您现在的位置是:首页 >技术教程 >php7+ openssl AES网站首页技术教程

php7+ openssl AES

jugt 2024-06-14 18:01:02
简介php7+ openssl AES

查阅的资料
mcrypt_decrypt函数在php7.1正式被禁用,后续使用openssl 进行加解密
openssl_encrypt 加密 openssl_decrypt 解密

踩过的坑
由于我的需求是aes-128-cbc zeropadding 加解密与python java等程序配合。
网上的文章大部分是正确的,但不太详细。 比如正确的openssl_encrypt 但没有告诉你zeropadding 需要的填充方式,或不正确的openssl_encrypt 告诉你加密后需要base64编码。

如何做?
不多说,经过百度得出 php7.1后使用openssl,得出两个关键函数
openssl_encrypt openssl_decrypt

1.openssl_encrypt 加密后不需要base64编码,它已经是base64了。注意
2.openssl_decrypt 解密也不需要先base64解码,直接丢入base64即可!
3.openssl_encrypt 的AES-128-CBC ZEROPADDING加密的明文需要先进行一次填充!
4. key 和 iv 均是16位,据说超出16位php会自动截断,未试过。
5. zeropadding 解密后需要trim一下。

function padZero($data, $blocksize = 16){
    $pad = $blocksize - (strlen($data) % $blocksize);
    return $data . str_repeat("", $pad);
}

function aesEn($data, $key, $iv){
	// OPENSSL_ZERO_PADDING = 2
	// return openssl_decrypt($str, $method, $key, OPENSSL_ZERO_PADDING, $iv);
    return openssl_encrypt(padZero($data), "aes-128-cbc", $key, 2, $iv);
}

function aesDn($data, $key, $iv){
	// OPENSSL_ZERO_PADDING = 2
	// return trim(openssl_decrypt($data, "aes-128-cbc", $key, OPENSSL_ZERO_PADDING, $iv));
    return trim(openssl_decrypt($data, "aes-128-cbc", $key, 2, $iv));
}

$encrypt = aesEn("调用加密,这里是加密的东西", "1234567891234567", "1234567891234567");
$decrypt = trim(aesDn($encrypt, "1234567891234567", "1234567891234567"))

padZero只用于给加密的明文后方补全空格
而这样的数据解密后需要trim一下,去掉后方的空,否则会出现加密前对明文填充的填充符,这里是加密的东西x00x00 不等长

总结:
加密后不需要base64编码,只需要在加密前用zeropadding的方式处理一下明文长度。 解密需要将zeropadding方式处理的明文给删掉多余的空。

不同的加密算法需要不同的初始化向量(IV),也就是 openssl_encrypt 的第 5 个参数 $iv:

openssl_encrypt ( string $data , string $method , string $key , int $options = 0 , string $iv = "" , string &$tag = NULL , string $aad = "" , int $tag_length = 16 ) : string
foreach (openssl_get_cipher_methods(true) as $m) {
	echo $m . ' => ' . openssl_cipher_iv_length($m) . '<br />';
}

