在 php 和 vb.net 中加密和解密 AES 256
Encrypting and Decrypting AES 256 in both php and vb.net
我需要能够加密和解密 php 和 vb.net 中的字符串。
PHP 需要能够解密在 vb.net 中加密的字符串,并且 vb.net 需要能够解密在 php.
中加密的字符串
我在两个环境中都有可在该环境中工作的工作代码,但它们不能相互工作。
我已经对这个进行了大量搜索,我相信这与 AES256 的 openssl 实现及其与 IV 或类似内容的加盐方式有关。
vb 实现正在为 IV 生成随机 GUID,并在 base64 编码之前将其添加到加密字符串之前。
我的vb.net代码是这样的...
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
Public Class tbSecurity
Public Shared enckey = "00000000000000000000000000000000"
Public Shared Function AESEncryptStringToBase64(strPlainText As String) As String
Dim Algo As RijndaelManaged = RijndaelManaged.Create()
With Algo
.BlockSize = 128
.FeedbackSize = 128
.KeySize = 256
.Mode = CipherMode.CBC
.IV = Guid.NewGuid().ToByteArray()
.Key = Encoding.ASCII.GetBytes(enckey)
End With
Using Encryptor As ICryptoTransform = Algo.CreateEncryptor()
Using MemStream As New MemoryStream
Using CryptStream As New CryptoStream(MemStream, Encryptor, CryptoStreamMode.Write)
Using Writer As New StreamWriter(CryptStream)
Writer.Write(strPlainText)
End Using
AESEncryptStringToBase64 = Convert.ToBase64String(Algo.IV.Concat(MemStream.ToArray()).ToArray())
End Using
End Using
End Using
End Function
Public Shared Function AESDecryptBase64ToString(strCipherText As String) As String
Dim arrSaltAndCipherText As Byte() = Convert.FromBase64String(strCipherText)
Dim Algo As RijndaelManaged = RijndaelManaged.Create()
With Algo
.BlockSize = 128
.FeedbackSize = 128
.KeySize = 256
.Mode = CipherMode.CBC
.IV = arrSaltAndCipherText.Take(16).ToArray()
.Key = Encoding.ASCII.GetBytes(enckey)
End With
Using Decryptor As ICryptoTransform = Algo.CreateDecryptor()
Using MemStream As New MemoryStream(arrSaltAndCipherText.Skip(16).ToArray())
Using CryptStream As New CryptoStream(MemStream, Decryptor, CryptoStreamMode.Read)
Using Reader As New StreamReader(CryptStream)
AESDecryptBase64ToString = Reader.ReadToEnd()
End Using
End Using
End Using
End Using
End Function
End Class
PHP 代码是这样的...
<?php
$inputstr = $_GET['str'];
$ky = '00000000000000000000000000000000'; // 32 * 8 = 256 bit key
$iv = '1234567890123456'; // 32 * 8 = 256 bit iv
echo "<hr>";
echo "Input Str = " . $inputstr;
echo "<hr>";
echo "Decrypted Str = " . decryptRJ256($ky,$iv,$inputstr);
function decryptRJ256($key,$iv,$string_to_decrypt)
{
$string_to_decrypt = base64_decode($string_to_decrypt);
$rtn = openssl_decrypt($string_to_decrypt, "aes-256-cbc", $key,0,$iv);
$rtn = rtrim($rtn, "[=13=]");
return($rtn);
}
function encryptRJ256($key,$iv,$string_to_encrypt)
{
$rtn = openssl_decrypt($string_to_encrypt, "aes-256-cbc", $key,0,$iv);
$rtn = base64_encode($rtn);
return($rtn);
}
?>
我遇到了一个 'working' 使用 AES128 和 PHP 的 mcrypt 扩展的代码示例,但是我使用的是 PHP8,Mcrypt 已被弃用且不受支持,所以我真的不想走那条路。
有谁能给我指明正确的方向,使用 vb.net 中可解密的 AES256 的 openssl 实现在 PHP 中加密字符串,或者反过来?
