我有一个用C#编写的加密/解密算法 - 我需要能够在PHP中生成相同的加密,这样我就可以通过HTTP发送加密文本,在C#端解密。 这是加密的C#代码。
this.m_plainText = string.Empty;
this.m_passPhrase = "passpharse";
this.m_saltValue = "saltvalue";
this.m_hashAlgorithm = "SHA1";
this.m_passwordIterations = 2;
this.m_initVector = "1a2b3c4d5e6f7g8h";
this.m_keySize = 256;
public string Encrypt()
{
string plainText = this.m_plainText;
string passPhrase = this.m_passPhrase;
string saltValue = this.m_saltValue;
string hashAlgorithm = this.m_hashAlgorithm;
int passwordIterations = this.m_passwordIterations;
string initVector = this.m_initVector;
int keySize = this.m_keySize;
// Convert strings into byte arrays.
// Let us assume that strings only contain ASCII codes.
// If strings include Unicode characters, use Unicode, UTF7, or UTF8
// encoding.
byte[] initVectorBytes = Encoding.ASCII.GetBytes(initVector);
byte[] saltValueBytes = Encoding.ASCII.GetBytes(saltValue);
// Convert our plaintext into a byte array.
// Let us assume that plaintext contains UTF8-encoded characters.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
// First, we must create a password, from which the key will be derived.
// This password will be generated from the specified passphrase and
// salt value. The password will be created using the specified hash
// algorithm. Password creation can be done in several iterations.
PasswordDeriveBytes password = new PasswordDeriveBytes(
passPhrase,
saltValueBytes,
hashAlgorithm,
passwordIterations);
// Use the password to generate pseudo-random bytes for the encryption
// key. Specify the size of the key in bytes (instead of bits).
byte[] keyBytes = password.GetBytes(keySize / 8);
// Create uninitialized Rijndael encryption object.
RijndaelManaged symmetricKey = new RijndaelManaged();
// It is reasonable to set encryption mode to Cipher Block Chaining
// (CBC). Use default options for other symmetric key parameters.
symmetricKey.Mode = CipherMode.CBC;
// Generate encryptor from the existing key bytes and initialization
// vector. Key size will be defined based on the number of the key
// bytes.
ICryptoTransform encryptor = symmetricKey.CreateEncryptor(
keyBytes,
initVectorBytes);
// Define memory stream which will be used to hold encrypted data.
MemoryStream memoryStream = new MemoryStream();
// Define cryptographic stream (always use Write mode for encryption).
CryptoStream cryptoStream = new CryptoStream(memoryStream,
encryptor,
CryptoStreamMode.Write);
// Start encrypting.
cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
// Finish encrypting.
cryptoStream.FlushFinalBlock();
// Convert our encrypted data from a memory stream into a byte array.
byte[] cipherTextBytes = memoryStream.ToArray();
// Close both streams.
memoryStream.Close();
cryptoStream.Close();
// Convert encrypted data into a base64-encoded string.
string cipherText = Convert.ToBase64String(cipherTextBytes);
// Return encrypted string.
return cipherText;
}
我有一些类似的PHP代码可能有所帮助。它没有完全按照需要做,但我认为这可能是一个好的开始。
<?php
/*
* DEFINE CONSTANTS
*/
$HashPassPhrase = "passpharse";
$HashSalt = "saltvalue";
$HashAlgorithm = "SHA1";
$HashIterations = "2";
$InitVector = "1a2b3c4d5e6f7g8h"; // Must be 16 bytes
$keySize = "256";
class Cipher {
private $securekey, $iv;
function __construct($textkey) {
$this->securekey = hash($HashAlgorithm,$textkey,TRUE);
$this->iv = $InitVector;
}
function encrypt($input) {
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->securekey, $input, MCRYPT_MODE_CBC, $this->iv));
}
function decrypt($input) {
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->securekey, base64_decode($input), MCRYPT_MODE_CBC, $this->iv));
}
}
$cipher = new Cipher($HashPassPhrase);
$encryptedtext = $cipher->encrypt("Text To Encrypt");
echo "->encrypt = $encryptedtext<br />";
$decryptedtext = $cipher->decrypt($encryptedtext);
echo "->decrypt = $decryptedtext<br />";
var_dump($cipher);
&GT;
答案 0 :(得分:17)
您需要从密码中派生密钥,方法与PasswordDeriveBytes中C#代码的密钥相同。根据{{3}}:
,记录这是为了进行PBKDF1密钥派生这个类使用的扩展名 PKCS#5中定义的PBKDF1算法 v2.0标准导出适合的字节 用作关键材料 密码。标准记录在案 在IETF RRC 2898中。
有些PHP库可以实现PBKDF1,但基于RFC可以很容易地从头开始编写:
PBKDF1(P,S,c,dkLen)
选项:哈希
底层哈希函数输入:P
密码,一个八位字符串 盐,八个八位字符串 c迭代计数,正整数 dkLen以派生密钥的八位字节为单位的预期长度, 一个正整数,MD2最多16 要么 用于SHA-1的MD5和20输出:DK派生 key,一个dkLen-octet字符串
步骤:
1. If dkLen > 16 for MD2 and MD5, or dkLen > 20 for SHA-1, output "derived key too long" and stop. 2. Apply the underlying hash function Hash for c iterations to the concatenation of the password P and the salt S, then extract the first dkLen octets to produce a derived key DK: T_1 = Hash (P || S) , T_2 = Hash (T_1) , ... T_c = Hash (T_{c-1}) , DK = Tc<0..dkLen-1> 3. Output the derived key DK.
