如何使用以前使用mcrypt加密的OpenSSL解密字符串? [英] How to decrypt a string with OpenSSL which was previously encrypted with mcrypt?

问题描述

由于mcrypt在PHP 7.1中已弃用，并且我在现有项目中使用mcrypt加密/解密了很多数据，因此如何将我的PHP代码从mcrypt迁移到OpenSSL?我有以下代码要加密:

Since mcrypt was deprecated in PHP 7.1 and I have a lot of data encrypted/decrypted with mcrypt in existing project, how to migrate my PHP code from mcrypt to OpenSSL? I have the following code to encrypt:

$encoded = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, 'salt', 'source string', MCRYPT_MODE_ECB));

解密代码为:

$source = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, 'salt', base64_decode('encoded string'), MCRYPT_MODE_ECB);

在上面的示例中，我应该使用哪些openssl_函数来获得相同的结果而无需进行编码数据转换?

What openssl_ functions should I use in the above examples to get the same results without encoded data conversion?

还是唯一的方法是运行一个脚本，该脚本将使用mcrypt解密我存储的所有加密数据并使用openssl进行编码?

Or the only way is to run a script which will decrypt all my stored encrypted data with mcrypt and encode with openssl?

谢谢

推荐答案

OpenSSL没有Rijndael-256密码；没有等效的功能-您必须解密并重新加密所有内容.

OpenSSL doesn't have the Rijndael-256 cipher; there's no equivalent - you'll have to decrypt and re-encrypt everything.

而且:

• 您缺少填充和身份验证.
• 不要使用ECB模式.
• 盐"不是正确的加密密钥，也不是任何常规字符串.使用 random_bytes()生成密钥，具有所选算法的正确密钥长度 em>.

• You're missing padding and authentication.
• Don't use ECB mode.
• "salt" is not a proper encryption key, nor is any regular string. Use random_bytes() to generate your keys, with the proper key length for the chosen algorithm.

可以将以上所有内容总结如下:不要自己做，请使用经过严格审查的库，例如

All of the above can be summed up like this: don't do it on your own, use a well-vetted library like defuse/php-encryption.

密码学并不是一件简单的事情，仅用5行代码就无法正确完成.

Cryptography is no simple thing and you can't do it properly with just 5 lines of code.

这篇关于如何使用以前使用mcrypt加密的OpenSSL解密字符串?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！