我不在乎我必须修改哪个环境,或者即使两者都修改。
非常感谢
VB 代码中的 AESEncryptStringToBase64() 使用 PKCS7 填充的 CBC 模式中的 AES 加密明文。密钥大小决定了 AES 变体,例如AES-256 为 32 个字节。在加密期间生成一个 GUID 作为 IV。加密后将IV和密文拼接并进行Base64编码
PHP 中的一个可能实现是:
function encrypt($key, $plaintext){
$iv = random_bytes(16);
$ciphertext = openssl_encrypt($plaintext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
$ivCiphertext = $iv . $ciphertext;
$ivCiphertextB64 = base64_encode($ivCiphertext);
return $ivCiphertextB64;
}
注:
- 在 PHP 代码中加密安全 IV,请参阅 CSPRNG, is generated instead of a GUID. This is at least as secure as the GUID used in the VB code, see Is Microsoft's GUID generator cryptographically secure?。
- 在 PHP 代码中指定了 AES-256,因此需要一个 32 字节的密钥。因此,在 VB 代码中,还必须使用 32 字节的密钥以实现兼容性。如果 VB 代码中的密钥大小不同,则必须相应地调整 PHP 代码中的 AES 变体,例如
aes-128-cbc 对于 16 字节的密钥。
VB 代码中的 AESDecryptBase64ToString() 是对应的,因此使用相同的算法、模式和填充。加密后的数据首先进行 Base64 解码。前16个字节是IV,其余是密文,然后解密。
PHP 中的一个可能实现是:
function decrypt($key, $ivCiphertextB64){
$ivCiphertext = base64_decode($ivCiphertextB64);
$iv = substr($ivCiphertext, 0, 16);
$ciphertext = substr($ivCiphertext, 16);
$decryptedData = openssl_decrypt($ciphertext, "aes-256-cbc", $key, OPENSSL_RAW_DATA, $iv);
return $decryptedData;
}
测试:
// Test 1:
$key = '00000000000000000000000000000000';
$plaintext = 'The quick brown fox jumps over the lazy dog';
$ivCiphertextB64 = encrypt($key, $plaintext);
$decrypted = decrypt($key, $ivCiphertextB64);
print("Test 1 - Ciphertext: " . $ivCiphertextB64 . PHP_EOL);
print("Test 1 - Decrypted: " . $decrypted . PHP_EOL);
// Test 2: Decrypt ciphertext from VB
$ivCiphertextB64 = '6z4IGlnv5UOd+MWUOfP5m4ymJ/XUp+VijU0D4xBLRr/T1JWAsxRApW6aJgptmN4q2f0seibD/2jktvkDydz33g==';
$decrypted = decrypt($key, $ivCiphertextB64);
print("Test 2 - Decrypted: " . $decrypted . PHP_EOL);
// Test 3: Encrypt plaintext for VB
$plaintext = 'The quick brown fox jumps over the lazy dog';
$ivCiphertextB64 = encrypt($key, $plaintext);
print("Test 3 - Encrypted: " . $ivCiphertextB64 . PHP_EOL);
具有以下可能的输出:
Test 1 - Ciphertext: cadDJ82W94xKz4MQlvZ4IPBYvytpJezgbAY+ZYi76Z/zcGieUFDZLzEsjenolbEP2pR9JTHOHnG+ylJCXZd45g==
Test 1 - Decrypted: The quick brown fox jumps over the lazy dog
Test 2 - Decrypted: The quick brown fox jumps over the lazy dog
Test 3 - Encrypted: Teo0qUA553EJ9y9O0lb0gjVzWHE8+EQyklnbq6v8ziK5SXNAhX6HdyfdtHkyQUKAWXmFazWx2bEkIDwqjM+aQA==
测试 1 显示用 encrypt() 加密的密文可以用 decrypt() 解密。测试 2 解密使用 VB 代码加密的密文。测试 3 生成可以使用 VB 代码解密的密文。
我需要能够加密和解密 php 和 vb.net 中的字符串。 PHP 需要能够解密在 vb.net 中加密的字符串,并且 vb.net 需要能够解密在 php.
