用shell_exec替换mcrypt_encrypt(php)openssl

时间:2018-04-01 13:27:03

标签: shell openssl mcrypt

需要用密钥替换shell_exec openssl命令的mcrypt_encrypt(php)。 无法为现有的sys配置添加mcrypt lib(openssl_encrypt),但可以在命令行中运行openssl。但结果却不同。需要帮助。

     <?php
        # -----Encrypt -----
        $key = pack('H*',"189cebc45c7caec5c57894564c52ae5646ed4564565ccc4565ec555dd5dd4d54");
        file_put_contents("k.key",$key);
        echo "Key: " . $key . "\n";

        $key_size =  strlen($key);
        echo "Key size: " . $key_size . "\n";

        $iv = pack('H*', "e4554c4564a5454cc45654a45654ce44");
        echo "Vector: " . $iv . "\n";

        $plaintext = "Thisstringff";
        $block = 16;
        $pad   = $block - (strlen($plaintext) % $block);
        $plaintextn = $plaintext.str_repeat(chr($pad), $pad);

        echo "Source:" . $plaintext . "<-\n";
        echo "size:".strlen($plaintext). "<-\n";
        echo "Source padding:" . $plaintextn . "<-\n";
        echo "size padding:".strlen($plaintextn). "<-\n";

        file_put_contents("pt.in",$plaintext);
        file_put_contents("ptn.in",$plaintextn);

        $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key,$plaintextn, MCRYPT_MODE_CBC,$iv);

        $ciphertext_base64 = base64_encode($ciphertext);

        echo  "\n"."Encrypted:".$ciphertext_base64 . "\n\n";

# --- Decrypt ---

        $ciphertext_dec = base64_decode($ciphertext_base64);

        $plaintext_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key,$ciphertext_dec, MCRYPT_MODE_CBC,$iv);

        echo  "Decrypted:".$plaintext_dec . "\n\n";

# --- Encrypt via openssl_encrypt ----

   function sslEncrypt128($str, $secret,$iv)
            {
                return base64_encode(openssl_encrypt($str, 'aes-256-cbc', $secret, OPENSSL_RAW_DATA,$iv));
            }

        echo  "\n"."Encrypted by openssl_encrypt:";
        var_dump(sslEncrypt128($plaintext, $key,$iv));

# --- Encrypt via command line ---         
            $shkey="189cebc45c7caec5c57894564c52ae5646ed4564565ccc4565ec555dd5dd4d54";
$shkeypack="k.key";
$shiv="e4554c4564a5454cc45654a45654ce44";

#$cmd='echo '.$plaintext.' | openssl aes-256-cbc -nosalt -a -k '.$shkey.' -iv '.$shiv;

$cmd='openssl aes-256-cbc  -in "pt.in" -nosalt -a -A -k "'.$shkey.'" -iv "'.$shiv.'"';
echo "\nCommand:".$cmd."\n";
$output = shell_exec($cmd);
echo "\n"."Encrypted openssl:$output"."\n";

$cmd='openssl aes-256-cbc  -in "pt.in" -nosalt -a -A -kfile "'.$shkeypack.'" -iv "'.$shiv.'"';
echo "\nCommand:".$cmd."\n";
$output = shell_exec($cmd);
echo "\n"."Encrypted openssl kfile:$output"."\n";
?>

结果不同:

mcrypt_encrypt:的 / + tHYRjnz2pvdljivqbDdQ ==

openssl_encrypt:的 / + tHYRjnz2pvdljivqbDdQ ==

OpenSSL的:的 qThMDYfZhk50rMWwj6j75w ==

openssl(密钥打包在文件中): HbQjJ6iuaxCDrSr5T6wnkw ==

可能是填充问题,可能是打包到十六进制,可能是算法。 在openssl中需要相同的东西。 TNX!

1 个答案:

答案 0 :(得分:1)

哦......不..:)

只需要使用键 -K 而不是-k

相关问题
最新问题