在 Laravel 之外解密加密值
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17390898/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Decrypt encrypted value outside of Laravel
提问by TheNiceGuy
How can i decrypt a string which has been encrypted using the Laravel 4 Encrypt class, outside of Laravel, only with PHP?
如何在 Laravel 之外仅使用 PHP 解密已使用 Laravel 4 Encrypt 类加密的字符串?
回答by Amal Murali
The Laravel Encrypterclass uses Rijndael with a block size of 256 bit for encryption which is provided by the Mcrypt PHP extension. The Encrypterclass works using two simple methods, encrypt()and decrypt().
LaravelEncrypter类使用 Rijndael 和 Mcrypt PHP 扩展提供的 256 位块大小进行加密。本Encrypter类作品使用两个简单的方法,encrypt()和decrypt()。
An example below:
下面是一个例子:
<?php
$secret = Crypter::encrypt('some text here'); //encrypted
$decrypted_secret = Crypter::decrypt($secret); //decrypted
?>
Since you're asking how to do it "outside of Laravel":
既然你问如何“在 Laravel 之外”做到这一点:
The encryption and decryption is done by the encrypter class. Laravel source is public and here's the relevant part:
加密和解密由 encrypter 类完成。Laravel 源是公开的,这里是相关部分:
<?php
public function encrypt($value)
{
$iv = mcrypt_create_iv($this->getIvSize(), $this->getRandomizer());
$value = base64_encode($this->padAndMcrypt($value, $iv));
$mac = $this->hash($iv = base64_encode($iv), $value);
return base64_encode(json_encode(compact('iv', 'value', 'mac')));
}
protected function padAndMcrypt($value, $iv)
{
$value = $this->addPadding(serialize($value));
return mcrypt_encrypt($this->cipher, $this->key, $value, $this->mode, $iv);
}
public function decrypt($payload)
{
$payload = $this->getJsonPayload($payload);
$value = base64_decode($payload['value']);
$iv = base64_decode($payload['iv']);
return unserialize($this->stripPadding($this->mcryptDecrypt($value, $iv)));
}
protected function mcryptDecrypt($value, $iv)
{
return mcrypt_decrypt($this->cipher, $this->key, $value, $this->mode, $iv);
}
?>
For documentation and comments, see Laravel source codeon GitHub.
有关文档和评论,请参阅GitHub 上的Laravel 源代码。
I hope this helps.
我希望这有帮助。
回答by Maarten Bodewes
The Encrypterclass of Laravel is prone to changes. This is due to some security vulnerabilities that got fixed. So to successfully decrypt you need to do the following things:
EncrypterLaravel的类很容易发生变化。这是由于修复了一些安全漏洞。所以要成功解密,你需要做以下几件事:
- Get the right source code, e.g. for 4.2.16;
- Get it to work on your machine. Make sure you run on the same PHP environment (using OpenSSL extensions for the latest versions);
- Instantiate the class in
Encrypterwith the correct key, and possibly set the correct mode and algorithm; - Finally, call
decrypt.
- 获取正确的源代码,例如4.2.16;
- 让它在你的机器上工作。确保您在相同的 PHP 环境中运行(使用最新版本的 OpenSSL 扩展);
Encrypter使用正确的密钥实例化类,并可能设置正确的模式和算法;- 最后,调用
decrypt。
All other required parameters for decryption (IV and MAC value) should be contained within the ciphertext.
解密所需的所有其他参数(IV 和 MAC 值)应包含在密文中。
