openssl_encrypt& AES256 [英] openssl_encrypt & AES256

问题描述

也许有人知道如何在PHP上实现

maybe someone know how do this on PHP

echo TEST | openssl enc -e -aes-256-cbc -k 123456 -a -md md5

echo "TEST" | openssl enc -e -aes-256-cbc -k 123456 -a -md md5

我会尝试

$iv = openssl_random_pseudo_bytes(16);
$data = base64_encode(openssl_encrypt('TEST', 'aes-256-cbc', $password, OPENSSL_RAW_DATA, $iv));

但未成功。

推荐答案

有趣的是，就像 https://linux.die.net/man/1/enc ，我的本地openssl安装手册页将'-md'（不带参数）作为openssl enc的选项-但没有似乎可以解释其用途。 openssl Wiki 表示其用于密钥派生。

Interestingly, like the version at https://linux.die.net/man/1/enc , the man page for my local openssl installation lists '-md' (without an argument) as an option for openssl enc - but doesn't seem to explain what its for. The openssl wiki says its used for key derivation.

多挖一点，我发现在SO加密网站上。

但是在尝试编写实现之前，由于openssl的实现有些深奥，因此问题是否需要在您的实施中特别支持？如果您只需要一种在网站外加密/解密数据的方法，则可以编写一个命令行PHP脚本。

But before attempting to write an implementation, since openssl's implementation is somewhat esoteric, it rather begs the question of whether there is a need to specifically support this in your implementation? If you merely need a method of encrypting/decrypting data outside your website, you could just write a command line PHP script.

快速阅读链接的文档表明， ....

A quick read through the linked document, suggests that....

  $data = base64_encode(openssl_encrypt('TEST', 'aes-256-cbc', md5($password, true), OPENSSL_RAW_DATA, $iv));

但是我希望openssl对派生函数中的键进行其他操作以填充16个字节到所需的128位（为什么要为256位算法强制使用128位密钥？）

But I expect that openssl is doing something else to the key in the derivation function to pad the 16 bytes out to the required 128 bits (why are you forcing a 128 bit key for a 256 bit algorithm?)

这篇关于openssl_encrypt& AES256的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！