AES在终端中加密并在PHP中解密 [英] AES encrypt in Terminal and decrypt in PHP

问题描述

我在其他线程中遇到了类似的问题，但是由于最近PHP发生了变化（即 mcrypt 删除），我正在寻求一些有关如何最好地解决问题的建议

使用 echo'此字符串将被加密'。在Mac终端中的openssl enc -aes-256-cbc -a -pass pass：123 中，我能够使用密码对字符串进行加密，现在希望将此字符串（作为参数）传递到服务器中端的PHP函数进行解密。

已研究这个问题，我看到有可能，但是它使用了现在删除的 mcrypt 函数。进一步阅读 PHP手册，我离这儿越来越近弄清楚如何将该加密命令反向转换为等效的PHP解密。

到目前为止，最新的答案是我已经实现的，但是，它仍然不能与终端机生成的加密一起使用，只能由PHP创建（此处未显示）。

 <？php 
 $ encrypted_string = $ _GET ['data']; 
 $ password = 123； 
 $ decrypted_data = openssl_decrypt（$ encrypted_string， AES-256-CBC，$ password）; 
 print解密的数据：< $ decrypted_data> \n; 
？> 
  

OpenSSL PHP手册指出，可以传递纯文本或base64编码的字符串并对其进行解密。由于在加密过程中使用了 -a 标志，因此我希望传入base64，从而消除了源代码，这是未返回解密数据的潜在原因。

我已经做好了URL编码的工作，以便将加密算法产生的任何+符号都替换为其-％2B -URL安全等效项，否则它们将被转换为空格字符，从而破坏了参数字符串。这样可以进一步确保解密算法正确地解决了编码后的输入字符串。

问题：为什么会获胜我的PHP函数不会解密terminal命令生成的字符串，尽管两者都使用相同的方法和密码？我的PHP代码缺少什么使它可以正常工作？

为所有人加油。

更新

我现在正在使用终端命令：

echo'blah'| openssl enc -aes-256-cbc -a -K B374A26A71490437AA024E4FADD5B497FDFF1A8EA6FF12F6FB65AF2720B59CCF -iv 64299685b2cc8da5
加密为： Y4xelTtEJPUH >



我使用 www.example.com/?data=Y4xelTtEJPUHytB5ARwUHQ ==

$ b $将其传递给PHP b

PHP应该获取数据参数并解密。当前，该函数如下所示：

 <？php 
 $ encrypted_string = base64_decode（$ _ GET ['data ']）; 
 $ key =‘B374A26A71490437AA024E4FADD5B497FDFF1A8EA6FF12F6FB65AF2720B59CCF’； 
 $ iv =‘64299685b2cc8da5’； 
 
 $ output = openssl_decrypt（$ encrypted_string，'AES-256-CBC'，hex2bin（$ key），OPENSSL_RAW_DATA，hex2bin（$ iv））; 
 print解密的数据：< $ output> \n; 
？> 
  

解决方案

OpenSSL使用专有的KDF，您可能不会希望尽力在PHP代码中重现。但是，您可以使用 -K 标志将密钥作为纯十六进制而不是KDF传递：

  echo'blah'| openssl enc -aes-256-cbc -K 0000000000000000000000000000000000000000000000000000000000000000 
  

这里，大十六进制字符串是您的256-位密钥，十六进制编码。此加密操作将与您的PHP兼容。

I have come accross other threads with similar questions but due to recent changes in PHP (ie. mcrypt removal), I am seeking some advice as to how I'd best go about this using OpenSSL in 2017/18.

Using echo 'this string will be encrypted' | openssl enc -aes-256-cbc -a -pass pass:123 in the Mac Terminal, I was able to password encrypt the string and would now like to pass this (as a parameter) into a server-side PHP function to decrypt.

Having studied this question, I can see that it is possible but it uses the now removed mcrypt function. Further reading in the PHP manual, I am no closer to figuring out how to reverse this encryption command into its PHP decryption equivalent.

This recent answer is what I have implemented so far, yet again, it just won't work with a Terminal generated encryption, only one which was created in PHP (not shown here).

<?php
  $encrypted_string = $_GET['data'];
  $password = '123';
  $decrypted_data = openssl_decrypt($encrypted_string, "AES-256-CBC", $password);
  print "Decrypted Data: <$decrypted_data>\n";
?>

The OpenSSL PHP manual states that either plain text or base64 encoded strings can be passed in and be decrypted. As I have used the -a flag during encryption, I would expect base64 to be passed in, thus eliminating the source as a potential reason why no decrypted data is returned.

I have taken care of URL encoding such that any + symbols produced by the encryption algorithm are replaced with their - %2B - URL-Safe equivalent as they would otherwise be turned into a space character, thus breaking the parameter string. This further ensures that the encoded input string is correctly addressed by the decryption algorithm.

Questions: Why won't my PHP function decrypt the string generated by the terminal command, although both use the same method and password? What is missing from my PHP code that would enable this to work?

Cheers everyone.

UPDATE

I am now using Terminal command:
echo 'blah' | openssl enc -aes-256-cbc -a -K B374A26A71490437AA024E4FADD5B497FDFF1A8EA6FF12F6FB65AF2720B59CCF -iv 64299685b2cc8da5 which encrypts to: Y4xelTtEJPUHytB5ARwUHQ==

I pass this to PHP using www.example.com/?data=Y4xelTtEJPUHytB5ARwUHQ==

PHP should take data param and decrypt. Currently, that function looks like this:

<?php
$encrypted_string = base64_decode($_GET['data']);
$key = 'B374A26A71490437AA024E4FADD5B497FDFF1A8EA6FF12F6FB65AF2720B59CCF';
$iv = '64299685b2cc8da5';

$output = openssl_decrypt($encrypted_string, 'AES-256-CBC', hex2bin($key), OPENSSL_RAW_DATA, hex2bin($iv));
print "Decrypted Data: <$output>\n";
?>

解决方案

OpenSSL uses a proprietary KDF that you probably don't want to put the effort in to reproduce in PHP code. However, you can pass your key as pure hex instead, avoiding the KDF, by using the -K flag:

echo 'blah' | openssl enc -aes-256-cbc -K 0000000000000000000000000000000000000000000000000000000000000000

Here, the large hex string is your 256-bit key, hex encoded. This encryption operation will be compatible with your PHP.

这篇关于AES在终端中加密并在PHP中解密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！