如何解密Zend2加密数据?

时间:2013-02-08 15:06:37

标签: php python zend-framework encryption

我正在使用Zend2 Crypt module来加密数据。这是我的代码。

$cipher = BlockCipher::factory('mcrypt', array(
  'algorithm' => 'aes',
));
$cipher->setKey('mypassphrase');
$encrypted = $cipher->encrypt('Hey, I am the secret data');

很酷,效果很好!现在,我需要在Python中解密$encrypted数据(嘿,我是秘密数据)。

我正在使用pycrypto来做到这一点。在我的PHP环境之外解密数据的步骤是什么?

    from Crypto.Cipher import AES
    import base64
    import hashlib

    password = 'mypassphrase'
    key = hashlib.sha256(password).digest()

    decoded = base64.standard_b64decode(encrypted)
    cipher = AES.new(key, AES.MODE_CBC)
    data = cipher.decrypt(decoded)

我需要指定一个IV,因为Zend默认使用MODE_CBC。如何在我的Python代码中指定它?

这是Zend2文档:

  

加密的输出是一个字符串,以Base64(默认)编码,包含HMAC值,IV矢量和加密文本。使用的加密模式是CBC(默认为随机IV)和SHA256作为HMAC的默认哈希算法。 Mcrypt适配器默认使用PKCS#7填充机制进行加密。您可以使用特殊的适配器(Zend \ Crypt \ Symmetric \ Padding)指定不同的填充方法。 BlockCipher使用的加密和认证密钥是使用PBKDF2算法生成的,用作使用setKey()方法指定的用户密钥的密钥派生函数。

有人可以帮助我调整我的Python代码来解密数据吗? 感谢

1 个答案:

答案 0 :(得分:3)

我找到了解密Zend2加密数据的方法。这是我的代码:

from base64 import b64decode
from Crypto import Random
from Crypto.Cipher import AES
from Crypto.Hash import SHA256, HMAC
from Crypto.Protocol.KDF import PBKDF2

# The hmac starts from 0 to 64 (length).
hmac_size = 64
hmac = data[:hmac_size]

# The cipher text starts after the hmac to the end.
# The cipher text is base64 encoded, so I decoded it.
ciphertext = data[hmac_size:]
ciphertext = b64decode(ciphertext)

# The IV starts from 0 to 16 (length) of the ciphertext.
iv = ciphertext[:16]

# The key size is 256 bits -> 32 bytes.
key_size = 32

# The passphrase of the key.
password = 'mypassphrase'

# The key is generated using PBKDF2 Key Derivation Function.
# In the case of Zend2 Crypt module, the iteration number is 5000, 
# the result length is the key_size * 2 (64) and the HMAC is computed
# using the SHA256 algorithm
the_hash = PBKDF2(password, iv, count=5000, dkLen=64, prf=lambda p, s:
                  HMAC.new(p, s, SHA256).digest())

# The key starts from 0 to key_size (32).
key = the_hash[:key_size]

# The hmac key starts after the key to the end.
key_hmac = the_hash[key_size:]

# HMAC verification
hmac_new = HMAC.new(key_hmac, 'aes%s' % ciphertext, SHA256).hexdigest()
if hmac_new != hmac:
    raise Exception('HMAC verification failed.')

# Instanciate the cipher (AES CBC).
cipher = AES.new(key, AES.MODE_CBC, iv)

# It's time to decrypt the data! The ciphertext starts after the IV (so, 16 after).
data = cipher.decrypt(ciphertext[16:])

任务成功!

相关问题
最新问题