我正在尝试学习各种加密方法,并在尝试使用Perl与PHP生成密文时遇到了问题。
如果我使用PHP加密秘密,我可以在PHP和Perl中解密生成的密文,但是如果我在Perl中加密密文是“错误的”,并且PHP和Perl的秘密都会出现乱码......
encrypt.php:
#!/usr/bin/env php
<?php
# Set up vars
$iv = 'length16length16';
$key = 'length32length32length32length32';
$cleartext = 'password';
if( count( $argv ) > 1 )
{
$cleartext = $argv[1];
}
# --- ENCRYPTION ---
# Set up cipher
$cipher = mcrypt_module_open( MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init( $cipher, $key, $iv );
# Do the encryption
$ciphertext = mcrypt_generic( $cipher, $cleartext );
# Convert to HEX for print/storage
$cipher_block = implode( unpack( 'H*', $iv . $ciphertext ) );
print( "IV " . implode( unpack( 'H*', $iv ) ) );
print( "CIPH " . implode( unpack( 'H*', $ciphertext ) ) );
print( $cipher_block );
# Clean up
mcrypt_generic_deinit( $cipher );
mcrypt_module_close( $cipher );
?>
decrypt.php:
#!/usr/bin/env php
<?php
# Set up vars
$key = 'length32length32length32length32';
if( count( $argv ) > 1 )
{
# --- DECRYPTION ---
# Grab the hex-encoded cipherblock & convert it to binary
$cipher_block = unpack( 'a16iv/a*ciphertext', pack( 'H*', $argv[1] ) );
# Set up cipher
$cipher = mcrypt_module_open( MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init( $cipher, $key, $cipher_block['iv'] );
# Do the decryption
$cleartext = mdecrypt_generic( $cipher, $cipher_block['ciphertext'] );
print( $cleartext );
# Clean up
mcrypt_generic_deinit( $cipher );
mcrypt_module_close( $cipher );
}
?>
encrypt.pl:
#!/usr/bin/env perl
use strict;
use warnings;
use Crypt::CBC;
# Set up vars
my $iv = 'length16length16';
my $key = 'length32length32length32length32';
my $cleartext = shift;
# --- ENCRYPTION ---
# Set up cipher
my $cipher = Crypt::CBC->new(
-literal_key => 1,
-key => $key,
-header => 'none',
-iv => $iv,
-cipher => 'Crypt::OpenSSL::AES');
# Do the encryption
my $ciphertext = $cipher->encrypt( $cleartext );
# Convert to HEX for print/storage
my $cipher_block = unpack( 'H*', $iv . $ciphertext );
print( "IV " . unpack( 'H*', $iv ) . "\n" );
print( "CIPH " . unpack( 'H*', $ciphertext ) . "\n" );
print( $cipher_block );
decrypt.pl:
#!/usr/bin/env perl
use strict;
use warnings;
use Crypt::CBC;
# Set up vars
my $key = 'length32length32length32length32';
my $cipher_block = shift;
if( $cipher_block )
{
# --- DECRYPTION ---
# Grab the hex-encoded cipherblock & convert it to binary
my ($iv, $ciphertext) = unpack( 'a16a*', pack( 'H*', $cipher_block ) );
# Set up cipher
my $cipher = Crypt::CBC->new(
-literal_key => 1,
-key => $key,
-header => 'none',
-iv => $iv,
-cipher => 'Crypt::OpenSSL::AES');
my $cleartext = $cipher->decrypt( $ciphertext );
print( $cleartext );
}
这是我得到的输出:
$ ./encrypt.php "Secret Text"
IV 6c656e67746831366c656e6774683136
CIPH 32a47901313f47ed2ca657d3bd0c2e80
6c656e67746831366c656e677468313632a47901313f47ed2ca657d3bd0c2e80
$ ./decrypt.php 6c656e67746831366c656e677468313632a47901313f47ed2ca657d3bd0c2e80
Secret Text
$ ./decrypt.pl 6c656e67746831366c656e677468313632a47901313f47ed2ca657d3bd0c2e80
Secret Text
$ ./encrypt.pl "Secret Text"
IV 6c656e67746831366c656e6774683136
CIPH f3ae0d5f236cea77fa9ac5540d733aef
6c656e67746831366c656e677468313632a47901313f47ed2ca657d3bd0c2e80
$ ./decrypt.php 6c656e67746831366c656e677468313632a47901313f47ed2ca657d3bd0c2e80
sesswrtext
$ ./decrypt.pl 6c656e67746831366c656e677468313632a47901313f47ed2ca657d3bd0c2e80
sesswrtext
正如你所看到的,即使是一个相同的秘密,关键&amp; IV,Perl脚本生成一个独特的密文,即PHP&amp; Perl脚本都解密为相同,但不是原始秘密......
提前致谢。
答案 0 :(得分:4)
问题在于填充。尝试:
my $cipher = Crypt::CBC->new(
-literal_key => 1,
-key => $key,
-header => 'none',
-iv => $iv,
-padding => 'null', #!!!!!!!!!!!!!
-cipher => 'Crypt::OpenSSL::AES');
你应该得到:
CIPH 32a47901313f47ed2ca657d3bd0c2e80
无论如何-padding=>'null'可能不是一个好主意。试着找出PHP的mcrypt是否支持最常用的PKCS#5/7填充,它对应于Crypt :: CBC的-padding=>'standard'