php:将mcrypt_encrypt转换为openssl_encrypt和OPENSSL_ZERO_PADDING问题 [英] php: mcrypt_encrypt to openssl_encrypt, and OPENSSL_ZERO_PADDING problems

问题描述

对于给定的$key，$message和$iv，我有这个mcrypt_encrypt呼叫:

I have this mcrypt_encrypt call, for a given $key, $message and $iv:

$string = mcrypt_encrypt(MCRYPT_3DES, $key, $message, MCRYPT_MODE_CBC, $iv);

我想将mcrypt_encrypt调用更改为openssl_encrypt一个，以便将来进行验证.

I'd like to change the mcrypt_encrypt call to an openssl_encrypt one, to future-proof this.

通过具有$mode = 'des-ede3-cbc'或$mode = '3DES';和$options = true，我得到的响应更相似，但不完全相同.还有其他方法可以称其为完美匹配吗?

By having $mode = 'des-ede3-cbc' or $mode = '3DES'; and $options = true I get the more similar response, but not identical. Is there other way to call it to get a perfect match?

我正在为lorem-ipsum $message + $key组合获取此(base64_encoded)，因此我开始相信一个函数或另一个函数在加密之前会在消息中填充一些内容...

I'm getting this (base64_encoded) for a lorem-ipsum $message+$key combinations, so I'm starting to believe one function or the other are padding somewhat the message before encrypting...

对于mcrypt

"Y + JgMBdfI7ZYY3M9lJXCtb5Vgu + rWvLBfjug2GLX7uo ="

"Y+JgMBdfI7ZYY3M9lJXCtb5Vgu+rWvLBfjug2GLX7uo="

对于openssl

"Y + JgMBdfI7ZYY3M9lJXCtb5Vgu + rWvLBvte4swdttHY ="

"Y+JgMBdfI7ZYY3M9lJXCtb5Vgu+rWvLBvte4swdttHY="

尝试使用$ options传递 OPENSSL_ZERO_PADDING ，但传递除 1 ( OPENSSL_RAW_DATA 或 true )之外的任何内容导致一个空字符串...

Tried using $options to pass OPENSSL_ZERO_PADDING, but passing anything but 1 (OPENSSL_RAW_DATA, or true) results in an empty string...

既不使用OPENSSL_ZERO_PADDING也不使用OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING工作... :( 我正在使用"OpenSSL 1.0.2g 2016年3月1日".

Neither using OPENSSL_ZERO_PADDING nor OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING work... :( I'm using "OpenSSL 1.0.2g 1 Mar 2016".

已经阅读此问题与解答，但事实并非如此.帮帮我.并非仅

Already read this q&a, but it doesn't help me. Not the only one with padding troubles, but no solution in sight so far. (Second answer talks about adding padding to mcrypt call, I would really want to remove padding from openssl encryption call...

推荐答案

mcrypt_encrypt 零填充输入数据(如果不是块大小的倍数).如果数据本身具有尾随零，这将导致模棱两可的结果.显然，在这种情况下，OpenSSL不允许您使用零填充，这解释了错误的返回值.

mcrypt_encrypt zero-pads input data if it's not a multiple of the blocksize. This leads to ambiguous results if the data itself has trailing zeroes. Apparently OpenSSL doesn't allow you to use zero padding in this case, which explains the false return value.

您可以通过手动添加填充来避免这种情况.

You can circumvent this by adding the padding manually.

$message = "Lorem ipsum";
$key = "123456789012345678901234";
$iv = "12345678";

$message_padded = $message;
if (strlen($message_padded) % 8) {
    $message_padded = str_pad($message_padded,
        strlen($message_padded) + 8 - strlen($message_padded) % 8, "\0");
}
$encrypted_mcrypt = mcrypt_encrypt(MCRYPT_3DES, $key,
    $message, MCRYPT_MODE_CBC, $iv);
$encrypted_openssl = openssl_encrypt($message_padded, "DES-EDE3-CBC", 
    $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, $iv);

printf("%s => %s\n", bin2hex($message), bin2hex($encrypted_mcrypt));
printf("%s => %s\n", bin2hex($message_padded), bin2hex($encrypted_openssl));

这将相等地打印出来.

This prints both as equal.

4c6f72656d20697073756d => c6fed0af15d494e485af3597ad628cec
4c6f72656d20697073756d0000000000 => c6fed0af15d494e485af3597ad628cec

这篇关于php:将mcrypt_encrypt转换为openssl_encrypt和OPENSSL_ZERO_PADDING问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！