aes-128-cbc => 16
aes-128-cbc-hmac-sha1 => 16
aes-128-cbc-hmac-sha256 => 16
aes-128-ccm => 12
aes-128-cfb => 16
aes-128-cfb1 => 16
aes-128-cfb8 => 16
aes-128-ctr => 16
aes-128-ecb => 0
aes-128-gcm => 12
aes-128-ocb => 12
aes-128-ofb => 16
aes-128-xts => 16
aes-192-cbc => 16
aes-192-ccm => 12
aes-192-cfb => 16
aes-192-cfb1 => 16
aes-192-cfb8 => 16
aes-192-ctr => 16
aes-192-ecb => 0
aes-192-gcm => 12
aes-192-ocb => 12
aes-192-ofb => 16
aes-256-cbc => 16
aes-256-cbc-hmac-sha1 => 16
aes-256-cbc-hmac-sha256 => 16
aes-256-ccm => 12
aes-256-cfb => 16
aes-256-cfb1 => 16
aes-256-cfb8 => 16
aes-256-ctr => 16
aes-256-ecb => 0
aes-256-gcm => 12
aes-256-ocb => 12
aes-256-ofb => 16
aes-256-xts => 16
aes128 => 16
aes128-wrap => 8
aes192 => 16
aes192-wrap => 8
aes256 => 16
aes256-wrap => 8
aria-128-cbc => 16
aria-128-ccm => 12
aria-128-cfb => 16
aria-128-cfb1 => 16
aria-128-cfb8 => 16
aria-128-ctr => 16
aria-128-ecb => 0
aria-128-gcm => 12
aria-128-ofb => 16
aria-192-cbc => 16
aria-192-ccm => 12
aria-192-cfb => 16
aria-192-cfb1 => 16
aria-192-cfb8 => 16
aria-192-ctr => 16
aria-192-ecb => 0
aria-192-gcm => 12
aria-192-ofb => 16
aria-256-cbc => 16
aria-256-ccm => 12
aria-256-cfb => 16
aria-256-cfb1 => 16
aria-256-cfb8 => 16
aria-256-ctr => 16
aria-256-ecb => 0
aria-256-gcm => 12
aria-256-ofb => 16
aria128 => 16
aria192 => 16
aria256 => 16
bf => 8
bf-cbc => 8
bf-cfb => 8
bf-ecb => 0
bf-ofb => 8
blowfish => 8
camellia-128-cbc => 16
camellia-128-cfb => 16
camellia-128-cfb1 => 16
camellia-128-cfb8 => 16
camellia-128-ctr => 16
camellia-128-ecb => 0
camellia-128-ofb => 16
camellia-192-cbc => 16
camellia-192-cfb => 16
camellia-192-cfb1 => 16
camellia-192-cfb8 => 16
camellia-192-ctr => 16
camellia-192-ecb => 0
camellia-192-ofb => 16
camellia-256-cbc => 16
camellia-256-cfb => 16
camellia-256-cfb1 => 16
camellia-256-cfb8 => 16
camellia-256-ctr => 16
camellia-256-ecb => 0
camellia-256-ofb => 16
camellia128 => 16
camellia192 => 16
camellia256 => 16
cast => 8
cast-cbc => 8
cast5-cbc => 8
cast5-cfb => 8
cast5-ecb => 0
cast5-ofb => 8
chacha20 => 16
chacha20-poly1305 => 12
des => 8
des-cbc => 8
des-cfb => 8
des-cfb1 => 8
des-cfb8 => 8
des-ecb => 0
des-ede => 0
des-ede-cbc => 8
des-ede-cfb => 8
des-ede-ecb => 0
des-ede-ofb => 8
des-ede3 => 0
des-ede3-cbc => 8
des-ede3-cfb => 8
des-ede3-cfb1 => 8
des-ede3-cfb8 => 8
des-ede3-ecb => 0
des-ede3-ofb => 8
des-ofb => 8
des3 => 8
des3-wrap => 0
desx => 8
desx-cbc => 8
id-aes128-CCM => 12
id-aes128-GCM => 12
id-aes128-wrap => 8
id-aes128-wrap-pad => 4
id-aes192-CCM => 12
id-aes192-GCM => 12
id-aes192-wrap => 8
id-aes192-wrap-pad => 4
id-aes256-CCM => 12
id-aes256-GCM => 12
id-aes256-wrap => 8
id-aes256-wrap-pad => 4
id-smime-alg-CMS3DESwrap => 0
idea => 8
idea-cbc => 8
idea-cfb => 8
idea-ecb => 0
idea-ofb => 8
rc2 => 8
rc2-128 => 8
rc2-40 => 8
rc2-40-cbc => 8
rc2-64 => 8
rc2-64-cbc => 8
rc2-cbc => 8
rc2-cfb => 8
rc2-ecb => 0
rc2-ofb => 8
rc4 => 0
rc4-40 => 0
rc4-hmac-md5 => 0
seed => 16
seed-cbc => 16
seed-cfb => 16
seed-ecb => 0
seed-ofb => 16
sm4 => 16
sm4-cbc => 16
sm4-cfb => 16
sm4-ctr => 16
sm4-ecb => 0
sm4-ofb => 16

风语者!平时喜欢研究各种技术,目前在从事后端开发工作,热爱生活、热爱工作。