使用phpseclib

时间:2017-12-28 12:23:40

标签: php security encryption phpseclib

我必须加密一些数据,然后使用PBEWITHSHAAND3-KEYTRIPLEDES-CBC将其发送到第三方服务。

我有这个工作示例Java代码,由第三方提供:

String algorithm = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC";
String password = "eKhfdPKO54OddrfgghuBGHsA5BGTYHon";
byte[] salt = {-87, -101, -56, 50, 86, 52, -29, 3};
int iterations = 19;

String text = "foobar";

Provider bouncy = new org.bouncycastle.jce.provider.BouncyCastleProvider();
Security.addProvider(bouncy);

KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, iterations);
SecretKey key = SecretKeyFactory.getInstance(algorithm, bouncy).generateSecret(keySpec);

Cipher cipher = Cipher.getInstance(algorithm, bouncy);
cipher.init(1, key, new PBEParameterSpec(salt, iterations));

System.out.println(new String(Base64.getEncoder().encode(cipher.doFinal(text.getBytes("UTF8")))));
// Output: kaxAiR1Qb9s=

这是使用phpseclib的我(不可用)PHP代码:

$hash = 'sha1';
$kdf = 'pkcs12';
$password = 'eKhfdPKO54OddrfgghuBGHsA5BGTYHon';
$salt = chr(-87) . chr(-101) . chr(-56) . chr(50) . chr(86) . chr(52) . chr(-29) . chr(3);
$iterations = 19;

$text = "foobar";

$cipher = new \phpseclib\Crypt\TripleDES('cbc');
$cipher->setPassword($password, $kdf, $hash, $salt, $iterations);

echo base64_encode($cipher->encrypt($text));
// Output: daAlVF+JjNg=

问题:如何让我的PHP代码生成与Java相同的输出?

1 个答案:

答案 0 :(得分:0)

最后我找到了解决方案!

我从Java版本中提取了生成的密钥和IV字节:

byte[] keyBytes = key.getEncoded();
byte[] iv = cipher.getIV();

直接在PHP中使用它:

$key = chr(208) . chr(193) . chr(208) . chr(49) . chr(81) . chr(84) . chr(244) . chr(181) . chr(234) . chr(244) . chr(94) . chr(164) . chr(44) . chr(55) . chr(244) . chr(64) . chr(233) . chr(97) . chr(4) . chr(64) . chr(179) . chr(155) . chr(161) . chr(155);
$iv = chr(187) . chr(159) . chr(143) . chr(131) . chr(24) . chr(115) . chr(157) . chr(64);

$text = "foobar";

echo openssl_encrypt($text, 'DES-EDE3-CBC', $key, 0, $iv);
// Output: kaxAiR1Qb9s=

您甚至可以将密钥和IV编码到base64中,以便可以轻松地在配置文件中编写它们:

$key = base64_decode('0MHQMVFU9LXq9F6kLDf0QOlhBECzm6Gb');
$iv = base64_decode('u5+PgxhznUA=');

全部谢谢!