我想知道是否有人可以提供帮助,
我正在使用aes-256-gcm加密方法,我可以加密,但不能解密。
下面是我的代码,任何人都可以看到我要去哪里哪里
$textToDecrypt = $_POST['message'];
$password = '3sc3RLrpd17';
$method = 'aes-256-gcm';
$tag_length = 16;
$password = substr(hash('sha256', $password, true), 0, 32);
$iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);
$decrypted = openssl_decrypt(base64_decode($textToDecrypt), $method,
$password, OPENSSL_RAW_DATA, $iv, $tag_length);
加密代码
$textToEncrypt = $_POST['message'];
$password = '3sc3RLrpd17';
$method = 'aes-256-gcm';
$tag_length = 16;
$password = substr(hash('sha256', $password, true), 0, 32);
$iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) .
chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) .
chr(0x0) . chr(0x0) . chr(0x0);
$encrypted = base64_encode(openssl_encrypt($textToEncrypt, $method,
$password, OPENSSL_RAW_DATA, $iv, $tag_length));
答案 0 :(得分:2)
您需要将GCM tag(HMAC)与密文一起保存,并将其传递给解密功能。它不会自动为您保存(您还应该生成一个良好的IV并将其与密文一起存储)。
openssl_encrypt指定为:
string openssl_encrypt ( string $data , string $method , string $key [, int $options = 0 [, string $iv = "" [, string &$tag = NULL [, string $aad = "" [, int $tag_length = 16 ]]]]] )
如果您仔细观察,您将传入$tag_length所在的$tag。
这是它的外观:
加密:
$textToEncrypt = $_POST['message'];
$password = '3sc3RLrpd17';
$key = substr(hash('sha256', $password, true), 0, 32);
$cipher = 'aes-256-gcm';
$iv_len = openssl_cipher_iv_length($cipher);
$tag_length = 16;
$iv = openssl_random_pseudo_bytes($iv_len);
$tag = ""; // will be filled by openssl_encrypt
$ciphertext = openssl_encrypt($textToEncrypt, $cipher, $key, OPENSSL_RAW_DATA, $iv, $tag, "", $tag_length);
$encrypted = base64_encode($iv.$tag.$ciphertext);
解密:
$textToDecrypt = $_POST['message'];
$encrypted = base64_decode($textToDecrypt);
$password = '3sc3RLrpd17';
$key = substr(hash('sha256', $password, true), 0, 32);
$cipher = 'aes-256-gcm';
$iv_len = openssl_cipher_iv_length($cipher);
$tag_length = 16;
$iv = substr($encrypted, 0, $iv_len);
$tag = substr($encrypted, $iv_len, $tag_length);
$ciphertext = substr($encrypted, $iv_len + $tag_length);
$decrypted = openssl_decrypt($ciphertext, $cipher, $key, OPENSSL_RAW_DATA, $iv, $tag);
答案 1 :(得分:0)
那怎么办?
function encrypt($key, $data) {
$encryptionKey = base64_decode($key);
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-gcm'));
$encrypted = openssl_encrypt($data, 'aes-256-gcm', $encryptionKey, 0, $iv, $tag);
return base64_encode($encrypted . '::' . $iv . '::' . $tag);
}
function decrypt($key, $data) {
$encryptionKey = base64_decode($key);
list($encryptedData, $iv, $tag) = explode('::', base64_decode($data), 3);
return openssl_decrypt($encryptedData, 'aes-256-gcm', $encryptionKey, 0, $iv, $tag);
}
$encrypt = encrypt('key', 'test data');
$decrypt = decrypt('key', $encrypt);
echo $encrypt . ' : ' . $decrypt;
答案 2 :(得分:0)
@Scribilicious 这里的问题是$ iv和$ tag是二进制的($ encrypted是base64)。因此,可能在数据中包含“ ::”。 所以可能会更好。
function encrypt($key, $data) {
$encryptionKey = base64_decode($key);
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-gcm'));
$encrypted = openssl_encrypt($data, 'aes-256-gcm', $encryptionKey, 0, $iv, $tag);
return $encrypted . ':' . base64_encode($iv) . ':' . base64_encode($tag));
}
function decrypt($key, $data) {
$encryptionKey = base64_decode($key);
list($encryptedData, $iv, $tag) = explode(':', $data, 3);
return openssl_decrypt($encryptedData, 'aes-256-gcm', $encryptionKey, 0, base64_decode($iv), base64_decode($tag));
}
$encrypt = encrypt('key', 'test data');
$decrypt = decrypt('key', $encrypt);
echo $encrypt . ' : ' . $decrypt;