如何使Ruby AES-256-CBC和PHP MCRYPT_RIJNDAEL_128一起玩 [英] How to make Ruby AES-256-CBC and PHP MCRYPT_RIJNDAEL_128 play well together

问题描述

我正在生成要从Ruby堆栈发送到PHP堆栈的数据.我正在使用Ruby方面的OpenSSL :: Cipher库和PHP中的"mcrypt"库.当我在Ruby中使用"aes-256-cbc"(256位块大小)进行加密时，我需要在PHP中使用MCRYPT_RIJNDAEL_128(128位块大小)对其进行解密.我怀疑Ruby代码已损坏，因为cipher.iv_len为16；我相信应该是32:

I'm generating data to send from a Ruby stack to a PHP stack. I'm using the OpenSSL::Cipher library on the Ruby side and the 'mcrypt' library in PHP. When I encrypt using 'aes-256-cbc' (256-bit block size) in Ruby I need to use MCRYPT_RIJNDAEL_128 (128-bit block size) in PHP to decrypt it. I suspect the Ruby code that is broken, because the cipher.iv_len is 16; I believe it should be 32:

>> cipher = OpenSSL::Cipher::Cipher.new('aes-128-cbc')
=> #<OpenSSL::Cipher::Cipher:0x3067c5c>
>> cipher.key_len
=> 16
>> cipher.iv_len
=> 16
>> cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
=> #<OpenSSL::Cipher::Cipher:0x306de18>
>> cipher.key_len
=> 32
>> cipher.iv_len
=> 16

这是我的测试.在Ruby方面，首先我生成密钥和iv:

So here's my test. On the Ruby side, first I generate the key and iv:

>> cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
>> cipher.encrypt
>> iv = cipher.random_iv
>> iv64 = [iv].pack("m").strip
=> "vCkaypm5tPmtP3TF7aWrug=="
>> key = cipher.random_key
>> key64 = [key].pack("m").strip
=> "RIvFgoi9xZaHS/0Bp0J9WDRyND6Z7jrd3btiAfcQ8Y0="

然后我使用这些密钥进行加密:

Then I use those keys to do the encryption:

>> plain_data = "Hi, Don, this is a string."
>> cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
>> cipher.encrypt
>> cipher.key = Base64.decode64(key64)
>> cipher.iv = Base64.decode64(iv64)
>> encrypted_data = cipher.update(plain_data)
>> encrypted_data << cipher.final
>> crypt64 = [encrypted_data].pack("m").strip
=> "5gfC/kJcnAV2fJI0haxnLcdraIKWgtu54UoznVxf8K0="

这是PHP解密:

$ruby_crypt = "5gfC/kJcnAV2fJI0haxnLcdraIKWgtu54UoznVxf8K0=";
$encrypted_data = base64_decode($ruby_crypt);
$key = base64_decode("RIvFgoi9xZaHS/0Bp0J9WDRyND6Z7jrd3btiAfcQ8Y0=");
$iv = base64_decode("vCkaypm5tPmtP3TF7aWrug==");
$result = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $encrypted_data, MCRYPT_MODE_CBC, $iv);
$unencrypt = rtrim($result, "\x00..\x1F");
print "\nUnencrypted token:\n'$unencrypt'\n";

RESULT:
Unencrypted token:
'Hi, Don, this is a string.'

我希望使用更长的块大小.显然，我误解了API.帮助吗?

I'd prefer to use the longer block size. Clearly I'm misunderstanding the APIs. Help?

推荐答案

我不了解PHP，但是通过阅读侧边栏上的相关问题，我看到了此页面的引用，指出MCRYPT_RIJNDAEL_128中的128是指加密的块大小，而不是密钥大小.您会注意到，在两种情况下，在ruby和PHP之间传递的密钥大小均为256位.换句话说，这似乎是预期的行为，并且您已经在使用较大的密钥.

I don't know PHP, but reading through related questions on the sidebar, I see Converting Ruby AES256 decrypt function to PHP. This includes a reference to this page, pointing out that the 128 in MCRYPT_RIJNDAEL_128 refers to the block size of the encryption, not the key size. You'll notice that the key size that you've passed between ruby and PHP is 256 bits in both cases. In other words, this seems to be the expected behavior, and you are using the larger key already.

#!/usr/bin/ruby
require 'base64'

puts((Base64.decode64("RIvFgoi9xZaHS/0Bp0J9WDRyND6Z7jrd3btiAfcQ8Y0=").length * 8).to_s)

HTH

这篇关于如何使Ruby AES-256-CBC和PHP MCRYPT_RIJNDAEL_128一起玩的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！