Question

我正在尝试在C＃和PHP之间同步我的加密和解密方法，但似乎出现了问题。

在Windows Phone 7 SDK中，您可以使用AESManaged加密数据

我使用以下方法：

    public static string EncryptA(string dataToEncrypt, string password, string salt)
    {
        AesManaged aes = null;
        MemoryStream memoryStream = null;
        CryptoStream cryptoStream = null;

        try
        {
            //Generate a Key based on a Password, Salt and HMACSHA1 pseudo-random number generator 
            Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(password, Encoding.UTF8.GetBytes(salt));

            //Create AES algorithm with 256 bit key and 128-bit block size 
            aes = new AesManaged();
            aes.Key = rfc2898.GetBytes(aes.KeySize / 8);
            aes.IV = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; // rfc2898.GetBytes(aes.BlockSize / 8);

            // to check my results against those of PHP
            var blaat1 = Convert.ToBase64String(aes.Key);
            var blaat2 = Convert.ToBase64String(aes.IV);

            //Create Memory and Crypto Streams 
            memoryStream = new MemoryStream();
            cryptoStream = new CryptoStream(memoryStream, aes.CreateEncryptor(), CryptoStreamMode.Write);

            //Encrypt Data 
            byte[] data = Encoding.Unicode.GetBytes(dataToEncrypt);
            cryptoStream.Write(data, 0, data.Length);
            cryptoStream.FlushFinalBlock();

            //Return Base 64 String 
            string result = Convert.ToBase64String(memoryStream.ToArray());

            return result;
        }
        finally
        {
            if (cryptoStream != null)
                cryptoStream.Close();

            if (memoryStream != null)
                memoryStream.Close();

            if (aes != null)
                aes.Clear();
        }
    }

我解决了生成密钥的问题。 Key和IV与PHP端的类似。但是加密的最后一步是错误的。

这是我的PHP代码

<?php

function pbkdf2($p, $s, $c, $dk_len, $algo = 'sha1') {

    // experimentally determine h_len for the algorithm in question
     static $lengths;
     if (!isset($lengths[$algo])) { $lengths[$algo] = strlen(hash($algo, null, true)); }
    $h_len = $lengths[$algo];

    if ($dk_len > (pow(2, 32) - 1) * $h_len) {
         return false; // derived key is too long
     } else {
         $l = ceil($dk_len / $h_len); // number of derived key blocks to compute
         $t = null;
         for ($i = 1; $i <= $l; $i++) {
             $f = $u = hash_hmac($algo, $s . pack('N', $i), $p, true); // first iterate
             for ($j = 1; $j < $c; $j++) {
                 $f ^= ($u = hash_hmac($algo, $u, $p, true)); // xor each iterate
             }
             $t .= $f; // concatenate blocks of the derived key
         }
         return substr($t, 0, $dk_len); // return the derived key of correct length
     }

}


$password = 'test';
$salt = 'saltsalt';
$text = "texttoencrypt";

#$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
#echo $iv_size . '<br/>';
#$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
#print_r (mcrypt_list_algorithms());

$iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";

$key = pbkdf2($password, $salt, 1000, 32);
echo 'key: ' . base64_encode($key) . '<br/>';
echo 'iv: ' . base64_encode($iv) . '<br/>';

echo '<br/><br/>';

function addpadding($string, $blocksize = 32){
     $len = strlen($string);
     $pad = $blocksize - ($len % $blocksize);
     $string .= str_repeat(chr($pad), $pad);
     return $string;
 }

echo 'text: ' . $text . '<br/>';
echo 'text: ' . addpadding($text) . '<br/>';

// -- works till here

$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv);

echo '1.' . $crypttext . '<br/>';
$crypttext = base64_encode($crypttext);
echo '2.' . $crypttext . '<br/>';

$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, addpadding($text), MCRYPT_MODE_CBC, $iv);

echo '1.' . $crypttext . '<br/>';
$crypttext = base64_encode($crypttext);
echo '2.' . $crypttext . '<br/>';

?>

所以要指出的是，Key和IV在.NET和PHP上看起来相似，但在执行mcrypt_encrypt（）时，最终调用中似乎出现了问题。最终结果（加密字符串）与.NET不同。

