openssl的Bouncycastle中的C#编码问题
我正在尝试使用Bouncycastle在C#中解密,这是以下PHP代码的结果:
<?php
$plaintext = 'The quick brown fox jumps over the lazy dog';
$cipher = "AES-128-CTR";
$key = "F5UgsDQddWGdgjddJtNgg6xE3V9uwaCR";
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = '2782614358578542';
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
echo $ciphertext."\n";
}
?>
我的C#代码如下:
public string Decrypt(string toDecrypt, string keyStr, string ivStr)
{
byte[] inputBytes = Convert.FromBase64String(toDecrypt);
byte[] keyBytes = Encoding.UTF8.GetBytes(keyStr);
byte[] iv = Encoding.UTF8.GetBytes(ivStr);
IBufferedCipher cipher = CipherUtilities.GetCipher("AES/CTR/PKCS7PADDING");
cipher.Init(false, new ParametersWithIV(ParameterUtilities.CreateKeyParameter("AES", keyBytes), iv));
byte[] decryptedBytes = cipher.DoFinal(inputBytes);
return Encoding.UTF8.GetString(decryptedBytes);
}
php代码返回,
7/q61uOzeC4iycFIMrjvh01zvjOuCtnX8eWob8MAA5kIfMOIx915ctBIyw==
但是当我在C#中进行C#时,
Decrypt("7/q61uOzeC4iycFIMrjvh01zvjOuCtnX8eWob8MAA5kIfMOIx915ctBIyw==", "F5UgsDQddWGdgjddJtNgg6xE3V9uwaCR", "2782614358578542");
我会得到以下gibberish:
���yF�l����c:�-��7K�(�,�X�.[�W"�ܜ��J�
这使我想到了。我缺少或在编码上做错了什么,但我似乎无法弄清楚。
I'm trying to decrypt in c#, using bouncycastle, the result of the following php code:
<?php
$plaintext = 'The quick brown fox jumps over the lazy dog';
$cipher = "AES-128-CTR";
$key = "F5UgsDQddWGdgjddJtNgg6xE3V9uwaCR";
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = '2782614358578542';
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
echo $ciphertext."\n";
}
?>
My c# code is as follows:
public string Decrypt(string toDecrypt, string keyStr, string ivStr)
{
byte[] inputBytes = Convert.FromBase64String(toDecrypt);
byte[] keyBytes = Encoding.UTF8.GetBytes(keyStr);
byte[] iv = Encoding.UTF8.GetBytes(ivStr);
IBufferedCipher cipher = CipherUtilities.GetCipher("AES/CTR/PKCS7PADDING");
cipher.Init(false, new ParametersWithIV(ParameterUtilities.CreateKeyParameter("AES", keyBytes), iv));
byte[] decryptedBytes = cipher.DoFinal(inputBytes);
return Encoding.UTF8.GetString(decryptedBytes);
}
The php code returns
7/q61uOzeC4iycFIMrjvh01zvjOuCtnX8eWob8MAA5kIfMOIx915ctBIyw==
But when I make in C# the following call
Decrypt("7/q61uOzeC4iycFIMrjvh01zvjOuCtnX8eWob8MAA5kIfMOIx915ctBIyw==", "F5UgsDQddWGdgjddJtNgg6xE3V9uwaCR", "2782614358578542");
I get the following gibberish:
���yF�l����c:�-��7K�(�,�X�.[�W"�ܜ��J�
Which makes me think that I'm missing or doing something wrong with the encoding but I can't seem to figure it out.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
AES-128使用16个字节密钥。但是,在PHP代码中,使用了一个32字节密钥,仅考虑前16个字节,该php 隐式截断。
因此,修复程序是相应地缩短C#代码中的密钥,即使用
f5ugsdqddwgdgjdd。另外,将PHP代码中的AES变体更改为AES-256(
aes-256-ctr),该变体在CiphertextTW05J9QDFABK7ZBYT9JINE8XWQNB2PIM7RTV7RTV7RTV7GDBA2BBA2TSE7EJJVVVJJP5 JJP5YKA =此外,在C#代码中,应用
aes/ctr/nopadding,因为CTR是不需要填充的流密码模式,这就是为什么padding在中被隐式在PHP代码。请注意,出于安全原因,键/IV对不得重复使用,尤其是对于CTR。因此,对于固定键,不得应用静态IV,而是随机的键(通常将其与密文一起传递给解密一侧,通常是串联)。
AES-128 uses a 16 bytes key. In the PHP code, however, a 32 bytes key is used, which PHP implicitly truncates by considering only the first 16 bytes.
So the fix is to shorten the key in the C# code accordingly, i.e. use
F5UgsDQddWGdgjdd.Alternatively, change the AES variant in the PHP code to AES-256 (
aes-256-ctr), which results in the ciphertextTw05j9QDfaBK7zbyt9jine8xWqnzNB2Pim7rtv7gDba2TsE7ejvvjP5YKA==.Additionally, in the C# code, apply
AES/CTR/NoPadding, since CTR is a stream cipher mode that does not require padding, which is why padding is implicitly disabled in the PHP code.Note that for security reasons, key/IV pairs must not be reused, especially for CTR. Therefore, for a fixed key, a static IV must not be applied, but a random one (which is passed to the decrypting side together with the ciphertext, usually concatenated).