加密ColdFusion然后解密PHP [英] Encrypting in Coldfusion and then decrypting in PHP
问题描述
PHP的加密方式如下:
<?php
$ key =$ 224455 @;
$ Valor =TESTE;
$ base = chop(base64_encode(mcrypt_encrypt(MCRYPT_DES,$ key,$ Valor,MCRYPT_MODE_ECB)));
?>
我有结果:
TzwRx5Bxoa0 =
在Coldfusion中这样做:
< cfset Valor =TESTE>
< cfset Key =$ 224455 @>
< cfset base = Encrypt(Valor,ToBase64(Key),DES / ECB / PKCS5Padding,BASE64)>
结果:
qOQnhdxiIKs =
ColdFusion是不是产生与PHP相同的值?
非常感谢
(太长的意见)
Artjom B.已经提供了上面的答案。 Artjom B.写了
问题是填充。 PHP的mcrypt扩展只使用
ZeroPadding [...]你需要在php [...]或
中使用不同的密码来使用ColdFusion中的明文,例如DES / ECB / NoPadding 。 I
推荐前者,因为如果您使用NoPadding,明文必须
已经是块大小的倍数。
不幸的是,很难在CF中生成空字符。 AFAIK,唯一的技术是使用 URLDecode(%00) 。如果您不能修改PHP代码为@Artjom B.建议,您可以尝试使用下面的功能来填充CF中的文本。免责声明:它只是轻微测试(CF10),但似乎产生与上述相同的结果。
更新:
由于CF encrypt()函数总是解释纯文本输入为UTF-8字符串,您还可以使用 charsetEncode(字节,utf-8)从单个元素字节数组创建一个空字符,即 charsetEncode(javacast(byte [],[0]), utf-8)
示例: p>
Valor = nullPad(TESTE,8);
Key =$ 224455 @;
result = Encrypt(Valor,ToBase64(Key),DES / ECB / NoPadding,BASE64);
//结果:TzwRx5Bxoa0 =
WriteDump(Encrypted Text =& Result);
功能:
/ *
将一个空字符串填充到给定块大小的倍数
@param plainText - string to pad
@param blockSize - pad string,因此它是这个大小的倍数
@param encoding - 文本的字符集编码
* /
string function nullPad(string plainText,numeric blockSize,string encoding =UTF-8)
{
local.newText = arguments.plainText;
local.bytes = charsetDecode(arguments.plainText,arguments.encoding);
local.remain = arrayLen(local.bytes)%arguments.blockSize;
if(local.remain neq 0)
{
local.padSize = arguments.blockSize - local.remain;
local.newText& = repeatString(urlDecode(%00),local.padSize);
}
return local.newText;
}
I have a problem reproducing the same result generated in PHP vs Coldfusion.
In PHP encrypting this way:
<?php
$key = "$224455@";
$Valor = "TESTE";
$base = chop(base64_encode(mcrypt_encrypt(MCRYPT_DES, $key, $Valor, MCRYPT_MODE_ECB)));
?>
I have the result:
TzwRx5Bxoa0=
In Coldfusion did so:
<cfset Valor = "TESTE">
<cfset Key = "$224455@">
<cfset base = Encrypt(Valor,ToBase64(Key),"DES/ECB/PKCS5Padding","BASE64")>
Result:
qOQnhdxiIKs=
What isn't ColdFusion yielding the same value as PHP?
Thank you very much
(Too long for comments)
Artjom B. already provided the answer above. Artjom B. wrote
The problem is the padding. The mcrypt extension of PHP only uses ZeroPadding [...] you either need to pad the plaintext in php [...] or use a different cipher in ColdFusion such as "DES/ECB/NoPadding". I recommend the former, because if you use NoPadding, the plaintext must already be a multiple of the block size.
Unfortunately, it is difficult to produce a null character in CF. AFAIK, the only technique that works is to use URLDecode("%00"). If you cannot modify the PHP code as @Artjom B. suggested, you could try using the function below to pad the text in CF. Disclaimer: It is only lightly tested (CF10), but seemed to produce the same result as above.
Update:
Since the CF encrypt() function always interprets the plain text input as a UTF-8 string, you can also use charsetEncode(bytes, "utf-8") to create a null character from a single element byte array, ie charsetEncode( javacast("byte[]", [0] ), "utf-8")
Example:
Valor = nullPad("TESTE", 8);
Key = "$224455@";
result = Encrypt(Valor, ToBase64(Key), "DES/ECB/NoPadding", "BASE64");
// Result: TzwRx5Bxoa0=
WriteDump( "Encrypted Text = "& Result );
Function:
/*
Pads a string, with null bytes, to a multiple of the given block size
@param plainText - string to pad
@param blockSize - pad string so it is a multiple of this size
@param encoding - charset encoding of text
*/
string function nullPad( string plainText, numeric blockSize, string encoding="UTF-8")
{
local.newText = arguments.plainText;
local.bytes = charsetDecode(arguments.plainText, arguments.encoding);
local.remain = arrayLen( local.bytes ) % arguments.blockSize;
if (local.remain neq 0)
{
local.padSize = arguments.blockSize - local.remain;
local.newText &= repeatString( urlDecode("%00"), local.padSize );
}
return local.newText;
}
这篇关于加密ColdFusion然后解密PHP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
