如何使用以前使用mcrypt加密的OpenSSL解密字符串? [英] How to decrypt a string with OpenSSL which was previously encrypted with mcrypt?
问题描述
由于mcrypt在PHP 7.1中已弃用,并且我在现有项目中使用mcrypt加密/解密了很多数据,因此如何将我的PHP代码从mcrypt迁移到OpenSSL?我有以下代码要加密:
Since mcrypt was deprecated in PHP 7.1 and I have a lot of data encrypted/decrypted with mcrypt in existing project, how to migrate my PHP code from mcrypt to OpenSSL? I have the following code to encrypt:
$encoded = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, 'salt', 'source string', MCRYPT_MODE_ECB));
解密代码为:
$source = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, 'salt', base64_decode('encoded string'), MCRYPT_MODE_ECB);
在上面的示例中,我应该使用哪些openssl_
函数来获得相同的结果而无需进行编码数据转换?
What openssl_
functions should I use in the above examples to get the same results without encoded data conversion?
还是唯一的方法是运行一个脚本,该脚本将使用mcrypt解密我存储的所有加密数据并使用openssl进行编码?
Or the only way is to run a script which will decrypt all my stored encrypted data with mcrypt and encode with openssl?
谢谢
推荐答案
OpenSSL没有Rijndael-256密码;没有等效的功能-您必须解密并重新加密所有内容.
OpenSSL doesn't have the Rijndael-256 cipher; there's no equivalent - you'll have to decrypt and re-encrypt everything.
而且:
- 您缺少填充和身份验证.
- 不要使用ECB模式.
- 盐"不是正确的加密密钥,也不是任何常规字符串.使用 random_bytes()生成密钥,具有所选算法的正确密钥长度 em>.
- You're missing padding and authentication.
- Don't use ECB mode.
- "salt" is not a proper encryption key, nor is any regular string. Use random_bytes() to generate your keys, with the proper key length for the chosen algorithm.
可以将以上所有内容总结如下:不要自己做,请使用经过严格审查的库,例如
All of the above can be summed up like this: don't do it on your own, use a well-vetted library like defuse/php-encryption.
密码学并不是一件简单的事情,仅用5行代码就无法正确完成.
Cryptography is no simple thing and you can't do it properly with just 5 lines of code.
这篇关于如何使用以前使用mcrypt加密的OpenSSL解密字符串?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!