Press "Enter" to skip to content

php 和js aes des 对称加密解密

Published March 11, 2022 by afei

前端技术加密之后,php后端收到数据 进行解密

这是js加密代码

var n = releasex.util.convertStringToBytes(t);
var i = releasex.util.convertStringToBytes(t);
var o = releasex.util.convertStringToBytes(r);
var a = releasex.padding.pkcs7.pad(o);
var u = new releasex.ModeOfOperation.cbc(n, i);
var c = u.encrypt(a);

php目前都是通过 openssl_decrypt 解密,openssl_encrypt加密的

看js 代码代码是cbc模式,但是php cbc模式有很多中 (aes-128-cbc , aes-128-cbc-hmac-sha1, aes-192-cbc , aes-256-cbc) 128 、192、256 代表秘钥长度位数,不是key的字符串长度

/**
 * Encrypts data
 * @link https://php.net/manual/en/function.openssl-encrypt.php
 * @param string $data <p>
 * The data.
 * </p>
 * @param string $cipher_algo <p>
 * The cipher method. For a list of available cipher methods, use {@see openssl_get_cipher_methods()}.
 * </p>
 * @param string $passphrase <p>
 * The key.
 * </p>
 * @param int $options [optional] <p>
 * options is a bitwise disjunction of the flags OPENSSL_RAW_DATA and OPENSSL_ZERO_PADDING.
 * </p>
 * @param string $iv [optional] <p>
 * A non-NULL Initialization Vector.
 * </p>
 * @param string &$tag [optional] <p>The authentication tag passed by reference when using AEAD cipher mode (GCM or CCM).</p>
 * @param string $aad [optional] <p>Additional authentication data.</p>
 * @param int $tag_length [optional] <p>
 * The length of the authentication tag. Its value can be between 4 and 16 for GCM mode.
 * </p>
 * @return string|false the encrypted string on success or false on failure.
 */
function openssl_encrypt(string $data, string $cipher_algo, string $passphrase, int $options = 0, string $iv = "", &$tag, string $aad = "", int $tag_length = 16): string|false {}
Warning: openssl_encrypt(): IV passed is 19 bytes long which is longer than the 16 expected by selected cipher,

1 bit 位    = 1  二进制数据
1 byte 字节  = 8  bit
1 字母 = 1  byte = 8 bit

128位/8=16字节=16字符
192位/8=24字节=24字符
256位/8=32字节=32字符

也就是说KEY 的长度是根据AES-128-CBC 与 AES-256-CBC 变换的。使用 AES-128-CBC 时,key的长度应该为16位,使用 AES-256-CBC时,key的长度应该为32位。

当然了,如果key长度大于限定方式,也无所谓,不是我说无所谓,是php在处理的时候只截取实际的长度。如果长度不够php也会使用‘x00’填补

这样通过可以js 设定的key 字符串长度确定 cbc 是128 还是 192 还是256 

然后就是options:有OPENSSL_RAW_DATA和OPENSSL_ZERO_PADDING两种,前者会默认采用PKCS#7进行补位,输出结果是加密后的原始结果,没有用base64编码;后者要求被加密的数据必须是“加密块”的整数倍,也就需要自己对加密数据进行补位处理

对应上面js php加密 options 是0 
openssl_encrypt($data, 'AES-128-CBC', $key, 0, $iv);

可以js 在浏览器debug调试加密参数 然后找出对应php

Published in 技术

Leave a Reply

Your email address will not be published. Required fields are marked *