从URL传递到URL时的Mcrypt问题

时间:2014-02-26 16:45:38

标签: php encryption obfuscation mcrypt

您好我正在使用Mcrypt来模糊我通过邮件发送的一些值。

当我加密我本地站点上的值并解密它时,它在每次尝试都正常,我邮寄了值,但当我链接回我的站点,并尝试在另一个页面解密时,它有时只工作

我有点卡住,不知道为什么。我对密码功能不太熟悉。

这是我用于加密

的代码 
function encrypt($decrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') { 
 // Build a 256-bit $key which is a SHA256 hash of $salt and $password.
 $key = hash('SHA256', $salt . $password, true);
 // Build $iv and $iv_base64.  We use a block size of 128 bits (AES compliant) and CBC mode.  (Note: ECB mode is inadequate as IV is not used.)
 srand(); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
 if (strlen($iv_base64 = rtrim(base64_encode($iv), '=')) != 22) return false;
 // Encrypt $decrypted and an MD5 of $decrypted using $key.  MD5 is fine to use here because it's just to verify successful decryption.
 $encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $decrypted . md5($decrypted), MCRYPT_MODE_CBC, $iv));
 // We're done!
 return $iv_base64 . $encrypted;
 }

这是我用于解密

的代码 
function decrypt($encrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
 // Build a 256-bit $key which is a SHA256 hash of $salt and $password.
 $key = hash('SHA256', $salt . $password, true);
 // Retrieve $iv which is the first 22 characters plus ==, base64_decoded.
 $iv = base64_decode(substr($encrypted, 0, 22) . '==');
 // Remove $iv from $encrypted.
 $encrypted = substr($encrypted, 22);
 // Decrypt the data.  rtrim won't corrupt the data because the last 32 characters are the md5 hash; thus any \0 character has to be padding.
 $decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($encrypted), MCRYPT_MODE_CBC, $iv), "\0\4");
 // Retrieve $hash which is the last 32 characters of $decrypted.
 $hash = substr($decrypted, -32);
 // Remove the last 32 characters from $decrypted.
 $decrypted = substr($decrypted, 0, -32);
 // Integrity check.  If this fails, either the data is corrupted, or the password/salt was incorrect.
 if (md5($decrypted) != $hash) return false;
 // Yay!
 return $decrypted;
 }

使用

打包$password$salt个变量 
pack("H*", $string);

首次尝试失败后,我开始使用urlencodeurldecode作为网址上的值,但问题仍然存在。

我做错了什么?我真的被困在这里

由于

1 个答案:

答案 0 :(得分:0)

您的编码字符串正在使用加号(+)发送,它们在网址上被解释为空格,您可以对URL进行编码或使用str_replace更改字符串上的空格以获取加号

这样。

$encrypted_string= "random1234string with blank space";
$empty = array(" ");
$plus   = array("+");

$new_encrypted_string = str_replace($empty, $plus, $encrypted_string);

输出:“random1234string + with + blank + space”

相关问题
最新问题