php 中的 AES 加密,然后用 Javascript (cryptojs) 解密
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11797238/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
AES encryption in php and then decryption with Javascript (cryptojs)
提问by Lyubomir Lyubenov
I'm searching for a way to make a 2 way encryption of a simple text (5 to 6 numbers and/or characters). The catch is that i want to make the encryption in php and then decrypt it via Javascript. For php i've tested using mcrypt_encode and have gotten it to work, hence when i try to decrypt it with javascript (i'm using the Crypto-js library - http://code.google.com/p/crypto-js/) i get no results. Here is the php code i'm using:
我正在寻找一种对简单文本(5 到 6 个数字和/或字符)进行 2 向加密的方法。问题是我想在 php 中进行加密,然后通过 Javascript 对其进行解密。对于 php,我已经使用 mcrypt_encode 进行了测试并使其正常工作,因此当我尝试使用 javascript 对其进行解密时(我使用的是 Crypto-js 库 - http://code.google.com/p/crypto-js /) 我没有得到任何结果。这是我正在使用的 php 代码:
$key = "oijhd981727783hy18274";
$text = "1233";
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC,$iv);
echo base64_encode($crypttext);
and then here is the Javascript code i'm using:
然后这是我正在使用的 Javascript 代码:
var encrypted = CryptoJS.enc.Base64.parse("LiJU5oYHXRSNsrjMtCr5o2ev7yDFGZId85gh9MEXPeg=");
var key = 'oijhd981727783hy18274';
var decrypted = CryptoJS.AES.decrypt(encrypted, key);
document.write( decrypted.toString(CryptoJS.enc.Utf8) );
As i'm just testing, i copy/paste the output from the php straight into the JS and see if it would return any results, however that doesnt happen. As i'm new to the encryption/decryption part i might be missing something. Any suggestions will be greatly appreciated.
因为我只是在测试,所以我将 php 的输出直接复制/粘贴到 JS 中,看看它是否会返回任何结果,但这不会发生。因为我是加密/解密部分的新手,所以我可能会遗漏一些东西。任何建议将不胜感激。
On a side note, as i read a lot of suggestions here about using other types of communication to transfer the data, that would not be possible in this case, as i need to pass this string to a third party software, which will bring it over on a secure area, where i have access to edit only the javascript, this is why i'm trying to encrypt the text in php and place it inside the website's source, from where the third party software will read it as it is encrypted and will transfer it to the secure section, where i will need to decrypt it back via Javascript (i dont have access to php there).
附带说明一下,当我在这里阅读了很多关于使用其他类型的通信来传输数据的建议时,在这种情况下这是不可能的,因为我需要将此字符串传递给第三方软件,这将带来它在一个安全区域,在那里我只能编辑 javascript,这就是为什么我试图加密 php 中的文本并将其放置在网站的源中,第三方软件将从那里读取它,因为它是加密的并将其传输到安全部分,在那里我需要通过 Javascript 解密它(我在那里无法访问 php)。
回答by Lyubomir Lyubenov
So, after some more digging i came to the following online encryptor/decryptorwhich led me to the gibberish-aes at GitHubrepository.
因此,经过更多的挖掘,我来到了以下在线加密器/解密器,这使我在 GitHub存储库中找到了胡言乱语。
Inside one of the comments on the first link i found that this JS library has a php equivalent, which seems to be working reasonably well and is fairly easy to deploy: https://github.com/ivantcholakov/gibberish-aes-php
在第一个链接的一个评论中,我发现这个 JS 库有一个 php 等效项,它似乎运行得相当好并且相当容易部署:https: //github.com/ivantcholakov/gibberish-aes-php
So thanks to Lars for the answer he provided, i would encourage him to open the repository, i'm sure he'll make someone's life a little bit easier :)
所以感谢 Lars 提供的答案,我会鼓励他打开存储库,我相信他会让某人的生活更轻松:)
回答by tdkBacke
From the CryptoJS documentation:
来自 CryptoJS 文档:
For the key, when you pass a string, it's treated as a passphrase and used to derive an actual key and IV. Or you can pass a WordArray that represents the actual key. If you pass the actual key, you must also pass the actual IV.
对于密钥,当您传递字符串时,它被视为密码短语并用于派生实际密钥和 IV。或者您可以传递一个代表实际键的 WordArray。如果传递实际密钥,则还必须传递实际 IV。
So in your line
所以在你的行
var decrypted = CryptoJS.AES.decrypt(encrypted, key);
"oijhd981727783hy18274" is treated as a passphrase to create a key and not as the actual key.
“oijhd981727783hy18274”被视为创建密钥的密码,而不是实际的密钥。
Passing an IV works like this:
传递 IV 的工作方式如下:
var key = CryptoJS.enc.Hex.parse('000102030405060708090a0b0c0d0e0f');
var iv = CryptoJS.enc.Hex.parse('101112131415161718191a1b1c1d1e1f');
var encrypted = CryptoJS.AES.encrypt("Message", key, { iv: iv });
回答by Lars Knickrehm
Some time ago I had the same problem. I finally got to use SlowAES from http://code.google.com/p/slowaes/with some fixes and ported it to PHP.
前段时间我遇到了同样的问题。我终于使用http://code.google.com/p/slowaes/ 中的SlowAES 进行了一些修复并将其移植到 PHP。
Note: The official sources are broken, just as the official PHP port.
注:官方来源已破解,与官方PHP移植一样。
Let me know if you're interested. Then I'd open a new repository at GitHub where you can grab everything you need...
如果您有兴趣,请告诉我。然后我会在 GitHub 上打开一个新的存储库,你可以在那里获取你需要的一切......
