您现在的位置是:首页 >技术教程 >php7+ openssl AES网站首页技术教程
php7+ openssl AES
查阅的资料
mcrypt_decrypt函数在php7.1正式被禁用,后续使用openssl 进行加解密
openssl_encrypt 加密 openssl_decrypt 解密
踩过的坑
由于我的需求是aes-128-cbc zeropadding 加解密与python java等程序配合。
网上的文章大部分是正确的,但不太详细。 比如正确的openssl_encrypt 但没有告诉你zeropadding 需要的填充方式,或不正确的openssl_encrypt 告诉你加密后需要base64编码。
如何做?
不多说,经过百度得出 php7.1后使用openssl,得出两个关键函数
openssl_encrypt openssl_decrypt
1.openssl_encrypt 加密后不需要base64编码,它已经是base64了。注意
2.openssl_decrypt 解密也不需要先base64解码,直接丢入base64即可!
3.openssl_encrypt 的AES-128-CBC ZEROPADDING加密的明文需要先进行一次填充!
4. key 和 iv 均是16位,据说超出16位php会自动截断,未试过。
5. zeropadding 解密后需要trim一下。
function padZero($data, $blocksize = 16){
$pad = $blocksize - (strlen($data) % $blocksize);
return $data . str_repeat("�", $pad);
}
function aesEn($data, $key, $iv){
// OPENSSL_ZERO_PADDING = 2
// return openssl_decrypt($str, $method, $key, OPENSSL_ZERO_PADDING, $iv);
return openssl_encrypt(padZero($data), "aes-128-cbc", $key, 2, $iv);
}
function aesDn($data, $key, $iv){
// OPENSSL_ZERO_PADDING = 2
// return trim(openssl_decrypt($data, "aes-128-cbc", $key, OPENSSL_ZERO_PADDING, $iv));
return trim(openssl_decrypt($data, "aes-128-cbc", $key, 2, $iv));
}
$encrypt = aesEn("调用加密,这里是加密的东西", "1234567891234567", "1234567891234567");
$decrypt = trim(aesDn($encrypt, "1234567891234567", "1234567891234567"))
padZero只用于给加密的明文后方补全空格 �
而这样的数据解密后需要trim一下,去掉后方的空,否则会出现加密前对明文填充的填充符,这里是加密的东西�x00�x00 不等长
总结:
加密后不需要base64编码,只需要在加密前用zeropadding的方式处理一下明文长度。 解密需要将zeropadding方式处理的明文给删掉多余的空。
不同的加密算法需要不同的初始化向量(IV),也就是 openssl_encrypt 的第 5 个参数 $iv:
openssl_encrypt ( string $data , string $method , string $key , int $options = 0 , string $iv = "" , string &$tag = NULL , string $aad = "" , int $tag_length = 16 ) : string
foreach (openssl_get_cipher_methods(true) as $m) {
echo $m . ' => ' . openssl_cipher_iv_length($m) . '<br />';
}
aes-128-cbc => 16
aes-128-cbc-hmac-sha1 => 16
aes-128-cbc-hmac-sha256 => 16
aes-128-ccm => 12
aes-128-cfb => 16
aes-128-cfb1 => 16
aes-128-cfb8 => 16
aes-128-ctr => 16
aes-128-ecb => 0
aes-128-gcm => 12
aes-128-ocb => 12
aes-128-ofb => 16
aes-128-xts => 16
aes-192-cbc => 16
aes-192-ccm => 12
aes-192-cfb => 16
aes-192-cfb1 => 16
aes-192-cfb8 => 16
aes-192-ctr => 16
aes-192-ecb => 0
aes-192-gcm => 12
aes-192-ocb => 12
aes-192-ofb => 16
aes-256-cbc => 16
aes-256-cbc-hmac-sha1 => 16
aes-256-cbc-hmac-sha256 => 16
aes-256-ccm => 12
aes-256-cfb => 16
aes-256-cfb1 => 16
aes-256-cfb8 => 16
aes-256-ctr => 16
aes-256-ecb => 0
aes-256-gcm => 12
aes-256-ocb => 12
aes-256-ofb => 16
aes-256-xts => 16
aes128 => 16
aes128-wrap => 8
aes192 => 16
aes192-wrap => 8
aes256 => 16
