"PBKDF2WithHmacSHA256"的PHP替代方案;来自Java [英] PHP alternative of "PBKDF2WithHmacSHA256" from Java
问题描述
我需要在PHP中生成与Java中生成的 PBKDF2WithHmacSHA256
算法相同的哈希值.
I need to generate in PHP the same hash as as the PBKDF2WithHmacSHA256
algorithm generates in Java.
我做了一些研究,发现似乎与 PBKDF2
和 HMAC
相关的两个函数:
I did some research and found two functions that seem to be connected to PBKDF2
and HMAC
:
- hash_pbkdf2- http://php.net/manual/zh/function.hash-pbkdf2.php
- hash_hmac- http://php.net/manual/zh/function.hash-hmac.php
我应该使用哪些PHP函数?原生PHP函数甚至有可能吗?
What PHP functions should I use? Is it even possible with native PHP functions?
编辑#1
我的Java代码,需要在PHP中实现的相同结果
My Java code, the same result I need achieve in PHP
public static byte[] derivateKey(char[] password, byte[] salt, int iterations, int keyLengthBits) {
try {
SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
PBEKeySpec spec = new PBEKeySpec(password, salt, iterations, keyLengthBits);
SecretKey key = skf.generateSecret(spec);
byte[] res = key.getEncoded();
return res;
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
throw new IllegalStateException("Could not create hash", e);
}
}
推荐答案
您提供的Java代码基本上是 hash_pbkdf2()
.您只需要传递正确的参数即可:
The Java code you've provided is basically hash_pbkdf2()
. You just need to pass the correct params:
function derivateKey($password, $salt, $iterations, $keyLengthBits)
{
return hash_pbkdf2(
'sha256',
$password,
$salt,
$iterations,
$keyLengthBits / 8,
true
);
}
很明显,PHP的 hash_pbkdf2()
接受哈希算法作为参数,但是潜在的棘手区别是:
Obviously, PHP's hash_pbkdf2()
accepts the hash algorithm as a parameter, but the potentially tricky differences are these:
- 它不符合 RFC 2898 ,因为它的长度是后十六进制编码,因此必须将最后一个参数设置为
true
,以使其与规范一致. - 它接受以字节为单位而不是位的输出长度(因此,我们为什么要在上面除以8).
- It doesn't comply with RFC 2898 in that its length is applied after hex-encoding, so that last parameter must be set to
true
to make it consistent with the spec. - It accepts the output length in bytes instead of bits (hence why we divide by 8 above).
我唯一不确定的是示例代码中 key.getEncoded()
的作用……在任何地方都没有指定编码算法.
我发现一些文档建议它应该是RAW,因此我提供的示例应该与之匹配.如果没有,则必须自己进行编码.
The only thing I'm not sure about is what key.getEncoded()
does in your sample code ... there's no encoding algorithm specified anywhere.
I found some docs suggesting it is supposed to be RAW, so the example I'm providing should match it. If it doesn't, you'll have to encode it yourself.
这篇关于"PBKDF2WithHmacSHA256"的PHP替代方案;来自Java的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!