php - 解密使用 NodeJS 加密的 AES-256-CBC 字符串
问题描述
我使用以下函数通过 NodeJS 加密/解密,它们工作正常。但是我无法使用 PHP 解密数据以在同一项目的某些部分中使用。
节点JS:
function encrypt(text){
var cipher = crypto.createCipher('aes-256-cbc','strong-key')
var crypted = cipher.update(text,'utf8','hex')
crypted += cipher.final('hex');
return crypted;
}
function decrypt(text){
var decipher = crypto.createDecipher('aes-256-cbc','strong-key')
var dec = decipher.update(text,'hex','utf8')
dec += decipher.final('utf8');
return dec;
}
我用 PHP 尝试的是:
openssl_decrypt('fdf32748aa4ce37fc600bbe7be14bfc7', 'AES-256-CBC', "strong-key");
但它一直返回假/空。我很感激治愈我知道我做错了什么。
编辑:例如,28e1dfdedac467a015a9c8720d0a6451
使用 PHP 解密应该返回“Hello World”,使用与上面相同的密钥。
解决方案
确保您的传入数据格式正确(即没有任何额外的编码层)。它看起来像十六进制,但这不是 openssl_decrypt 所期望的。
这是一个来回的 PHP 示例(使用你也应该使用的 IV):
$data = 'hello this is some data';
$key = 'this is a cool and secret password';
$iv = random_bytes(16);
$encrypted = openssl_encrypt($data, 'aes-256-cbc', $key, 0, $iv);
echo 'iv (as hex): ', bin2hex($iv), PHP_EOL;
echo 'encrypted: ', $encrypted, PHP_EOL; // note this is not hex
$decrypted = openssl_decrypt($encrypted, 'aes-256-cbc', $key, 0, $iv);
echo 'decrypted: ', $decrypted, PHP_EOL;
$ php test.php
iv (as hex): 02c00788438518f241cb86dc90237102
encrypted: oRZAXMjNle6hkJ9rTHTeUl5VoHQol+020Q/iFnbgbeU=
decrypted: hello this is some data
编辑,更具体的例子,强调了解你的编码的重要性:
// test.js
const crypto = require('crypto');
let data = 'hello this is some data';
const key = crypto.scryptSync('Password used to generate key', '', 32); // 256 / 8 = 32
const iv = crypto.randomBytes(16); // Initialization vector.
const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
let crypted = cipher.update(data,'utf8','hex')
crypted += cipher.final('hex');
console.log('data: ', data);
console.log('key: ', key.toString('hex')); // key: 9266bc531befd01b6a55c232fa0efeb35625079e7024758b2e65d0dd72fe59df
console.log('crypted (as hex): ', crypted); // crypted (as hex): b571d864da0680d77e4880d0071b49e456a1eead4b1cbfa42a9337965a466362
console.log('iv (as hex): ', iv.toString('hex')); // iv (as hex): 788ac1dcee25824b713b5201d07cc133
这里我们知道我们所有的输出都是十六进制的,所以我们可以在 PHP 端将它们重新格式化为二进制数据:
// test.php
$iv = hex2bin( '788ac1dcee25824b713b5201d07cc133' );
$encrypted = hex2bin( 'b571d864da0680d77e4880d0071b49e456a1eead4b1cbfa42a9337965a466362' );
$key = hex2bin('9266bc531befd01b6a55c232fa0efeb35625079e7024758b2e65d0dd72fe59df');
$decrypted = openssl_decrypt($encrypted, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
echo 'decrypted: ', $decrypted, PHP_EOL; // hello this is some data
最终编辑:现在可以使用密钥派生实现。这成功解密了您的“Hello world”:
$password = 'strong-key';
// derrive key and IV using function from SO, which implements same method node uses
$ar = deriveKeyAndIV($password, 1, 'aes-256-cbc', 'md5');
$key = $ar['key'];
$iv = $ar['iv'];
$decrypted = openssl_decrypt(hex2bin('28e1dfdedac467a015a9c8720d0a6451'), 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
echo 'decrypted: ', $decrypted, PHP_EOL; // Hello world
function deriveKeyAndIV($data,$count,$cipher,$digest) {
$ivlen = openssl_cipher_iv_length($cipher);
$keylen = 32;
$hash = "";
$hdata = "";
while(strlen($hash) < $keylen+$ivlen) {
$hdata .= $data;
$md_buf = openssl_digest($hdata, $digest);
//
for ($i = 1; $i < $count; $i++) {
$md_buf = openssl_digest ( hex2bin($md_buf),$digest);
}
$hdata = hex2bin($md_buf);
$hash .= $hdata;
}
//
$key = substr($hash,0,$keylen);
$iv = substr($hash,$keylen,$ivlen);
//
return array('key' => $key, 'iv' => $iv);
}
推荐阅读
- c# - “事件处理程序应具有正确的签名”规则的基本原理是什么
- javascript - 验证动态附加的文本框字段-jQuery
- grails - 如何使用其他域对象启动 Grails 域类
- twig - Timber - WooCoommerce 电子邮件模板
- c# - 线程、任务、状态,需要帮助选择正确的
- android - Android Room 数据库 RxAndroid,异常:java.lang.IllegalStateException:无法访问主线程上的数据库,因为
- reactjs - 如何在 Reactjs 中从 Firebase Firestore 导入 FieldValue.increment()?
- r - 如何在 gganimate 中固定绘图的宽度?
- arrays - 从对象数组中删除重复对象
- javascript - ncaught TypeError:无法读取 null 的属性“getElementsByTagName”