为mcrypt选择加密密码 [英] Picking encryption cipher for mcrypt

问题描述

我对这段代码有几个疑问：

 <？php 
 $ iv_size = mcrypt_get_iv_size（MCRYPT_RIJNDAEL_256， MCRYPT_MODE_ECB）; 
 $ iv = mcrypt_create_iv（$ iv_size，MCRYPT_RAND）; 
 $ key =这是一个非常秘密的密钥; 
 $ text = file_get_contents（'path / to / your / file'）; 
 echo strlen（$ text）。 \\\
; 
 
 $ crypttext = mcrypt_encrypt（MCRYPT_RIJNDAEL_256，$ key，$ text，MCRYPT_MODE_ECB，$ iv）; 
 file_put_contents（'path / to / your / file'，$ crypttext）; 
？> 
  

它对文件进行加密，但是最后添加了额外的空值，所以如果我加密：

 一个测试字符串是这一个
，这里是一个新行
  

一旦解密成为：

 一个测试字符串这是一个
，这里是一个新行000000000000000 
  

发生了什么？

第二，是<$​​ c $ c> MCRYPT_RIJNDAEL_256 兼容 AES-128 ？

最后，我如何让另一方解密我已经加密的文件？他们需要知道使用哪种加密技术，我不知道该怎么说。

解决方案

MCRYPT_RIJNDAEL_128 是AES-128， MCRYPT_RIJNDAEL_256 是AES-256 - 另一个名字：

[...]该标准包含三个块
密码，AES-128，AES-192和AES-256，
采用最初发布为Rijndael的较大集合
。最初发布为Rijndael。[...]

[...] Rijndael密码由
由比利时密码学家Joan
Daemen和Vincent Rijmen和
开发，由他们提供给AES选择
进程。 Rijndael（发音为Rhine
dall）是两位发明家的名字为
的单词。[...]

解密字符串末尾遇到的 \x00 字符是 padding rel = nofollow>块密码（其中ECB是这样的块密码）。如果需要将输入数据填充到所需的块长度，则内部使用 Mcyrpt 使用 NULL 。还有其他填充模式（使用 Mcyrpt 时必须进行用户编码），即PKCS7，ANSI X.923或ISO 10126. NULL -padding在加密可能以一个或多个 \x00 字符结尾的二进制数据时出现问题，因为您无法检测数据的结尾位置，填充开始 - 提到的其他填充模式解决了这种问题。如果您正在加密字符数据（字符串），您可以使用 $ data = trim（$ data，$）轻松修剪尾随的 \x00 要解密发送给消费者的数据，消费者需要知道IV（初始化向量） ）（ $ iv ），使用的算法（ MCRYPT_RIJNDAEL_256 / AES-256），加密模式（ ECB ），秘密加密密钥（ $ key ）和使用的填充模式（ NULL -padding）。 IV 可以与加密数据一起传输，因为它不需要保密：

收件人必须知道IV的
的加密信息为
才能解密。这可以通过多种方式确保
：
通过
密文传输IV，通过在密钥交换中事先同意
或
握手，通过计算
（通常是递增的）或
测量当前
时间的参数（用于硬件认证
令牌，如RSA SecurID，VASCO
Digipass等），ID如发件人的
和/或收件人的地址或ID，文件
ID，数据包，扇区或集群
数等。一些变量可以
结合在一起，
取决于协议的协议。




I have few questions about this code:

<?php 
   $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); 
   $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); 
   $key = "This is a very secret key"; 
   $text = file_get_contents('path/to/your/file'); 
   echo strlen($text) . "\n"; 

   $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv); 
   file_put_contents('path/to/your/file', $crypttext);    
?> 

It encrypts the file just fine, however it adds additional nulls at the end, so if I encrypt:

 a test string is this one
    and here is a new line 

once decrypted becomes:

a test string is this one
    and here is a new line 000000000000000

What's going on?

Second, is MCRYPT_RIJNDAEL_256 compatible with AES-128?

Finally, how would I let another party decrypt a file I've encrypted? They would need to know which encryption was used and I am not sure what to tell them.

解决方案

MCRYPT_RIJNDAEL_128 is AES-128, MCRYPT_RIJNDAEL_256 is AES-256 - just another name:

[...]The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael.originally published as Rijndael.[...]

[...]The Rijndael cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted by them to the AES selection process. Rijndael (pronounced "Rhine dall") is a wordplay with the names of the two inventors.[...]

The \x00 characters you encounter at the end of the decrypted string are the padding required for some block ciphers (with ECB being such a block cipher). Mcyrpt uses NULL-padding internally if the input data needs to be padded to the required block length. There are other padding modes available (which have to be user-coded when using Mcyrpt), namely PKCS7, ANSI X.923 or ISO 10126. NULL-padding is problematic when encrypting binary data that may end with one or more \x00 characters because you can't detect where the data ends and the padding starts - the other padding modes mentioned solve this kind of problem. If you're encrypting character data (strings) you can easily trim off the trailing \x00 by using $data = trim($data, "\x00");.

To decrypt the data you sent to a consumer, the consumer would need to know the IV (initialization vector) ($iv), the algorithm used (MCRYPT_RIJNDAEL_256/AES-256), the encryption mode (ECB), the secret encryption key ($key) and the padding mode used (NULL-padding). The IV can be transmitted with the encrypted data as it does not need to be kept secret:

The IV must be known to the recipient of the encrypted information to be able to decrypt it. This can be ensured in a number of ways: by transmitting the IV along with the ciphertext, by agreeing on it beforehand during the key exchange or the handshake, by calculating it (usually incrementally), or by measuring such parameters as current time (used in hardware authentication tokens such as RSA SecurID, VASCO Digipass, etc.), IDs such as sender's and/or recipient's address or ID, file ID, the packet, sector or cluster number, etc. A number of variables can be combined or hashed together, depending on the protocol.depending on the protocol.

这篇关于为mcrypt选择加密密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！