我必须为数据库中使用 AES-256-CBC 加密的字符串指定的长度是多少? [英] What is the length I must specify for string encrypted with AES-256-CBC in the database?
问题描述
我使用 AES 256 cbc 方法来加密我的文件.我正在加密的列称为名称".以前在加密之前,我在 phpmyadmin 中将名称"的 varchar 长度设置为 20.当我尝试加密时,我发现它很短,并且整个加密字符串没有插入数据库中.所以我将 varchar 的大小更改为 50,但长度仍然很小.我也必须为其他列执行此操作.如何确定名称"列的有效长度.
I am using AES 256 cbc method to encrypt my files. The column which I am encrypting is called 'Name'. previously before encrypting I had set the varchar length in phpmyadmin for 'Name' to be 20. when I was trying to encrypt , I saw it was short and the entire encrypted string was not getting inserted in the database. So I changed the size of varchar to 50 but still the length is small. I have to do this for other column as well. How do I determine efficient length for 'Name' column.
我在加密中使用随机 IV,如下面的示例所示.
I am using randomized IV in the encryption as can be seen from the below example.
$encryptionMethod = "AES-256-CBC";
$secretHash = "25c6c7ff35b9979b151f2136cd13b0ff";
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($encryptionMethod));
//To encrypt
$encrypted = openssl_encrypt($textToEncrypt, $encryptionMethod, $secretHash,false,$iv);
$encryptedMessage = $encrypted . ':' .base64_encode($iv);
在解密时我使用
$parts = explode(':', $encryptedMessage);
// Decrypt the data
$decryptedMessage = openssl_decrypt($parts[0], $encryptionMethod, $secretHash, 0, base64_decode($parts[1]));
echo $decryptedMessage;
由于 IV 附加到加密字符串,我将如何计算需要在数据库中为名称"列定义的长度.
since the IV is appended to the encrypted string , how would I be able to calculate the length needed to be defined in the database for the column 'Name'.
推荐答案
AES 的块大小是 16 字节,所以你需要
The block size of AES is 16 bytes, so you you'll need
- 输入的大小,四舍五入到最接近的 16 倍数
- 另外,如果输入已经是 16 的倍数,PKCS#5 填充的一个块大小
- 加上 16 个字节用于 IV
请注意,这不一定适用于其他密码模式1.
Note that this doesn't necessarily apply to other cipher modes1.
因此对于 20 个字节的输入,您总共需要 48 个字节.但是,您还要对结果进行 base64 编码,这至少需要多出 33% 的空间(即,如果您关心空间,则应该存储原始字节).
So for 20 bytes of input you'll need a total of 48 bytes. However, you are also base64 encoding the result, which requires at least 33% more space (i.e. you should be storing the raw bytes if you care about space).
你应该总是在编码之前连接,否则你经常用多个填充字节序列浪费空间.如果您的输入长度为 20 字节,则对 32 字节密文进行编码本身会产生 44 字节,而对 IV 进行编码会产生 24 字节(两者都需要填充).在编码前连接只会产生 64 个字节.
You should always concatenate before encoding, otherwise you often waste space with multiple padding byte sequences. If your input is 20 bytes long, encoding the 32 byte ciphertext by itself produces 44 bytes, and encoding the IV produces 24 bytes (both need padding). Concatenating before encoding produces only 64 bytes.
在编码之前连接也不需要分隔符,因为 IV 的长度是已知的.
Concatenating before encoding also doesn't require the delimiter, because the length of the IV is known.
1 AEAD 密码,例如 GCM,通常比 CBC 更可取,但显然需要更多空间来存储身份验证哈希.
1 AEAD ciphers, such as GCM, are generally preferable over CBC, but require more space for storing the authentication hash, obviously.
这篇关于我必须为数据库中使用 AES-256-CBC 加密的字符串指定的长度是多少?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
