所以我要做的就是在我的电脑上安装一个基于时间的加密密钥,让服务器生成相同的加密密钥。除了PC上的密码外,我已经成功完成了。我正在尝试在服务器和我的PC上加密AES-256-CBC中的文本。在我的电脑上我有:
std::string Encrypt( const unsigned char *szPlainText, const unsigned char *szKey, unsigned char *szIV, const int iTextLength )
{
unsigned char szOutput[ 16 ];
memset( szOutput, 0, sizeof( szOutput ) );
std::string strOutput { };
AES_KEY enc_key;
AES_set_encrypt_key( szKey, 256, &enc_key );
AES_cbc_encrypt( szPlainText, szOutput, iTextLength, &enc_key, (unsigned char*)szKey, AES_ENCRYPT );
strOutput.append( reinterpret_cast< const char* >( szOutput ) );
return strOutput;
}
std::string MD5Hash( const unsigned char *szPlainText, const int iCharacters )
{
unsigned char chDigest[ MD5_DIGEST_LENGTH ] { };
MD5( szPlainText, iCharacters, reinterpret_cast< unsigned char* >( &chDigest ) );
char mdString[ 33 ];
for ( int i = 0; i < MD5_DIGEST_LENGTH; i++ )
sprintf( &mdString[ i * 2 ], "%02x", ( unsigned int )chDigest[ i ] );
return mdString;
}
int main( )
{
const unsigned char *szPlainText = reinterpret_cast< const unsigned char* >( "test" );
std::string strCipher { };
std::string strResponseBuffer { };
std::string strEncryptionKey { };
strEncryptionKey = MD5Hash( reinterpret_cast< const unsigned char* >( std::to_string( int( std::chrono::duration_cast< std::chrono::seconds >( std::chrono::system_clock::now( ).time_since_epoch( ) ).count( ) / 10 ) ).c_str( ) ), std::to_string( int( std::chrono::duration_cast< std::chrono::seconds >( std::chrono::system_clock::now( ).time_since_epoch( ) ).count( ) / 10 ) ).length( ) );
strEncryptionKey = strEncryptionKey.substr( 0, 16 );
std::cout << "Our enc key before encryption: " << strEncryptionKey << std::endl;
strCipher = Encrypt( szPlainText, reinterpret_cast< const unsigned char* >( strEncryptionKey.c_str( ) ), ( unsigned char* )( strEncryptionKey.c_str( ) ), strlen(reinterpret_cast< const char* >( szPlainText ) ));
curl_global_init( CURL_GLOBAL_ALL );
void *vCurl = curl_easy_init( );
curl_easy_setopt( vCurl, CURLOPT_URL, strURL );
//curl_easy_setopt( vCurl, CURLOPT_POSTFIELDS, strPostData.c_str( ) );
curl_easy_setopt( vCurl, CURLOPT_WRITEFUNCTION, WriteCallback );
curl_easy_setopt( vCurl, CURLOPT_WRITEDATA, &strResponseBuffer );
curl_easy_perform( vCurl );
curl_easy_cleanup( vCurl );
std::cout << "Our time: " << std::chrono::duration_cast< std::chrono::seconds >( std::chrono::system_clock::now( ).time_since_epoch( ) ).count( ) / 10 << std::endl;
std::cout << "Our enc key: " << strEncryptionKey << std::endl;
std::cout << "Our cipher: " << strCipher << std::endl;
std::cout << "Our plain text: " << szPlainText << std::endl;
std::cout << strResponseBuffer << std::endl;
system( "pause" );
return 0;
}
在PHP代码所在的服务器上,我有:
<?php
$encmethod = "AES-256-CBC";
$plaintext = "test";
$time = microtime(false);
$time = substr($time, 11, strlen($time) - 11);
$time = floor($time / 10);
$enckey = substr(md5($time), 0, 16);
$cipher = openssl_encrypt($plaintext, $encmethod, $enckey, 0, $enckey);
die("Server's time: ".$time."\r\n"."Server's enc key: ".$enckey."\r\n"."Server's cipher: ".base64_decode($cipher)."\r\n"."Server's plain text: ".$plaintext);
?>
我确实知道我正在使用加密密钥进行IV。 I Base64解码加密因为OpenSSL for PHP显然默认编码密码。我不明白的是我得到的输出:
Our enc key before encryption: bd40cb464c24382e
Our time: 151693026
Our enc key: ▐τA╕cæσ@c¿svcî
Our cipher: ▐τA╕cæσ@c¿svcî╠╠╠╠HÇ~╖D·█
Our plain text: test
Server's time: 151693026
Server's enc key: bd40cb464c24382e
Server's cipher: nr"δµûa¢╝│)║\ß■V
Server's plain text: test
Press any key to continue . . .
这会每10秒更改一次,因为这是它的基础。似乎正在发生的事情是加密后,我的加密密钥变得加密,我不知道我的密码应该是什么。每次加密更改时,4个重复字符╠╠╠╠似乎都在那里。如果有人知道我做错了什么我会很感激。
答案 0 :(得分:0)
错误来自糟糕的投射。在这行代码中:
strCipher = Encrypt(
szPlainText,
reinterpret_cast< const unsigned char* >( strEncryptionKey.c_str( ) ),
( unsigned char* )( strEncryptionKey.c_str( ) ),
strlen(reinterpret_cast< const char* >( szPlainText ) ));
第二次演员有点辱骂。显然,该函数需要一个非const缓冲区。您应该在那里提供单独的16字节工作数组的地址。