openssl_decrypt 不解密用 openssl_encrypt 存储的数据

【问题标题】:openssl_decrypt not decrypting data stored with openssl_encryptopenssl_decrypt 不解密用 openssl_encrypt 存储的数据
【发布时间】:2019-11-15 20:18:48
【问题描述】:

我需要对无法存储为纯文本的非敏感数据进行简单的加密/解密。我把这个类放在一起,openssl_decrypt 返回 false,但我不知道为什么。

$ssl=new ssl();

$x="this was encrpyted";
echo "<br />1".$x;
$json=$ssl->encrypt($x);
echo "<br />2".$json;
echo "<br />3".$ssl->decrypt($json);

class ssl {

    private $cipher = "aes-128-gcm";
    private $options=0;

    public function encrypt($plaintext) {
        $key=openssl_random_pseudo_bytes(16);
        $ivlen=openssl_cipher_iv_length($this->cipher);
        $iv=openssl_random_pseudo_bytes($ivlen);
        $ciphertext=openssl_encrypt(
            $plaintext, 
            $this->cipher, 
            $key,
            $this->options,
            $iv,
            $tag
        );
        $a=[];
        $a["key"]=bin2hex($key);    
        $a["iv"]=bin2hex($iv);  
        $a["ciphertext"]=$ciphertext;   
        return json_encode($a);
    }

    public function decrypt($json) {
        $a=json_decode($json,true);
        return openssl_decrypt(
            $a["ciphertext"], 
            $this->cipher, 
            hex2bin($a["key"]),
            $this->options,
            hex2bin($a["iv"])
        );
    }

}

【问题讨论】:

  • 你有什么错误或输出吗?
  • 使用更现代的built-in functions 几乎肯定会更好。

标签: php openssl php-openssl


【解决方案1】:

您没有存储从加密过程返回的标记值。如mentioned in the documentation,这是 GCM 和 CCM 密码所必需的。

还清理了您的代码:

<?php
class Ssl {

    private static $cipher = "aes-128-gcm";
    private static $options=0;

    public static function encrypt(string $plaintext): ?string
    {
        $key        = openssl_random_pseudo_bytes(16);
        $ivlen      = openssl_cipher_iv_length(self::$cipher);
        $iv         = openssl_random_pseudo_bytes($ivlen);
        $ciphertext = openssl_encrypt(
            $plaintext,
            self::$cipher,
            $key,
            self::$options,
            $iv,
            $tag
        );
        $a = [
            "key"        => bin2hex($key),
            "iv"         => bin2hex($iv),
            "tag"        => bin2hex($tag),
            "ciphertext" => $ciphertext,
        ];
        return json_encode($a);
    }

    public static function decrypt(string $json): ?string
    {
        $a = json_decode($json);
        $result = openssl_decrypt(
            $a->ciphertext,
            self::$cipher,
            hex2bin($a->key),
            self::$options,
            hex2bin($a->iv),
            hex2bin($a->tag)
        );
        if ($result === false) {
            return null;
        }
        return $result;
    }
}

$x = "this was encrpyted";
echo "<br />\n1 $x";
$json = Ssl::encrypt($x);
echo "<br />\n2 $json";
echo "<br />\n3 " . Ssl::decrypt($json);

输出:

<br />
1 this was encrpyted
<br />
2 {"key":"3b48ecde64b8e2789991604678cc9fb9","iv":"307443dc8d114773fc02d0c4","tag":"8c66a2b0094435345b751b2dec5231a9","ciphertext":"EiIxe2hp0aONf41oBRuvwtjr"}
<br />
3 this was encrpyted

【讨论】:

  • 标签存储帮助我摆脱了这种情况,谢谢
猜你喜欢
  • 1970-01-01
  • 2023-03-12
  • 1970-01-01
  • 2021-12-24
  • 1970-01-01
  • 2019-10-28
  • 2020-12-21
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode