如何使用 OpenSSL 解密使用 ASCII 密钥的 Mcrypt 生成的值? [英] How to use OpenSSL to decrypt a value generated with Mcrypt that has used an ASCII key?

问题描述

我需要能够使用 OpenSSL 解密在 PHP 下使用 Mcrypt 生成的值.

I need to be able to decrypt values using OpenSSL that were generated using Mcrypt under PHP.

我有这个工作，除了用于加密它们的密钥是 ascii.

I have this working, with the exception that the key used to encrypt them was ascii.

以下是我的代码，它演示了一个工作案例，当密钥是 MD5 时，OpenSSL 可以解密使用 Mcrypt 加密的值.

The following is my code that demonstrates a working case where OpenSSL can decrypt the value encrypted with Mcrypt, when the key is an MD5.

<?php
$message = 'test';
$key = md5('Quigibo');

$iv = openssl_random_pseudo_bytes(0);

$encrypted = mcrypt_encrypt(
    MCRYPT_BLOWFISH,
    $key,
    $message,
    MCRYPT_MODE_ECB,
    $iv
);

$decrypted = openssl_decrypt(
    $encrypted,
    'bf-ecb',
    $key,
    OPENSSL_RAW_DATA | OPENSSL_NO_PADDING,
    $iv
);

$trimDecrypted = rtrim($decrypted);

var_export(
    [
        'Original message' => $message,
        'Encrypted' => bin2hex($encrypted),
        'Decrypted' => $decrypted,
        'Trim decrypted' => $trimDecrypted,
        'Message length' => mb_strlen($message, '8bit'),
        'Decrypted length' => mb_strlen($decrypted, '8bit'),
        'Message == decrypted' => $message === $trimDecrypted
    ]
);

但是，如果您将 $key 更改为值Quigibo"(而不是该值的 MD5 哈希)，则无法使用 OpenSSL 解码加密值.

However, if you change $key to be the value "Quigibo" (as opposed to an MD5 hash of that value) the encrypted value cannot be decoded with OpenSSL.

在与 OpenSSL 一起使用之前，是否可以将一种编码形式应用于 ASCII 密钥，以便正确解密该值?

Is there a form of encoding I can apply to the ASCII key prior to use with OpenSSL such that it will correctly decrypt the value?

推荐答案

修改后的答案:

OpenSSL 中存在一个错误，它将 Blowfish 的密钥空填充为 16 个字节，这是不正确的，因为密码支持可变长度的密钥.他们最近添加了一个标志来解决这个问题 - OPENSSL_DONT_ZERO_PAD_KEY - 但它只在一个多星期前发布的 php 7.1.8 中可用......相关错误:https://bugs.php.net/bug.php?id=72362

There is a bug in OpenSSL which null pads the key to 16 bytes for Blowfish, which is incorrect because the cipher supports a variable length key. They have very recently added a flag to fix this - OPENSSL_DONT_ZERO_PAD_KEY - but it is only available in php 7.1.8 which was released a little over a week ago... Relevant bug: https://bugs.php.net/bug.php?id=72362

一种解决方法是手动循环密钥并将其提供给 OpenSSL:

A workaround is to manually cycle the key and feed that into OpenSSL:

$keylen = (floor(mb_strlen($key, '8bit')/8)+1)*56;
$key_cycled = substr(str_repeat($key,ceil($keylen/strlen($key))),0,$keylen);

$decrypted = openssl_decrypt(
$encrypted,
'bf-ecb',
$key_cycled,
OPENSSL_RAW_DATA | OPENSSL_NO_PADDING,
$iv
);

这篇关于如何使用 OpenSSL 解密使用 ASCII 密钥的 Mcrypt 生成的值?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！