在终端中解密PHP生成的OpenSSL字符串 [英] Decrypting a PHP generated OpenSSL string in Terminal
问题描述
该问题作为第二部分有助于我之前的问题。
我遇到了其他类似问题的线程,但是由于PHP最近发生了变化(即mcrypt删除),我正在寻求一些有关如何最好地解决此问题的建议在2017/18年使用OpenSSL。
This question aids as part two to my previous question.
I have come across other threads with similar questions but due to recent changes in PHP (ie. mcrypt removal), I am seeking some advice as to how I'd best go about this using OpenSSL in 2017/18.
我在PHP脚本中设计了以下功能。
I have devised the following function in a PHP script. It takes a plain text string and encrypts it.
<?php
function encrypt( $myString) {
$data = $myString;
$key = 'B374A26A71490437AA024E4FADD5B497FDFF1A8EA6FF12F6FB65AF2720B59CCF';
$iv = '61736466673534336173646667353433';
$encrypted = openssl_encrypt($data, 'AES-256-CBC', $key, 0, hex2bin($iv));
return $encrypted;
}
?>
返回值: 6Q7DM7VGEeJdnGf2h9k1Kg ==
我的问题非常简单:将上述结果重新转换为纯文本的终端解密等同于什么?
My question is quite simple: What is the Terminal decryption equivalent turning the above result back into its plain text?
到目前为止,我已经能够在AppleScript中使用以下终端命令(以便更快地进行变量操作),但是 do shell脚本
的内容是终端代码:
So far I was able to use the following Terminal commands in AppleScript (for faster variable manipulation) but the do shell script
content is Terminal code:
set encKey to "B374A26A71490437AA024E4FADD5B497FDFF1A8EA6FF12F6FB65AF2720B59CCF"
set encIV to "61736466673534336173646667353433"
set stringToEnc to "my plain text string"
set encrypted to (do shell script "echo '" & stringToEnc & "' | openssl enc -aes-256-cbc -a -K " & encKey & " -iv " & encIV)
set decrypted to (do shell script "echo '" & encrypted & "' | openssl enc -aes-256-cbc -a -d -K " & encKey & " -iv " & encIV)
但是,尽管是,将 encrypted
(在上面的脚本中)设置为PHP函数的输出,则会引发错误:
However, while this works as is, setting encrypted
(in the script above) to the output of the PHP function, it throws the error:
错误解密
140735624655752:错误:06065064:数字信封例程:EVP_DecryptFinal_ex:错误解密:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/ libressl / crypto / evp / evp_enc.c:529:
bad decrypt 140735624655752:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22/libressl/crypto/evp/evp_enc.c:529:
已研究此,和类似问题在SO上出现,这使我一直感到困惑,为什么错误不断发生。
我相信是因为键
和 iv
的编码(请注意,我使用了 hex2bin()
(在PHP中),如果不使用它会产生不同的结果。
Having studied this, that and similar questions here on SO, I am puzzled why the error keeps occurring.
I believe it is because of the encoding of the key
and iv
(note that I have used hex2bin()
in PHP), which will yield a different result if not used.
终端命令中缺少什么?如果有人可以帮我解决解密问题,我将非常感谢您的帮助。
What's missing in my Terminal command? If someone could help me work out the decryption equivalent, I would really appreciate the assistance.
推荐答案
就像您的最后一个问题一样,您在编码方面有些挣扎。如果您仔细查阅 openssl_encrypt $ c的文档, $ c>
,您会注意到,键和IV都应作为原始值而不是十六进制值传递。
Just like your last question, you are struggling with encodings a bit. If you carefully consult the documentation for openssl_encrypt
, you'll note that both the key and IV should be passed as raw values, not hex.
您在代码中正确执行了此操作与IV,但不是关键。您将密钥作为十六进制值传递,这意味着它的长度是所需长度的两倍。仅使用了密钥的前256位,在本例中为 B374A26A71490437AA024E4FADD5B497
,因为您总共传递了512位密钥材料。
You did this correctly in your code with the IV, but not the key. You passed the key as a hex value, which means it was twice as long as it needed to be. Just the first 256-bits of the key are used, in this case, B374A26A71490437AA024E4FADD5B497
, since you passed 512-bits of key material in total.
所以我们知道,当我们的原始密钥经过ASCII编码时,是 B374A26A71490437AA024E4FADD5B497
,即256位。但是,我在第一个问题中讨论的OpenSSL -K标志要求将密钥传递给十六进制编码,这意味着我们需要对密钥进行十六进制编码。因此,我们对 B374A26A71490437AA024E4FADD5B497
进行十六进制编码以获得 4233373441323641373134393034333741413032344534464144144542542937
,这是实际的十六进制编码的加密密钥。
So we know that our raw key, when ASCII encoded, is B374A26A71490437AA024E4FADD5B497
, which is exactly 256-bits. However, the OpenSSL -K flag that I discussed in your first question requires the key to be passed hex encoded, which means we need to hex encode our key. So we hex encode B374A26A71490437AA024E4FADD5B497
to get 4233373441323641373134393034333741413032344534464144443542343937
, which is the actual hex encoded encryption key.
总而言之,最后一条命令是这样,它给出的输出仅为字节0x70,我认为这是正确的:
So, in summary, the final command is this, which gives an output of just the byte 0x70, which I assume is correct:
openssl enc -d -K 4233373441323641373134393034333741413032344534464144443542343937 -iv 61736466673534336173646667353433 -in input.bin -out out.bin
这假定input.bin是您提供的base64密文的base64解码二进制。
This assumes that input.bin is the base64 decoded binary of the base64 ciphertext you provided.
这篇关于在终端中解密PHP生成的OpenSSL字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!