php 解密使用NodeJS加密的AES-256-CBC字符串

xxls0lw8  于 2023-05-21  发布在  PHP
关注(0)|答案(1)|浏览(181)

我使用following functions来加密/解密NodeJS,它们工作正常。但是我无法用PHP解密数据,以便在同一项目的某些部分使用。
NodeJS:

function encrypt(text){
  var cipher = crypto.createCipher('aes-256-cbc','strong-key')
  var crypted = cipher.update(text,'utf8','hex')
  crypted += cipher.final('hex');
  return crypted;
}

function decrypt(text){
  var decipher = crypto.createDecipher('aes-256-cbc','strong-key')
  var dec = decipher.update(text,'hex','utf8')
  dec += decipher.final('utf8');
  return dec;
}

我在PHP中尝试的是:

openssl_decrypt('fdf32748aa4ce37fc600bbe7be14bfc7', 'AES-256-CBC', "strong-key");

但它总是返回false/empty。我很感激你让我知道我做错了什么。
编辑:例如,用PHP解密28e1dfdedac467a015a9c8720d0a6451应该返回“Hello World”,使用与上面相同的密钥。

2vuwiymt

2vuwiymt1#

请确保您的传入数据是正确的格式(即没有任何额外的编码层)。它看起来像十六进制,但它不是openssl_decrypt所期望的。
下面是一个来回的PHP示例(使用IV,你也应该这样做):

$data = 'hello this is some data';
$key = 'this is a cool and secret password';
$iv = random_bytes(16);

$encrypted = openssl_encrypt($data, 'aes-256-cbc', $key, 0, $iv);
echo 'iv (as hex): ', bin2hex($iv), PHP_EOL;
echo 'encrypted: ', $encrypted, PHP_EOL; // note this is not hex

$decrypted = openssl_decrypt($encrypted, 'aes-256-cbc', $key, 0, $iv);
echo 'decrypted: ', $decrypted, PHP_EOL;
$ php test.php 
iv (as hex): 02c00788438518f241cb86dc90237102
encrypted: oRZAXMjNle6hkJ9rTHTeUl5VoHQol+020Q/iFnbgbeU=
decrypted: hello this is some data

编辑,更具体的例子,强调了解你的编码的重要性:

// test.js
const crypto = require('crypto');

let data = 'hello this is some data';

const key = crypto.scryptSync('Password used to generate key', '', 32); // 256 / 8 = 32
const iv = crypto.randomBytes(16); // Initialization vector.

const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
let crypted = cipher.update(data,'utf8','hex')
crypted += cipher.final('hex');

console.log('data: ', data);
console.log('key: ', key.toString('hex')); // key:  9266bc531befd01b6a55c232fa0efeb35625079e7024758b2e65d0dd72fe59df
console.log('crypted (as hex): ', crypted); // crypted (as hex):  b571d864da0680d77e4880d0071b49e456a1eead4b1cbfa42a9337965a466362
console.log('iv (as hex): ', iv.toString('hex')); // iv (as hex):  788ac1dcee25824b713b5201d07cc133

这里我们知道所有的输出都是十六进制的,所以我们可以在PHP端将它们重新格式化为二进制数据:

// test.php

$iv = hex2bin( '788ac1dcee25824b713b5201d07cc133' );
$encrypted = hex2bin( 'b571d864da0680d77e4880d0071b49e456a1eead4b1cbfa42a9337965a466362' );
$key = hex2bin('9266bc531befd01b6a55c232fa0efeb35625079e7024758b2e65d0dd72fe59df');

$decrypted = openssl_decrypt($encrypted, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
echo 'decrypted: ', $decrypted, PHP_EOL; // hello this is some data

最终编辑:现在有了工作密钥派生实现。这成功地解密了你的“Hello world”:

$password = 'strong-key';

// derive key and IV using function from SO, which implements same method node uses
$ar = deriveKeyAndIV($password, 1, 'aes-256-cbc', 'md5');
$key = $ar['key'];
$iv = $ar['iv'];

$decrypted = openssl_decrypt(hex2bin('28e1dfdedac467a015a9c8720d0a6451'), 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
echo 'decrypted: ', $decrypted, PHP_EOL; // Hello world

function deriveKeyAndIV($data,$count,$cipher,$digest) {
    $ivlen  = openssl_cipher_iv_length($cipher);
    $keylen = 32;
    $hash  = "";
    $hdata = "";
    while(strlen($hash) < $keylen+$ivlen) {
        $hdata .= $data;
        $md_buf = openssl_digest($hdata, $digest);
        //
        for ($i = 1; $i < $count; $i++) {
            $md_buf = openssl_digest ( hex2bin($md_buf),$digest);
        }
        $hdata = hex2bin($md_buf);
        $hash .= $hdata;
    }
    //
    $key = substr($hash,0,$keylen);
    $iv  = substr($hash,$keylen,$ivlen);
    //
    return array('key' => $key, 'iv' => $iv);
}

相关问题