这个PHP4类做AES加密有什么问题吗?
当我解密使用此函数加密的内容时,解密的版本不等于原始版本。
class AES256encryption {
var $secret = '';
var $cipher_key = '';
function AES256encryption($secret='') {
if (empty($secret)) {
global $secret;
if (empty($secret)) {
$secret = "some random secret string";
}
}
$this->secret = $secret;
}
function gen_cipher() {
if (empty($this->cipher_key)) {
$this->cipher_key = substr(sha1($this->secret),0,20);
}
}
function mciv() {
return mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_RAND);
}
function encrypt($text) {
$this->gen_cipher();
return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->cipher_key, $text, MCRYPT_MODE_CBC, $this->mciv())));
}
function decrypt($text) {
$this->gen_cipher();
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->cipher_key, base64_decode($text), MCRYPT_MODE_CBC, $this->mciv()));
}
}
When I decrypt something encrypted with this function, the decrypted version doesn't equal the original.
class AES256encryption {
var $secret = '';
var $cipher_key = '';
function AES256encryption($secret='') {
if (empty($secret)) {
global $secret;
if (empty($secret)) {
$secret = "some random secret string";
}
}
$this->secret = $secret;
}
function gen_cipher() {
if (empty($this->cipher_key)) {
$this->cipher_key = substr(sha1($this->secret),0,20);
}
}
function mciv() {
return mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_RAND);
}
function encrypt($text) {
$this->gen_cipher();
return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->cipher_key, $text, MCRYPT_MODE_CBC, $this->mciv())));
}
function decrypt($text) {
$this->gen_cipher();
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->cipher_key, base64_decode($text), MCRYPT_MODE_CBC, $this->mciv()));
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
不要每次想要加密/解密某些内容时都创建一个新的 IV。加密和解密时需要相同的 IV。在CBC模式下,只要IV秘密在创建时是随机的,就不需要获取IV秘密。所以你的代码应该是这样的:
这似乎有效:
请检查块密码操作模式 它恢复了它的工作原理。
Don't create a new IV each time you want to encrypt/decrypt something. You need the same IV at encryption and decryption times. In CBC mode, there is no need to get IV secret as long as it is random at its creation. So your code should be something like:
And that seems to work:
Please check block cipher modes of operation which resumes how this work.
IV 需要与加密数据一起发送给接收者。这意味着您的
加密函数将需要对其进行base64编码并发送它,并且您的解密函数将需要期望接收它作为输入的一部分。The IV needs to be sent to the recipient, along with the encrypted data. This means your
encryptfunction will need to base64 encode it and send it, and yourdecryptfunction will need to expect to receive it as part of the input.在帕特里克和咖啡馆的帮助下,我修改了我的课程。我发现秘密和 IV 必须与解密中使用的相同加密,否则解密将无法进行。 IV 必须为 32 个字符。这是我修改后的课程,以防对任何人有用。
Based on help from Patrick and caf, I've revised my class. I discovered that both the secret and IV must be the same in decryption as was used in encryption otherwise the decryption won't work. IV must be 32 characters. Here is my revised class in case it is of use to anyone.