任何人都可以告诉我我做错了什么。据我所知，一切都应该是正确的。

谢谢！

编辑：

有关.NET中AESManaged对象的其他信息

Keysize = 256 模式= CBC 填充= PKCS7

Answer 1

MCRYPT_RIJNDAEL_256是Rijndael算法的版本，块大小为256位，而AES只是块大小为128位的版本。这些不兼容。

使用MCRYPT_RIJNDAEL_128获取与AES等效的算法。它仍支持标准化为AES的所有三种密钥大小，即128位（16字节），196位（24字节）和256位（32字节）。只需传递一个足够长的字符串作为键。

Answer 2

我解决了这些问题。您需要确保在字符串上使用UTF8编码并且使用正确的填充（PKCS7）

以下是代码：

    public static string EncryptA(string dataToEncrypt, string password, string salt)
    {
        AesManaged aes = null;
        MemoryStream memoryStream = null;
        CryptoStream cryptoStream = null;

        try
        {
            //Generate a Key based on a Password, Salt and HMACSHA1 pseudo-random number generator 
            Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(password, Encoding.UTF8.GetBytes(salt));

            //Create AES algorithm with 256 bit key and 128-bit block size 
            aes = new AesManaged();
            aes.Key = rfc2898.GetBytes(aes.KeySize / 8);
            aes.IV = Encoding.UTF8.GetBytes("AAAAAAAAAAAAAAAA"); // new byte[] { 0x41, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; // rfc2898.GetBytes(aes.BlockSize / 8);

            //Create Memory and Crypto Streams 
            memoryStream = new MemoryStream();
            cryptoStream = new CryptoStream(memoryStream, aes.CreateEncryptor(aes.Key, aes.IV), CryptoStreamMode.Write);

            //Encrypt Data 
            byte[] data = Encoding.UTF8.GetBytes(dataToEncrypt);
            cryptoStream.Write(data, 0, data.Length);
            cryptoStream.FlushFinalBlock();

            //Return Base 64 String 
            var temp = memoryStream.ToArray();
            string result = Convert.ToBase64String(temp);

            return result;
        }
        finally
        {
            if (cryptoStream != null)
                cryptoStream.Close();

            if (memoryStream != null)
                memoryStream.Close();

            if (aes != null)
                aes.Clear();
        }
    }

并在php中：

<?php
function pbkdf2($p, $s, $c, $dk_len, $algo = 'sha1') {

    // experimentally determine h_len for the algorithm in question
     static $lengths;
     if (!isset($lengths[$algo])) { $lengths[$algo] = strlen(hash($algo, null, true)); }
    $h_len = $lengths[$algo];

    if ($dk_len > (pow(2, 32) - 1) * $h_len) {
         return false; // derived key is too long
     } else {
         $l = ceil($dk_len / $h_len); // number of derived key blocks to compute
         $t = null;
         for ($i = 1; $i <= $l; $i++) {
             $f = $u = hash_hmac($algo, $s . pack('N', $i), $p, true); // first iterate
             for ($j = 1; $j < $c; $j++) {
                 $f ^= ($u = hash_hmac($algo, $u, $p, true)); // xor each iterate
             }
             $t .= $f; // concatenate blocks of the derived key
         }
         return substr($t, 0, $dk_len); // return the derived key of correct length
     }
}

$text = "blaat";
$password = 'this is my secret passwordthis is my secret password';
$salt = 'thisismysalt';

#$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
#$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

$iv = 'AAAAAAAAAAAAAAAA';

$key = pbkdf2($password, $salt, 1000, 32);
echo 'key size: ' . strlen($key) . '<br/>';
echo 'key: ' . base64_encode($key) . '<br/>';
echo 'iv size: ' . strlen($iv) . '<br/>';
#echo 'iv: ' . $iv . '<br/>';
echo 'iv: ' . base64_encode($iv) . '<br/>';

echo '<br/><br/>';

#    $data = $this->paddingAlgorithm->padData($data, $blockSize);
#    return $iv . mcrypt_encrypt($this->MCRYPT_DES, $keyBytes, $data, MCRYPT_MODE_CBC, $iv);

function addpadding($string)
{
     $blocksize = 16;
     $len = strlen($string);
     $pad = $blocksize - ($len % $blocksize);
     $string .= str_repeat(chr($pad), $pad);

     return $string;
}

$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, addpadding($text), MCRYPT_MODE_CBC, $iv);
$crypttext = base64_encode($crypttext);
echo '3. [' . $crypttext . ']<br/>';

echo '<br/>';

?>

希望这对某些人也有帮助。

Paulo感谢您的帮助！

WP：AesManaged加密与mcrypt_encrypt

2 个答案: