mcrypt_decrypt PHP的正确用法 [英] mcrypt_decrypt PHP proper usage

问题描述

我认为我安装的PHP可能有问题.当我尝试这样做时，我会得到

I think my PHP intall might have problems. When I try to do this I get

警告:mcrypt_decrypt()[function.mcrypt-decrypt]:模块初始化失败

Warning: mcrypt_decrypt() [function.mcrypt-decrypt]: Module initialization failed

我正在编写一小段代码，它将使用模式ECB解密使用AES-128加密的以下字符串.

I am writing a small snippet of code that will decrypt the following string encrypted with AES-128 using mode ECB.

密钥(以base64编码):aXJhbmRvbXNlY3VyZWtleQ ==

Key (encoded in base64): aXJhbmRvbXNlY3VyZWtleQ==

加密的字符串>(以base64编码):3l6xiNdgRG + PkBw5M0lawvJ/fmuTZPRhEcbtqAmOpDI =

Encrypted string> (encoded in base64): 3l6xiNdgRG+PkBw5M0lawvJ/fmuTZPRhEcbtqAmOpDI=

我不断收到模块错误.

这是我尝试过的:

<?PHP
$retval = mcrypt_decrypt( "AES-128",
    base64_decode( "aXJhbmRvbXNlY3VyZWtleQ=="), 
    base64_decode( "3l6xiNdgRG+PkBw5M0lawvJ/fmuTZPRhEcbtqAmOpDI") ,
    "ECB");

echo $retval;
?> 

这是我相关的phpinfo.我没有看到AES-128.也许那就是问题所在.

here is my relevant phpinfo. I dont see AES-128 . Maybe thats the problem.

    mcrypt
    mcrypt support  enabled
    Version     2.5.8
    Api No  20021217
    Supported ciphers   cast-128 gost rijndael-128 twofish arcfour      cast-256           loki97      rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes
    Supported modes     cbc cfb ctr ecb ncfb nofb ofb stream 

推荐答案

您很亲密，有2个小问题.

You are close, there are 2 small problems.

首先，AES-128不是来自mcrypt的有效密码常数. AES确实是您的支持. AES-128的 mcrypt密码常数为MCRYPT_RIJNDAEL_128，即字符串rijndael-128.其次，mcrypt模式必须为小写.

First, AES-128 is not a valid cipher constant from mcrypt. AES is really rijndael which you have support for. The mcrypt cipher constant for AES-128 is MCRYPT_RIJNDAEL_128 which is the string rijndael-128. Second, the mcrypt mode must be lowercase.

将代码更改为:

<?php
$retval = mcrypt_decrypt( "rijndael-128",
    base64_decode( "aXJhbmRvbXNlY3VyZWtleQ=="), 
    base64_decode( "3l6xiNdgRG+PkBw5M0lawvJ/fmuTZPRhEcbtqAmOpDI") ,
    "ecb");

echo $retval;

产生正确的输出:Is 3 random enough?

我个人会使用mcrypt常量而不是实际的字符串，因此将rijndael-128替换为MCRYPT_RIJNDAEL_128，将ecb替换为MCRYPT_MODE_ECB.

Personally, I'd go with the mcrypt constants rather than the actual strings, so replace rijndael-128 with MCRYPT_RIJNDAEL_128 and ecb with MCRYPT_MODE_ECB.

另一方面，如果要加密大量敏感信息，请考虑使用IV而不是ECB的CBC.

On a side note, consider using CBC with an IV instead of ECB if you are encrypting lots of sensitive information.

Mcrypt可以轻松为您创建适当长度的IV.示例代码:

Mcrypt can easily create IVs for you with the proper lengths. Sample code:

$ivsize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv     = mcrypt_create_iv($ivsize);

在加密和解密时使用此IV.您可以将IV和数据一起作为base64编码的字符串传递，以实现可移植性.

Use this IV when encrypting and decrypting. You can pass the IV along with your data as a base64 encoded string for portability.

这篇关于mcrypt_decrypt PHP的正确用法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！