打开SSL加密PHP

Question

我正在尝试使用openssl_encrypt()函数，但是我的键是用十六进制编码的，函数正在返回一个错误。当使用hex2bin()函数将键转换为二进制时，返回值会被混淆。然后插入到openssl_encrypt()中。我犯了个错误。

define('TEX_ENCRYPTION_KEY', 'hexadecimalkey...');
define('TEX_ENCRYPTION_IV', 'hexadecimalkey...');

$key = hex2bin(TEX_ENCRYPTION_KEY);
$iv = hex2bin(TEX_ENCRYPTION_IV);

$transData = '<Detail>blah blah blah</Detail>';
$alg = 'aes-256-cbc';

$encryptedData = openssl_encrypt(
    $transData,
    $alg,
    $key,
    OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING,$iv
);

这将输出一个错误：

error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:data 
not multiple of block length

知道这是怎么回事吗？

Answer 1

虽然它不在正式文件中，但是对于OPENSSL_ZERO_PADDING选项做什么在评论中有一个很好的解释。默认情况下，OpenSSL会将明文压缩到密码块大小的倍数(在AES-256-CBC的情况下为16字节)。但是，您已经禁用了该机制，OpenSSL希望您确保数据的长度为16的倍数，但事实并非如此，因此您将得到错误消息“数据不是块长度的倍数”。

解决方案:垫上您的数据或删除该选项！

<?php
$transData = '<Detail>blah blah blah</Detail>';
$transData = str_pad(
    $transData,
    strlen($transData) + (16 - (strlen($transData) % 16)),
    chr(0)
);

Answer 2

在与openssl文档跳舞之后，我找到了用openssl (openssl_encrypt和openssl_decrypt函数)替换折旧后的Mcrypt函数并用base64_encode()返回ASCII文本的解决方案：

//Return encrypted string
public function stringEncrypt ($plainText, $cryptKey = '7R7zX2Urc7qvjhkr') {

  $length   = 8;
  $cstrong  = true;
  $cipher   = 'aes-128-cbc';

  if (in_array($cipher, openssl_get_cipher_methods()))
  {
    $ivlen = openssl_cipher_iv_length($cipher);
    $iv = openssl_random_pseudo_bytes($ivlen);
    $ciphertext_raw = openssl_encrypt(
      $plainText, $cipher, $cryptKey, $options=OPENSSL_RAW_DATA, $iv);
    $hmac = hash_hmac('sha256', $ciphertext_raw, $cryptKey, $as_binary=true);
    $encodedText = base64_encode( $iv.$hmac.$ciphertext_raw );
  }

  return $encodedText;
}


//Return decrypted string
public function stringDecrypt ($encodedText, $cryptKey = '7R7zX2Urc7qvjhkr') {

  $c = base64_decode($encodedText);
  $cipher   = 'aes-128-cbc';

  if (in_array($cipher, openssl_get_cipher_methods()))
  {
    $ivlen = openssl_cipher_iv_length($cipher);
    $iv = substr($c, 0, $ivlen);
    $hmac = substr($c, $ivlen, $sha2len=32);
    $ivlenSha2len = $ivlen+$sha2len;
    $ciphertext_raw = substr($c, $ivlen+$sha2len);
    $plainText = openssl_decrypt(
      $ciphertext_raw, $cipher, $cryptKey, $options=OPENSSL_RAW_DATA, $iv);
  }

  return $plainText;
}