如何在 PHP 中解密 Jasypt 加密的字符串?
这可能是一个不可能的问题,但我正在将遗留系统从 Java 迁移到 PHP,并且我需要能够解密 PHP 中使用 Jasypt 加密的字符串。
根据文档,Jasypt使用以下算法:
- 附加随机盐(我认为与密码的初始化向量相同)到要加密的数据
- 重复加密 1000 次
- 将未加密的 salt/IV 前置到加密字符串
- Base64 对整个字符串进行编码
旧应用程序使用 PBEWithMD5AndDES Jasypt算法。我完全清楚 MD5 并不是为解密而设计的,这也不是我想要做的。
我只是想对字符串进行 DES 解密,这样我就只剩下 MD5 哈希值了。除了二进制垃圾之外,我似乎无法从 PHP 中得到任何东西。我缺少什么?
<?php
#jasypt.algorithm=PBEWithMD5AndDES
$secret = 'secret-password';
$encrypted = 'xh/roK2diJPDfZGlT9DlwuG2TsS7t7F+';
$cipher = MCRYPT_DES;
$modes = array(
'ecb' => MCRYPT_MODE_ECB,
'cbc' => MCRYPT_MODE_CBC,
'cfb' => MCRYPT_MODE_CFB,
'ofb' => MCRYPT_MODE_OFB,
'nofb' => MCRYPT_MODE_NOFB,
'stream' => MCRYPT_MODE_STREAM,
);
foreach($modes as $mode => $mc) {
$iv_len = 0; //mcrypt_get_iv_size($cipher, $mode);
$password = base64_decode($encrypted);
$salt = substr($password, 0, $iv_len);
$data = substr($password, $iv_len);
for($i = 0; $i < 1000; $i++) {
$data = @mcrypt_decrypt($cipher, $secret, $data, $mode, $salt);
}
var_dump("$mode: $i: $data");
}
This may be an impossible question, but I am migrating a legacy system from Java over to PHP, and I need to be able to decrypt strings encrypted with Jasypt in PHP.
According to the documentation, Jasypt uses the following algorithm:
- Append a random salt (I think that is the same as an initialization vector for the cipher) to the data to be encrypted
- Encrypt repeatedly 1000 times
- Prepend the unencrypted salt/IV to the encrypted string
- Base64 encode the entire string
The legacy application uses the PBEWithMD5AndDES Jasypt algorithm. I am fully aware that MD5 isn't designed to be decrypted, and that's not what I'm trying to do.
I simply want to DES-decrypt the string so that all I'm left with is the MD5 hash. I can't seem to get anything but binary garbage out of PHP. What am I missing?
<?php
#jasypt.algorithm=PBEWithMD5AndDES
$secret = 'secret-password';
$encrypted = 'xh/roK2diJPDfZGlT9DlwuG2TsS7t7F+';
$cipher = MCRYPT_DES;
$modes = array(
'ecb' => MCRYPT_MODE_ECB,
'cbc' => MCRYPT_MODE_CBC,
'cfb' => MCRYPT_MODE_CFB,
'ofb' => MCRYPT_MODE_OFB,
'nofb' => MCRYPT_MODE_NOFB,
'stream' => MCRYPT_MODE_STREAM,
);
foreach($modes as $mode => $mc) {
$iv_len = 0; //mcrypt_get_iv_size($cipher, $mode);
$password = base64_decode($encrypted);
$salt = substr($password, 0, $iv_len);
$data = substr($password, $iv_len);
for($i = 0; $i < 1000; $i++) {
$data = @mcrypt_decrypt($cipher, $secret, $data, $mode, $salt);
}
var_dump("$mode: $i: $data");
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您不理解“PBEWithMD5AndDES”的含义。
PBEWithMD5AndDES 表示加密密码(字符串)使用 MD5 进行散列,以获得用作 DES 算法的加密密钥输入的字节数组以及要加密的文本。
因此,无法使用 DES 解密以获得 MD5 哈希值。这没有任何意义。您只需要使用完全相同的算法来解密加密的数据,但是是在 PHP 实现中。
顺便说一句,“PBEWithMD5AndDES”不是“jasypt 算法”。它是一种 Java 加密扩展 (JCE) 算法。 Jasypt 本身不实现任何算法。
希望这有帮助。
You are not understanding the "PBEWithMD5AndDES" meaning.
PBEWithMD5AndDES means that the encryption password (a String) is hashed with MD5 in order to obtain an array of bytes used as encryption key input to the DES algorithm along with the text to be encrypted.
So, there is no way to unencrypt with DES in order to get a MD5 hash. That makes no sense. You simply need to decrypt that encrypted data using exactly that same algorithm, but in a PHP implementation.
And by the way, "PBEWithMD5AndDES" is not a "jasypt algorithm". It is a Java Cryptography Extension (JCE) algorithm. Jasypt does not implement any algorithms itself.
Hope this helps.
PHP for Java 简化加密在这里:https://github.com/kevwis/Phpsypt
Php for Java simplified encryption here: https://github.com/kevwis/Phpsypt
您缺少生成密钥。
我必须为我的客户做同样的事情,并编写了几行代码来帮助解决问题: https: //github.com/kevinsandow/PBEWithMD5AndDES
You're missing generating the key.
I had to do the same thing for a customer of mine and wrote a few lines of code to help with issue: https://github.com/kevinsandow/PBEWithMD5AndDES