整 运行 代码向您展示了如何使用 32 字节长、随机生成的 AES-256 密钥来加密或解密字符串。 AES 模式是 CBC,它使用 PKCS5/7 填充 。加密的输出是Base64编码的(对于通过Email传输很有用),当然你可以在保存密文到文件时不使用Base64en-/decoding,稍后读取文件进行解密。
请注意,没有异常处理,代码仅用于教育目的:
<?php
function generateRandomAesKey()
{
return openssl_random_pseudo_bytes(32, $crypto_strong);
}
function generateRandomInitvector()
{
return openssl_random_pseudo_bytes(16, $crypto_strong);
}
function base64Encoding($input)
{
return base64_encode($input);
}
function base64Decoding($input)
{
return base64_decode($input);
}
function aesCbcEncryptToBase64($key, $data)
{
$iv = generateRandomInitvector();
$ciphertext = openssl_encrypt($data, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
return base64_encode($iv) . ':' . base64_encode($ciphertext);
}
function aesCbcDecryptFromBase64($key, $data)
{
list($iv, $encryptedData) = explode(':', $data, 2);
return openssl_decrypt(base64_decode($encryptedData), 'aes-256-cbc', $key, OPENSSL_RAW_DATA, base64_decode($iv));
}
echo 'AES CBC 256 String encryption with random key full' . PHP_EOL;
$plaintext = 'The quick brown fox jumps over the lazy dog';
echo 'plaintext: ' . $plaintext . PHP_EOL;
// generate random key
$encryptionKey = generateRandomAesKey();
$encryptionKeyBase64 = base64Encoding($encryptionKey);
echo 'encryptionKey (Base64): ' . $encryptionKeyBase64 . PHP_EOL;
// encryption
echo PHP_EOL . '* * * Encryption * * *' . PHP_EOL;
$ciphertextBase64 = aesCbcEncryptToBase64($encryptionKey, $plaintext);
echo 'ciphertext: ' . $ciphertextBase64 . PHP_EOL;
echo 'output is (Base64) iv : (Base64) ciphertext' .PHP_EOL;
echo PHP_EOL;
echo 'Cross platform cryptography: AES CBC 256 String encryption with random key (PHP)' . PHP_EOL;
// decryption
echo PHP_EOL . '* * * Decryption * * *' . PHP_EOL;
$decryptionKeyBase64 = $encryptionKeyBase64;
$ciphertextDecryptionBase64 = $ciphertextBase64;
echo 'decryptionKey (Base64): ' . $decryptionKeyBase64 . PHP_EOL;
echo 'ciphertextDecryption (Base64): ' . $ciphertextDecryptionBase64 . PHP_EOL;
echo 'input is (Base64) iv : (Base64) ciphertext' .PHP_EOL;
$decryptionKey = base64Decoding($decryptionKeyBase64);
$decryptedtext = aesCbcDecryptFromBase64($decryptionKey, $ciphertextDecryptionBase64);
echo 'plaintext: ' . $decryptedtext . PHP_EOL;
?>
输出如下:
AES CBC 256 String encryption with random key full
plaintext: The quick brown fox jumps over the lazy dog
encryptionKey (Base64): DuLNOxN3BUc+htgigTcQOeJsPuMkF/aBcyVSaXhMcEw=
* * * Encryption * * *
ciphertext: XvXGCOyMrj2ohknIr8k1+A==:nPrEGko/7OFRjiRCgX0Hryz0a+Qc6A9RmRlipWl+R6vslqLBf/8EZtGsf+zwwGAV
output is (Base64) iv : (Base64) ciphertext
* * * Decryption * * *
decryptionKey (Base64): DuLNOxN3BUc+htgigTcQOeJsPuMkF/aBcyVSaXhMcEw=
ciphertext (Base64): XvXGCOyMrj2ohknIr8k1+A==:nPrEGko/7OFRjiRCgX0Hryz0a+Qc6A9RmRlipWl+R6vslqLBf/8EZtGsf+zwwGAV
input is (Base64) iv : (Base64) ciphertext
plaintext: The quick brown fox jumps over the lazy dog