<强>更新
当您在这种情况下发现自己时,通常会搜索在每一步显示值的示例实现。例如RFC2898处的那个:
Password = "password"
= (0x)70617373776F7264
Salt = (0x)78578E5A5D63CB06
Count = 1000
kLen = 16
Key = PBKDF1(Password, Salt, Count, kLen)
= (0x)DC19847E05C64D2FAF10EBFB4A3D2A20
P || S = 70617373776F726478578E5A5D63CB06
T_1= D1F94C4D447039B034494400F2E7DF9DCB67C308
T_2= 2BB479C1D369EA74BB976BBA2629744E8259C6F5
...
T_999= 6663F4611D61571068B5DA168974C6FF2C9775AC
T_1000= DC19847E05C64D2FAF10EBFB4A3D2A20B4E35EFE
Key= DC19847E05C64D2FAF10EBFB4A3D2A20
所以现在让我们编写一个执行此操作的PHP函数:
function PBKDF1($pass,$salt,$count,$dklen) {
$t = $pass.$salt;
//echo 'S||P: '.bin2hex($t).'<br/>';
$t = sha1($t, true);
//echo 'T1:' . bin2hex($t) . '<br/>';
for($i=2; $i <= $count; $i++) {
$t = sha1($t, true);
//echo 'T'.$i.':' . bin2hex($t) . '<br/>';
}
$t = substr($t,0,$dklen);
return $t;
}
现在,您可以看到错误的方式:您没有将所有重要的raw=true参数指定给sha1。让我们看看我们的功能输出是什么:
$HashPassPhrase = pack("H*","70617373776F7264");
$HashSalt = pack("H*","78578E5A5D63CB06");
$HashIterations = 1000;
$devkeylength = 16;
$devkey = PBKDF1($HashPassPhrase,$HashSalt,$HashIterations,$devkeylength);
echo 'Key:' . bin2hex(substr($devkey, 0, 8)) . '<br/>';
echo 'IV:' . bin2hex(substr($devkey, 8, 8)) .'<br/>';
echo 'Expected: DC19847E05C64D2FAF10EBFB4A3D2A20<br/>';
此输出完全符合预期结果:
Key:dc19847e05c64d2f
IV:af10ebfb4a3d2a20
Expected: DC19847E05C64D2FAF10EBFB4A3D2A20
接下来,我们可以验证C#函数是否也这样:
byte[] password = Encoding.ASCII.GetBytes("password");
byte[] salt = new byte[] { 0x78, 0x57, 0x8e, 0x5a, 0x5d, 0x63, 0xcb, 0x06};
PasswordDeriveBytes pdb = new PasswordDeriveBytes(
password, salt, "SHA1", 1000);
byte[] key = pdb.GetBytes(8);
byte[] iv = pdb.GetBytes(8);
Console.Out.Write("Key: ");
foreach (byte b in key)
{
Console.Out.Write("{0:x} ", b);
}
Console.Out.WriteLine();
Console.Out.Write("IV: ");
foreach (byte b in iv)
{
Console.Out.Write("{0:x} ", b);
}
Console.Out.WriteLine();
这会产生相同的输出:
Key: dc 19 84 7e 5 c6 4d 2f
IV: af 10 eb fb 4a 3d 2a 20
<强> QED
如果您不知道正好您正在做什么,请不要加密。即使你的PHP实现正确,你发布的C#代码也有一些严重的问题。你正在使用代表十六进制转储的stirng混合字节数组,你使用硬编码的IV而不是从密码和盐中导出它,这只是整体上的错误。请使用现成的加密方案,如SSL或S-MIME,不要重新创建自己的加密方案。你会得到它错误。
答案 1 :(得分:4)
看起来您的主要问题是您使用PHP的hash()代替C#端的PasswordDeriveBytes()步骤。这两种方法并不相同。后者实现了PBKDF1密码派生算法,而hash()只是一个哈希。它看起来像PEAR might have a PBKDF1 implementation,但你可能不得不自己编写。
您还需要确保文本编码在双方都是一致的,如果您还没有。
最后,你应该考虑不要做你正在做的事情,因为cryptography is harder than it looks。由于您使用的是HTTP,因此您可以使用SSL协议代替编写自己的SSL协议。这将为您提供更好的安全性,减少对低级细节的麻烦,例如保持增量IV同步等等。
答案 2 :(得分:0)
有充分的理由说明为什么你不能只使用http://php.net/manual/en/function.mcrypt-module-open.php并使用rijndael-256作为算法????
答案 3 :(得分:0)
在PHP中检查OpenSSL例程,他们应该能够处理您需要做的事情。