中加密的字符串我在两个环境中都有可在该环境中工作的工作代码,但它们不能相互工作。
我已经对这个进行了大量搜索,我相信这与 AES256 的 openssl 实现及其与 IV 或类似内容的加盐方式有关。
vb 实现正在为 IV 生成随机 GUID,并在 base64 编码之前将其添加到加密字符串之前。
我的vb.net代码是这样的...
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
Public Class tbSecurity
Public Shared enckey = "00000000000000000000000000000000"
Public Shared Function AESEncryptStringToBase64(strPlainText As String) As String
Dim Algo As RijndaelManaged = RijndaelManaged.Create()
With Algo
.BlockSize = 128
.FeedbackSize = 128
.KeySize = 256
.Mode = CipherMode.CBC
.IV = Guid.NewGuid().ToByteArray()
.Key = Encoding.ASCII.GetBytes(enckey)
End With
Using Encryptor As ICryptoTransform = Algo.CreateEncryptor()
Using MemStream As New MemoryStream
Using CryptStream As New CryptoStream(MemStream, Encryptor, CryptoStreamMode.Write)
Using Writer As New StreamWriter(CryptStream)
Writer.Write(strPlainText)
End Using
AESEncryptStringToBase64 = Convert.ToBase64String(Algo.IV.Concat(MemStream.ToArray()).ToArray())
End Using
End Using
End Using
End Function
Public Shared Function AESDecryptBase64ToString(strCipherText As String) As String
Dim arrSaltAndCipherText As Byte() = Convert.FromBase64String(strCipherText)
Dim Algo As RijndaelManaged = RijndaelManaged.Create()
With Algo
.BlockSize = 128
.FeedbackSize = 128
.KeySize = 256
.Mode = CipherMode.CBC
.IV = arrSaltAndCipherText.Take(16).ToArray()
.Key = Encoding.ASCII.GetBytes(enckey)
End With
Using Decryptor As ICryptoTransform = Algo.CreateDecryptor()
Using MemStream As New MemoryStream(arrSaltAndCipherText.Skip(16).ToArray())
Using CryptStream As New CryptoStream(MemStream, Decryptor, CryptoStreamMode.Read)
Using Reader As New StreamReader(CryptStream)
AESDecryptBase64ToString = Reader.ReadToEnd()
End Using
End Using
End Using
End Using
End Function
End Class
PHP 代码是这样的...
<?php
$inputstr = $_GET['str'];
$ky = '00000000000000000000000000000000'; // 32 * 8 = 256 bit key
$iv = '1234567890123456'; // 32 * 8 = 256 bit iv
echo "<hr>";
echo "Input Str = " . $inputstr;
echo "<hr>";
echo "Decrypted Str = " . decryptRJ256($ky,$iv,$inputstr);
function decryptRJ256($key,$iv,$string_to_decrypt)
{
$string_to_decrypt = base64_decode($string_to_decrypt);
$rtn = openssl_decrypt($string_to_decrypt, "aes-256-cbc", $key,0,$iv);
$rtn = rtrim($rtn, "[=13=]");
return($rtn);
}
function encryptRJ256($key,$iv,$string_to_encrypt)
{
$rtn = openssl_decrypt($string_to_encrypt, "aes-256-cbc", $key,0,$iv);
$rtn = base64_encode($rtn);
return($rtn);
}
?>
