如何从AES加密字符串中添加/删除PKCS7填充？ [英] How to add/remove PKCS7 padding from an AES encrypted string?

问题描述

我正在尝试使用128位AES加密（ECB）对字符串进行加密/解密。我想知道的是如何添加/删除PKCS7填充。看来，Mcrypt扩展可以照顾加密/解密，但必须手动添加/删除填充。

I'm trying to encrypt/decrypt a string using 128 bit AES encryption (ECB). What I want to know is how I can add/remove the PKCS7 padding to it. It seems that the Mcrypt extension can take care of the encryption/decryption, but the padding has to be added/removed manually.

任何想法？

推荐答案

我们来看看。 PKCS＃7在RFC 5652（加密消息语法）中描述。

Let's see. PKCS #7 is described in RFC 5652 (Cryptographic Message Syntax).

填充方案本身在 6.3。内容加密过程。它基本上说：根据需要附加许多字节来填充给定的块大小（但至少有一个），并且每个都应该具有作为值的填充长度。

The padding scheme itself is given in section 6.3. Content-encryption Process. It essentially says: append that many bytes as needed to fill the given block size (but at least one), and each of them should have the padding length as value.

因此，查看最后一个解密的字节，我们知道要剥离多少字节。 （还可以检查它们是否都具有相同的值。）

Thus, looking at the last decrypted byte we know how many bytes to strip off. (One could also check that they all have the same value.)

我现在可以给你一对PHP函数来做到这一点，但我的PHP有点生锈。所以要么自己做（然后随意编辑我的答案添加它），或者看看用户提供的注释到mcrypt文档 - 其中一些是关于填充和提供PKCS＃7填充的实现。

I could now give you a pair of PHP functions to do this, but my PHP is a bit rusty. So either do this yourself (then feel free to edit my answer to add it in), or have a look at the user-contributed notes to the mcrypt documentation - quite some of them are about padding and provide an implementation of PKCS #7 padding.

所以，我们来看看第一个注释详细说明：

So, let's look on the first note there in detail:

<?php

function encrypt($str, $key)
 {
     $block = mcrypt_get_block_size('des', 'ecb');

获取所使用算法的块大小。在您的情况下，您将使用 aes 或 rijndael_128 而不是 des ，我想（我没有测试）。 （而不是调用函数，您可以简单地将 16 取代为AES。）

This gets the block size of the used algorithm. In your case, you would use aes or rijndael_128 instead of des, I suppose (I didn't test it). (Instead, you could simply take 16 here for AES, instead of invoking the function.)

     $pad = $block - (strlen($str) % $block);

这将计算填充大小。 c $ c> / a>是数据的长度（以字节为单位），％$ block 给出余数mod $ $ block 即最后一个块中的数据字节数。 $ block - ... 从而给出填写最后一个块所需的字节数（现在是 1 和 $ block ，包含）。

This calculates the padding size. strlen($str) is the length of your data (in bytes), % $block gives the remainder modulo $block, i.e. the number of data bytes in the last block. $block - ... thus gives the number of bytes needed to fill this last block (this is now a number between 1 and $block, inclusive).

     $str .= str_repeat(chr($pad), $pad);

str_repeat 生成一个由相同字符串的重复组成的字符串，这里重复一个由$ $ pad ， $ pad times，即长度 $ pad 的字符串，填充 $ pad 。
$ str。= ... 将此填充字符串附加到原始数据。

str_repeat produces a string consisting of a repetition of the same string, here a repetition of the character given by $pad, $pad times, i.e. a string of length $pad, filled with $pad. $str .= ... appends this padding string to the original data.

     return mcrypt_encrypt(MCRYPT_DES, $key, $str, MCRYPT_MODE_ECB);

这是加密本身。使用 MCRYPT_RIJNDAEL_128 而不是 MCRYPT_DES 。

Here is the encryption itself. Use MCRYPT_RIJNDAEL_128 instead of MCRYPT_DES.

 }

现在另一个方向：

 function decrypt($str, $key)
 {   
     $str = mcrypt_decrypt(MCRYPT_DES, $key, $str, MCRYPT_MODE_ECB);

解密。 （您当然会更改算法，如上所述）。 $ str现在是解密的字符串，包括填充。

The decryption. (You would of course change the algorithm, as above). $str is now the decrypted string, including the padding.

     $block = mcrypt_get_block_size('des', 'ecb');

这又是块大小。 （见上文）

This is again the block size. (See above.)

     $pad = ord($str[($len = strlen($str)) - 1]);

这看起来有点奇怪。更好地写在多个步骤：

This looks a bit strange. Better write it in multiple steps:

    $len = strlen($str);
    $pad = ord($str[$len-1]);

$ len 现在是填充字符串和 $ str [$ len - 1] 是此字符串的最后一个字符。 ord 转换这到一个数字。因此， $ pad 是我们以前用作填充填充值的数字，这是填充长度。

$len is now the length of the padded string, and $str[$len - 1] is the last character of this string. ord converts this to a number. Thus $pad is the number which we previously used as the fill value for the padding, and this is the padding length.

     return substr($str, 0, strlen($str) - $pad);

所以现在我们切断最后一个 $ pad 字符串的字节。 （而不是 strlen（$ str）我们也可以在这里写下 $ len ： substr $ str，0，$ len - $ pad）。）

So now we cut off the last $pad bytes from the string. (Instead of strlen($str) we could also write $len here: substr($str, 0, $len - $pad).).

 }

?>

请注意，不要使用 substr（$ str，$ len - $ pad ），还可以将 substr（$ str， - $ pad）作为 substr 函数具有负操作数/参数的特殊处理，从字符串的末尾开始计数。 （我不知道这是否比首先获得长度并且手动计算索引有效）。

Note that instead of using substr($str, $len - $pad), one can also write substr($str, -$pad), as the substr function in PHP has a special-handling for negative operands/arguments, to count from the end of the string. (I don't know if this is more or less efficient than getting the length first and and calculating the index manually.)

如前所述，在评论中注明rossum，而不是简单地剥离像这样完成的填充，你应该检查它是否正确 - 即查看 substr（$ str，$ len - $ pad）和检查它的所有字节是否为 chr（$ pad）。这是对腐败的轻微检查（尽管如果您使用链接模式而不是ECB，此检查更有效，而不是替代真正的MAC）。

As said before and noted in the comment by rossum, instead of simply stripping off the padding like done here, you should check that it is correct - i.e. look at substr($str, $len - $pad), and check that all its bytes are chr($pad). This serves as a slight check against corruption (although this check is more effective if you use a chaining mode instead of ECB, and is not a replacement for a real MAC).

（还是告诉你的客户，他们应该考虑改变一个比ECB更安全的模式。）

(And still, tell your client they should think about changing to a more secure mode than ECB.)

这篇关于如何从AES加密字符串中添加/删除PKCS7填充？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！