問(wèn)題描述
我正在嘗試使用 128 位 AES 加密 (ECB) 加密/解密字符串.我想知道的是如何向它添加/刪除 PKCS7 填充.Mcrypt 擴(kuò)展似乎可以處理加密/解密,但必須手動(dòng)添加/刪除填充.
I'm trying to encrypt/decrypt a string using 128 bit AES encryption (ECB). What I want to know is how I can add/remove the PKCS7 padding to it. It seems that the Mcrypt extension can take care of the encryption/decryption, but the padding has to be added/removed manually.
有什么想法嗎?
推薦答案
讓我們看看.PKCS #7 在 RFC 5652(加密消息語(yǔ)法)中有描述.
Let's see. PKCS #7 is described in RFC 5652 (Cryptographic Message Syntax).
填充方案本身在 6.3 部分中給出.內(nèi)容加密過(guò)程.它本質(zhì)上是說(shuō):根據(jù)需要追加足夠多的字節(jié)來(lái)填充給定的塊大小(但至少是一個(gè)),并且每個(gè)字節(jié)都應(yīng)該將填充長(zhǎng)度作為值.
The padding scheme itself is given in section 6.3. Content-encryption Process. It essentially says: append that many bytes as needed to fill the given block size (but at least one), and each of them should have the padding length as value.
因此,查看最后一個(gè)解密的字節(jié),我們知道要?jiǎng)冸x多少字節(jié).(也可以檢查它們是否都具有相同的值.)
Thus, looking at the last decrypted byte we know how many bytes to strip off. (One could also check that they all have the same value.)
我現(xiàn)在可以為您提供一對(duì) PHP 函數(shù)來(lái)執(zhí)行此操作,但是我的 PHP 有點(diǎn)生疏.所以要么自己做(然后隨意編輯我的答案以添加它),要么查看 用戶(hù)貢獻(xiàn)的注釋到 mcrypt 文檔 - 其中相當(dāng)一部分是關(guān)于填充并提供 PKCS #7 填充的實(shí)現(xiàn).
I could now give you a pair of PHP functions to do this, but my PHP is a bit rusty. So either do this yourself (then feel free to edit my answer to add it in), or have a look at the user-contributed notes to the mcrypt documentation - quite some of them are about padding and provide an implementation of PKCS #7 padding.
那么,讓我們看看第一條注釋 詳細(xì)說(shuō)明:
So, let's look on the first note there in detail:
<?php
function encrypt($str, $key)
{
$block = mcrypt_get_block_size('des', 'ecb');
這將獲得所用算法的塊大小.在你的情況下,你會(huì)使用 aes 或 rijndael_128 而不是 des,我想(我沒(méi)有測(cè)試它).(相反,您可以在此處簡(jiǎn)單地將 16 用于 AES,而不是調(diào)用該函數(shù).)
This gets the block size of the used algorithm. In your case, you would use aes or rijndael_128 instead of des, I suppose (I didn't test it). (Instead, you could simply take 16 here for AES, instead of invoking the function.)
$pad = $block - (strlen($str) % $block);
這會(huì)計(jì)算填充大小.strlen($str) 是數(shù)據(jù)的長(zhǎng)度(以字節(jié)為單位),% $block 給出余數(shù)模 $block,即最后一個(gè)塊中的數(shù)據(jù)字節(jié)數(shù).$block - ... 因此給出填充最后一個(gè)塊所需的字節(jié)數(shù)(現(xiàn)在是 1 和 $block 之間的數(shù)字,包括在內(nèi)).
This calculates the padding size. strlen($str) is the length of your data (in bytes), % $block gives the remainder modulo $block, i.e. the number of data bytes in the last block. $block - ... thus gives the number of bytes needed to fill this last block (this is now a number between 1 and $block, inclusive).
$str .= str_repeat(chr($pad), $pad);
str_repeat 產(chǎn)生由相同字符串的重復(fù)組成的字符串,這里是給定的 字符的重復(fù)by $pad, $pad 次,即長(zhǎng)度為$pad的字符串,填充$pad.$str .= ... 將此填充字符串附加到原始數(shù)據(jù)中.
str_repeat produces a string consisting of a repetition of the same string, here a repetition of the character given by $pad, $pad times, i.e. a string of length $pad, filled with $pad.