aes256-wrap => 8
aria-128-cbc => 16
aria-128-ccm => 12
aria-128-cfb => 16
aria-128-cfb1 => 16
aria-128-cfb8 => 16
aria-128-ctr => 16
aria-128-ecb => 0
aria-128-gcm => 12
aria-128-ofb => 16
aria-192-cbc => 16
aria-192-ccm => 12
aria-192-cfb => 16
aria-192-cfb1 => 16
aria-192-cfb8 => 16
aria-192-ctr => 16
aria-192-ecb => 0
aria-192-gcm => 12
aria-192-ofb => 16
aria-256-cbc => 16
aria-256-ccm => 12
aria-256-cfb => 16
aria-256-cfb1 => 16
aria-256-cfb8 => 16
aria-256-ctr => 16
aria-256-ecb => 0
aria-256-gcm => 12
aria-256-ofb => 16
aria128 => 16
aria192 => 16
aria256 => 16
bf => 8
bf-cbc => 8
bf-cfb => 8
bf-ecb => 0
bf-ofb => 8
blowfish => 8
camellia-128-cbc => 16
camellia-128-cfb => 16
camellia-128-cfb1 => 16
camellia-128-cfb8 => 16
camellia-128-ctr => 16
camellia-128-ecb => 0
camellia-128-ofb => 16
camellia-192-cbc => 16
camellia-192-cfb => 16
camellia-192-cfb1 => 16
camellia-192-cfb8 => 16
camellia-192-ctr => 16
camellia-192-ecb => 0
camellia-192-ofb => 16
camellia-256-cbc => 16
camellia-256-cfb => 16
camellia-256-cfb1 => 16
camellia-256-cfb8 => 16
camellia-256-ctr => 16
camellia-256-ecb => 0
camellia-256-ofb => 16
camellia128 => 16
camellia192 => 16
camellia256 => 16
cast => 8
cast-cbc => 8
cast5-cbc => 8
cast5-cfb => 8
cast5-ecb => 0
cast5-ofb => 8
chacha20 => 16
chacha20-poly1305 => 12
des => 8
des-cbc => 8
des-cfb => 8
des-cfb1 => 8
des-cfb8 => 8
des-ecb => 0
des-ede => 0
des-ede-cbc => 8
des-ede-cfb => 8
des-ede-ecb => 0
des-ede-ofb => 8
des-ede3 => 0
des-ede3-cbc => 8
des-ede3-cfb => 8
des-ede3-cfb1 => 8
des-ede3-cfb8 => 8
des-ede3-ecb => 0
des-ede3-ofb => 8
des-ofb => 8
des3 => 8
des3-wrap => 0
desx => 8
desx-cbc => 8
id-aes128-CCM => 12
id-aes128-GCM => 12
id-aes128-wrap => 8
id-aes128-wrap-pad => 4
id-aes192-CCM => 12
id-aes192-GCM => 12
id-aes192-wrap => 8
id-aes192-wrap-pad => 4
id-aes256-CCM => 12
id-aes256-GCM => 12
id-aes256-wrap => 8
id-aes256-wrap-pad => 4
id-smime-alg-CMS3DESwrap => 0
idea => 8
idea-cbc => 8
idea-cfb => 8
idea-ecb => 0
idea-ofb => 8
rc2 => 8
rc2-128 => 8
rc2-40 => 8
rc2-40-cbc => 8
rc2-64 => 8
rc2-64-cbc => 8
rc2-cbc => 8
rc2-cfb => 8
rc2-ecb => 0
rc2-ofb => 8
rc4 => 0
rc4-40 => 0
rc4-hmac-md5 => 0
seed => 16
seed-cbc => 16
seed-cfb => 16
seed-ecb => 0
seed-ofb => 16
sm4 => 16
sm4-cbc => 16
sm4-cfb => 16
sm4-ctr => 16
sm4-ecb => 0
sm4-ofb => 16
站长推荐
- SpringSecurity实现前后端分离认证授权
SpringSecurity实现前后端分离认证授权 - stm32使用HAL库配置串口中断收发数据(保姆级教程)
stm32使用HAL库配置串口中断收发数据(保姆级教程) - U8W/U8W-Mini使用与常见问题解决
U8W/U8W-Mini使用与常见问题解决 - 【社区图书馆】伴我前行的一本书《The C Programming Language》
【社区图书馆】伴我前行的一本书《The C Programming Language》 - Unity创建文本时自动修改默认字体
Unity创建文本时自动修改默认字体