问题加密/编码URL变量 [英] Problem encrypting/encoding URL variable
问题描述
我有一个类可以采用以下格式的字符串:
I have a class that takes a string in this format:
000067000000000012620060324b38e2cab3353
000067000000000012620060324b38e2cab3353
,加密字符串,然后将其作为get变量添加到URL中。
, encrypts the string then appends it as a get variable in a URL.
执行加密的类具有一个功能看起来像这样:
The class that does the encryption has a function that looks like this:
private function _code_encryption($enc_type,$a_string){
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
if($enc_type == self::ENCRYPT_STRING){
//encrypt then return base64 encoded
$encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, self::AUTH_ENCRYPTION_KEY, $a_string, MCRYPT_MODE_CBC, $iv);
return base64_encode($encrypted);
}elseif($enc_type == self::DECRYPT_STRING){
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, self::AUTH_ENCRYPTION_KEY, base64_decode($a_string), MCRYPT_MODE_CBC, $iv);
return trim($decrypted);
}
}
当字符串被加密时,我将该值重新编码并添加它像URL一样的URL就像 https:// secure。 mysite.com/index.php?action=someaction&transfer_code=XXXXX 其中XXXX是加密的加密字符串。
When the string is encrypted I urlencode the value and add it to the url like the url looks like "https://secure.mysite.com/index.php?action=someaction&transfer_code=XXXXX where XXXX is the urlencoded encrypted string.
现在,当url被解析和处理$ _GET ['transfer_code']的值被传递到上述_code_encryption函数中,但是没有返回正确解密的值,而是返回我的浏览器不呈现的乱码。是否需要密钥长度I用于加密/解密?我尝试过像
Now, when the url is parsed and processed the value of $_GET['transfer_code'] is getting passed into the above _code_encryption function but is not returning the correctly decrypted value and instead returns garbled characters my browser doesn't render. Is there a requirement for the length of the key I use for encryption/decryption? I tried something like
$key = hash('sha256',self::AUTH_ENCRYPTION_KEY,true);
但这没有工作...
另外,我不是urldecoding $ _GET ['transfer_code ']变量,因为php man页面的状态,get vars已经被urlencoded ...
Also, I am not urldecoding the $_GET['transfer_code'] variable because the php man pages state that get vars are already urlencoded...
我应该是UTF-8编码字母数字字符串BEFORE加密/ base64_encoding之前,即使有任何差异?
Should I be UTF-8 encoding the alphanumeric string BEFORE encryption/base64_encoding, or will that even make any difference?
推荐答案
您使用随机IV进行加密,而不同随机IV解密。解密的字符串永远不会匹配原始字符串。要正确解密原始字符串,您必须使用加密期间使用的相同的IV。通常这是通过将用于加密的字符串的IV加上来实现的。在解密时,您必须首先从该值中提取IV,使用该值初始化密钥,然后解密其余的用户正确初始化的密钥。
You use a random IV to encrypt, and the a different random IV to decrypt. The decrypted string will never ever match the original. To properly decrypt the original string you must use the same IV that was used during encryption. Usually this is achieved by prepending the IV used to the encrypted string. At decryption time you must first extract the IV from the value, initialize the key with this value, then decrypt the rest usign the properly initialized key.
我没有一个解析器验证这个,但它应该是这样的:
I don't have a parser to validate this but it should be something like:
private function _code_encryption($enc_type,$a_string){
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
if($enc_type == self::ENCRYPT_STRING){
//encrypt then return base64 encoded
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, self::AUTH_ENCRYPTION_KEY, $a_string, MCRYPT_MODE_CBC, $iv);
return base64_encode($iv.$encrypted);
} elseif ($enc_type == self::DECRYPT_STRING){
$decoded = base64_decode($a_string);
$iv = substr($decoded,0,$iv_size);
$cipher = substr($decoded,$iv_size);
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, self::AUTH_ENCRYPTION_KEY, $cipher, MCRYPT_MODE_CBC, $iv);
return trim($decrypted);
}
}
这篇关于问题加密/编码URL变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