$str .= ... appends this padding string to the original data.
return mcrypt_encrypt(MCRYPT_DES, $key, $str, MCRYPT_MODE_ECB);
這是加密本身.使用 MCRYPT_RIJNDAEL_128 而不是 MCRYPT_DES.
Here is the encryption itself. Use MCRYPT_RIJNDAEL_128 instead of MCRYPT_DES.
}
現(xiàn)在另一個(gè)方向:
function decrypt($str, $key)
{
$str = mcrypt_decrypt(MCRYPT_DES, $key, $str, MCRYPT_MODE_ECB);
解密.(你當(dāng)然會(huì)改變算法,如上所述).$str 現(xiàn)在是解密后的字符串,包括填充.
The decryption. (You would of course change the algorithm, as above). $str is now the decrypted string, including the padding.
$block = mcrypt_get_block_size('des', 'ecb');
這又是塊大小.(見(jiàn)上文.)
This is again the block size. (See above.)
$pad = ord($str[($len = strlen($str)) - 1]);
這看起來(lái)有點(diǎn)奇怪.最好分多個(gè)步驟編寫(xiě):
This looks a bit strange. Better write it in multiple steps:
$len = strlen($str);
$pad = ord($str[$len-1]);
$len 現(xiàn)在是填充字符串的長(zhǎng)度,$str[$len - 1] 是這個(gè)字符串的最后一個(gè)字符.ord 將其轉(zhuǎn)換為數(shù)字.因此,$pad 是我們之前用作填充填充值的數(shù)字,這就是填充長(zhǎng)度.
$len is now the length of the padded string, and $str[$len - 1] is the last character of this string. ord converts this to a number. Thus $pad is the number which we previously used as the fill value for the padding, and this is the padding length.
return substr($str, 0, strlen($str) - $pad);
所以現(xiàn)在我們從字符串中截取最后一個(gè) $pad 字節(jié).(代替 strlen($str) 我們也可以在這里寫(xiě) $len: substr($str, 0, $len - $pad).).
So now we cut off the last $pad bytes from the string. (Instead of strlen($str) we could also write $len here: substr($str, 0, $len - $pad).).
}
?>
注意,除了使用 substr($str, $len - $pad),還可以寫(xiě)成 substr($str, -$pad),作為PHP 中的 substr 函數(shù)對(duì)負(fù)操作數(shù)/參數(shù)進(jìn)行了特殊處理,從字符串的末尾開(kāi)始計(jì)數(shù).(我不知道這比先獲取長(zhǎng)度然后手動(dòng)計(jì)算索引效率更高還是更低.)
Note that instead of using substr($str, $len - $pad), one can also write substr($str, -$pad), as the substr function in PHP has a special-handling for negative operands/arguments, to count from the end of the string. (I don't know if this is more or less efficient than getting the length first and and calculating the index manually.)
如前所述并在 rossum 的評(píng)論中指出,而不是像這里所做的那樣簡(jiǎn)單地去除填充,您應(yīng)該檢查它是否正確 - 即查看 substr($str, $len - $pad),并檢查其所有字節(jié)是否都是 chr($pad).這是對(duì)損壞的輕微檢查(盡管如果您使用鏈接模式而不是 ECB,這種檢查會(huì)更有效,并且不能替代真正的 MAC).
As said before and noted in the comment by rossum, instead of simply stripping off the padding like done here, you should check that it is correct - i.e. look at substr($str, $len - $pad), and check that all its bytes are chr($pad). This serves as a slight check against corruption (although this check is more effective if you use a chaining mode instead of ECB, and is not a replacement for a real MAC).
(而且,告訴您的客戶(hù)他們應(yīng)該考慮更改為比 ECB 更安全的模式.)
(And still, tell your client they should think about changing to a more secure mode than ECB.)
這篇關(guān)于如何從 AES 加密字符串中添加/刪除 PKCS7 填充?的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!