我遇到了一个 'working' 使用 AES128 和 PHP 的 mcrypt 扩展的代码示例,但是我使用的是 PHP8,Mcrypt 已被弃用且不受支持,所以我真的不想走那条路。
有谁能给我指明正确的方向,使用 vb.net 中可解密的 AES256 的 openssl 实现在 PHP 中加密字符串,或者反过来? 我不在乎我必须修改哪个环境,或者即使两者都修改。
非常感谢
AESEncryptStringToBase64() 使用 PKCS7 填充的 CBC 模式中的 AES 加密明文。密钥大小决定了 AES 变体,例如AES-256 为 32 个字节。在加密期间生成一个 GUID 作为 IV。加密后将IV和密文拼接并进行Base64编码
PHP 中的一个可能实现是:
function encrypt($key, $plaintext){
$iv = random_bytes(16);
$ciphertext = openssl_encrypt($plaintext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
$ivCiphertext = $iv . $ciphertext;
$ivCiphertextB64 = base64_encode($ivCiphertext);
return $ivCiphertextB64;
}
注:
- 在 PHP 代码中加密安全 IV,请参阅 CSPRNG, is generated instead of a GUID. This is at least as secure as the GUID used in the VB code, see Is Microsoft's GUID generator cryptographically secure?。
- 在 PHP 代码中指定了 AES-256,因此需要一个 32 字节的密钥。因此,在 VB 代码中,还必须使用 32 字节的密钥以实现兼容性。如果 VB 代码中的密钥大小不同,则必须相应地调整 PHP 代码中的 AES 变体,例如
aes-128-cbc对于 16 字节的密钥。
VB 代码中的
AESDecryptBase64ToString() 是对应的,因此使用相同的算法、模式和填充。加密后的数据首先进行 Base64 解码。前16个字节是IV,其余是密文,然后解密。
PHP 中的一个可能实现是:
function decrypt($key, $ivCiphertextB64){
$ivCiphertext = base64_decode($ivCiphertextB64);
$iv = substr($ivCiphertext, 0, 16);
$ciphertext = substr($ivCiphertext, 16);
$decryptedData = openssl_decrypt($ciphertext, "aes-256-cbc", $key, OPENSSL_RAW_DATA, $iv);
return $decryptedData;
}
测试:
// Test 1:
$key = '00000000000000000000000000000000';
$plaintext = 'The quick brown fox jumps over the lazy dog';
$ivCiphertextB64 = encrypt($key, $plaintext);
$decrypted = decrypt($key, $ivCiphertextB64);
print("Test 1 - Ciphertext: " . $ivCiphertextB64 . PHP_EOL);
print("Test 1 - Decrypted: " . $decrypted . PHP_EOL);
// Test 2: Decrypt ciphertext from VB
$ivCiphertextB64 = '6z4IGlnv5UOd+MWUOfP5m4ymJ/XUp+VijU0D4xBLRr/T1JWAsxRApW6aJgptmN4q2f0seibD/2jktvkDydz33g==';
$decrypted = decrypt($key, $ivCiphertextB64);
print("Test 2 - Decrypted: " . $decrypted . PHP_EOL);
// Test 3: Encrypt plaintext for VB
$plaintext = 'The quick brown fox jumps over the lazy dog';
$ivCiphertextB64 = encrypt($key, $plaintext);
print("Test 3 - Encrypted: " . $ivCiphertextB64 . PHP_EOL);
具有以下可能的输出:
Test 1 - Ciphertext: cadDJ82W94xKz4MQlvZ4IPBYvytpJezgbAY+ZYi76Z/zcGieUFDZLzEsjenolbEP2pR9JTHOHnG+ylJCXZd45g==
Test 1 - Decrypted: The quick brown fox jumps over the lazy dog
Test 2 - Decrypted: The quick brown fox jumps over the lazy dog
Test 3 - Encrypted: Teo0qUA553EJ9y9O0lb0gjVzWHE8+EQyklnbq6v8ziK5SXNAhX6HdyfdtHkyQUKAWXmFazWx2bEkIDwqjM+aQA==
测试 1 显示用 encrypt() 加密的密文可以用 decrypt() 解密。测试 2 解密使用 VB 代码加密的密文。测试 3 生成可以使用 VB 代码解密的密文。