在终端中解密PHP生成的OpenSSL字符串 [英] Decrypting a PHP generated OpenSSL string in Terminal

问题描述

该问题作为第二部分有助于我之前的问题。

我遇到了其他类似问题的线程，但是由于PHP最近发生了变化（即mcrypt删除），我正在寻求一些有关如何最好地解决此问题的建议在2017/18年使用OpenSSL。

This question aids as part two to my previous question.
I have come across other threads with similar questions but due to recent changes in PHP (ie. mcrypt removal), I am seeking some advice as to how I'd best go about this using OpenSSL in 2017/18.

我在PHP脚本中设计了以下功能。

I have devised the following function in a PHP script. It takes a plain text string and encrypts it.

<?php
function encrypt( $myString) {
    $data = $myString;
    $key = 'B374A26A71490437AA024E4FADD5B497FDFF1A8EA6FF12F6FB65AF2720B59CCF';
    $iv = '61736466673534336173646667353433';

    $encrypted = openssl_encrypt($data, 'AES-256-CBC', $key, 0, hex2bin($iv));
    return $encrypted;
}
?>

返回值： 6Q7DM7VGEeJdnGf2h9k1Kg ==

我的问题非常简单：将上述结果重新转换为纯文本的终端解密等同于什么？

My question is quite simple: What is the Terminal decryption equivalent turning the above result back into its plain text?

到目前为止，我已经能够在AppleScript中使用以下终端命令（以便更快地进行变量操作），但是 do shell脚本的内容是终端代码：

So far I was able to use the following Terminal commands in AppleScript (for faster variable manipulation) but the do shell script content is Terminal code:

set encKey to "B374A26A71490437AA024E4FADD5B497FDFF1A8EA6FF12F6FB65AF2720B59CCF"
set encIV to "61736466673534336173646667353433"
set stringToEnc to "my plain text string"

set encrypted to (do shell script "echo '" & stringToEnc & "' | openssl enc -aes-256-cbc -a -K " & encKey & " -iv " & encIV)
set decrypted to (do shell script "echo '" & encrypted & "' | openssl enc -aes-256-cbc -a -d -K " & encKey & " -iv " & encIV)

但是，尽管是，将 encrypted （在上面的脚本中）设置为PHP函数的输出，则会引发错误：

However, while this works as is, setting encrypted (in the script above) to the output of the PHP function, it throws the error:

错误解密
140735624655752：错误：06065064：数字信封例程：EVP_DecryptFinal_ex：错误解密：/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/ libressl / crypto / evp / evp_enc.c：529：

bad decrypt 140735624655752:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/crypto/evp/evp_enc.c:529:

已研究此，和类似问题在SO上出现，这使我一直感到困惑，为什么错误不断发生。
我相信是因为键和 iv 的编码（请注意，我使用了 hex2bin（）（在PHP中），如果不使用它会产生不同的结果。

Having studied this, that and similar questions here on SO, I am puzzled why the error keeps occurring. I believe it is because of the encoding of the key and iv (note that I have used hex2bin() in PHP), which will yield a different result if not used.

终端命令中缺少什么？如果有人可以帮我解决解密问题，我将非常感谢您的帮助。

What's missing in my Terminal command? If someone could help me work out the decryption equivalent, I would really appreciate the assistance.

推荐答案

就像您的最后一个问题一样，您在编码方面有些挣扎。如果您仔细查阅 openssl_encrypt ，您会注意到，键和IV都应作为原始值而不是十六进制值传递。

Just like your last question, you are struggling with encodings a bit. If you carefully consult the documentation for openssl_encrypt, you'll note that both the key and IV should be passed as raw values, not hex.

您在代码中正确执行了此操作与IV，但不是关键。您将密钥作为十六进制值传递，这意味着它的长度是所需长度的两倍。仅使用了密钥的前256位，在本例中为 B374A26A71490437AA024E4FADD5B497 ，因为您总共传递了512位密钥材料。

You did this correctly in your code with the IV, but not the key. You passed the key as a hex value, which means it was twice as long as it needed to be. Just the first 256-bits of the key are used, in this case, B374A26A71490437AA024E4FADD5B497, since you passed 512-bits of key material in total.

所以我们知道，当我们的原始密钥经过ASCII编码时，是 B374A26A71490437AA024E4FADD5B497 ，即256位。但是，我在第一个问题中讨论的OpenSSL -K标志要求将密钥传递给十六进制编码，这意味着我们需要对密钥进行十六进制编码。因此，我们对 B374A26A71490437AA024E4FADD5B497 进行十六进制编码以获得 4233373441323641373134393034333741413032344534464144144542542937 ，这是实际的十六进制编码的加密密钥。

So we know that our raw key, when ASCII encoded, is B374A26A71490437AA024E4FADD5B497, which is exactly 256-bits. However, the OpenSSL -K flag that I discussed in your first question requires the key to be passed hex encoded, which means we need to hex encode our key. So we hex encode B374A26A71490437AA024E4FADD5B497 to get 4233373441323641373134393034333741413032344534464144443542343937, which is the actual hex encoded encryption key.

总而言之，最后一条命令是这样，它给出的输出仅为字节0x70，我认为这是正确的：

So, in summary, the final command is this, which gives an output of just the byte 0x70, which I assume is correct:

openssl enc -d -K 4233373441323641373134393034333741413032344534464144443542343937 -iv 61736466673534336173646667353433 -in input.bin -out out.bin

这假定input.bin是您提供的base64密文的base64解码二进制。

This assumes that input.bin is the base64 decoded binary of the base64 ciphertext you provided.

这篇关于在终端中解密PHP生成的OpenSSL字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！