PHP ColdFusion9 AES加密 - 不同的结果 [英] PHP ColdFusion9 AES Encryption - Different results

问题描述

PHP中的AES加密和ColdFusion9正在产生不同的结果。请帮我吗？

以下PHP代码

  $ key =12345678123456781234567812345678; 
 $ iv =1234567812345678; 
 $ data =这是一个纯字符串。 
 
 echo base64_encode（mcrypt_encrypt（MCRYPT_RIJNDAEL_128，$ key，$ data，MCRYPT_MODE_CBC，$ iv））; 
  

给我G + tdEOfQTtVCQGxW3N5uzkqN207OyfIPxS6zf2xrKKY =

而下面的ColdFusion代码

 < cfset thePlainData =这是一个纯字符串。 /> 
< cfset theKey =12345678123456781234567812345678/> 
< cfset theAlgorithm =AES / CBC / PKCS5Padding/> 
< cfset theEncoding =base64/> 
< cfset theIV =1234567812345678/> 
 
< cfset encryptedString = encrypt（thePlainData，theKey，theAlgorithm，theEncoding，theIV）/> 
  

给我KLt55n5 / T3ee6xVq9VGFbyCacJznkHEqC / RDRhL + 4nw =

任何想法我错了什么？非常感谢。

解决方案

不幸的是，ColdFusion和PHP实现之间存在一些轻微的不兼容问题。 AES要求明文块大小可除以128.要实现此目的， PHP将使用NULL字符填充明文输入获得正确的块大小。 ColdFusion可以使用各种支持的填充技术。不幸的是，ColdFusion和Java都不支持NULL填充模式，这使得互操作性更加困难。 ColdFusion的字符串处理不支持NULL字符，因此您需要在PHP中实现PKCS5Padding模式<

此外，如注释中所述，ColdFusion希望密钥被base64编码，因此您需要键设置看起来像：

 < cfset theKey = toBase64（12345678123456781234567812345678）/>此外，Java默认情况下（和ColdFusion通过扩展）只支持最大128位的密钥大小。在这里，您使用的是256位密钥，需要Java无限强度扩展（对于那些尝试测试代码并获取非法的键大小错误）。
 
 
 
生成的PHP代码如下所示：
  //函数从http://us3.php.net/manual/en/ref.mcrypt.php#69782 
函数pkcs5_pad（$ text，$ blocksize）
 {
 $ pad = $ blocksize  - （strlen（$ text）％$ blocksize）; 
 return $ text。 str_repeat（chr（$ pad），$ pad）; 
} 
 
 $ key =12345678123456781234567812345678; 
 $ iv =1234567812345678; 
 //用PKCS＃5填充数据，以防止PHP使用NULL填充。 
 $ data = pkcs5_pad（这是一个纯字符串。，16）; 
 
 echo base64_encode（mcrypt_encrypt（MCRYPT_RIJNDAEL_128，$ key，$ data，MCRYPT_MODE_CBC，$ iv））; 
  
生成的ColdFusion代码如下所示：
 < cfset thePlainData =这是一个纯字符串。 /> 
< cfset theKey = toBase64（12345678123456781234567812345678）/> 
< cfset theAlgorithm =AES / CBC / PKCS5Padding/> 
< cfset theEncoding =base64/> 
< cfset theIV =1234567812345678/> 
 
< cfset encryptedString = encrypt（thePlainData，theKey，theAlgorithm，theEncoding，theIV）/> 
 
< cfoutput>＃encryptedString＃< / cfoutput> 
  
两者都输出相同的base64编码字符串：
  G + tdEOfQTtVCQGxW3N5uzlu0mGabRKNxuIdAXArQE8​​0 = 
  
 
AES Encryption in PHP and ColdFusion9 is producing different results. Could somebody please help me?

The below PHP Code
$key = "12345678123456781234567812345678";
$iv = "1234567812345678";
$data = "This is a plain string.";

echo base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv));
gives me G+tdEOfQTtVCQGxW3N5uzkqN207OyfIPxS6zf2xrKKY=

While the below ColdFusion Code
<cfset thePlainData  = "This is a plain string." />
<cfset theKey    = "12345678123456781234567812345678" />
<cfset theAlgorithm  = "AES/CBC/PKCS5Padding" />
<cfset theEncoding  = "base64" />
<cfset theIV    = "1234567812345678" />

<cfset encryptedString = encrypt(thePlainData, theKey, theAlgorithm, theEncoding, theIV) />
gives me KLt55n5/T3ee6xVq9VGFbyCacJznkHEqC/RDRhL+4nw= 

Any idea where I am wrong? Thanks in advance.
解决方案
Unfortunately there is a slight incompatibility between the ColdFusion and PHP implementations regarding the plaintext padding style used.  AES requires a plaintext block size divisible by 128.  To achieve this, PHP will pad the plaintext input with NULL characters to get the proper block size.  ColdFusion can use a variety of padding techniques that are supported by Java.  Unfortunately, ColdFusion nor Java support a NULL padding schema which makes interoperability more difficult.  ColdFusion's string handling does not support NULL characters, so you will need to implement a PKCS5Padding schema within PHP instead to get them to inter-operate properly.

Also, as mentioned in the comments, ColdFusion will expect the key to be base64 encoded, so you'd need the key setting to look like:
<cfset theKey = toBase64("12345678123456781234567812345678") />
Further, Java by default (and ColdFusion by extension) only supports key sizes up to 128 bits.  Here you're using a 256 bit key which would require the Java Unlimited Strength extension (for those trying to test the code and getting an illegal key size error).

The resulting PHP code looks like:
// Function from http://us3.php.net/manual/en/ref.mcrypt.php#69782
function pkcs5_pad ($text, $blocksize)
{
    $pad = $blocksize - (strlen($text) % $blocksize);
    return $text . str_repeat(chr($pad), $pad);
}

$key = "12345678123456781234567812345678";
$iv = "1234567812345678";
// Pad data with PKCS #5 to prevent PHP from using NULL padding.
$data = pkcs5_pad("This is a plain string.", 16);

echo base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv));
The resulting ColdFusion code looks like:
<cfset thePlainData = "This is a plain string." />
<cfset theKey = toBase64("12345678123456781234567812345678") />
<cfset theAlgorithm = "AES/CBC/PKCS5Padding" />
<cfset theEncoding = "base64" />
<cfset theIV = "1234567812345678" />

<cfset encryptedString = encrypt(thePlainData, theKey, theAlgorithm, theEncoding, theIV) />

<cfoutput>#encryptedString#</cfoutput>
Both output the same base64 encoded string:
G+tdEOfQTtVCQGxW3N5uzlu0mGabRKNxuIdAXArQE80=


                        
这篇关于PHP ColdFusion9 AES加密 - 不同的结果的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！