douzhang1926 2019-01-14 06:49
浏览 459
已采纳

在PHP中加密文本并在Python中解密

I am using following code snippet to encrypt a text in PHP7:

$plaintext = "message to be encrypted";
$cipher = "aes-256-cbc";
$ivlen = openssl_cipher_iv_length($cipher);
$iv = "0123456789012345";
$key = "akshayakshayaksh";
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv);
print $ciphertext;

Output: cUXDhOEGz19QEo9XDvMzXkGFmg/YQUnXEqKVpfYtUGo=

Now, when I try to decrypt this in Python3 it gives error:

from Crypto.Cipher import AES
obj2 = AES.new('akshayakshayaksh', AES.MODE_CBC, '0123456789012345')
ciphertext = "cUXDhOEGz19QEo9XDvMzXkGFmg/YQUnXEqKVpfYtUGo="
obj2.decrypt(ciphertext)

Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/anaconda3/lib/python3.6/site-packages/Crypto/Cipher/blockalgo.py", line 295, in decrypt return self._cipher.decrypt(ciphertext) ValueError: Input strings must be a multiple of 16 in length

I get that AES is a block cipher algorithm. However, how should I fix my PHP code so that it generates "padded" cipher, any clues?

  • 写回答

1条回答 默认 最新

  • dsa456369 2019-01-14 09:51
    关注

    The main issue here is that you're using different key-size. PHP's openssl_encrypt determines the key size from the encryption algorithm string ("aes-256-cbc" in this case) so it expects a 256 bit key. If the key is shorter it is padded with zero bytes, so the actual key used by openssl_encrypt is: 

    "akshayakshayaksh\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"

    Pycryptodome determines the key size from the actual size of the key, so your Python code uses AES-128-CBC. Also, as mentioned in the coments by kelalaka, the ciphertext is base64 encoded (openssl_encrypt base64-encodes the ciphertext by default - we can get raw bytes if we use OPENSSL_RAW_DATA in $options). Pycryptodome doesn't decode the ciphertext, so we must use b64decode(). 

    key = b'akshayakshayaksh\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0'
obj2 = AES.new(key, AES.MODE_CBC, b'0123456789012345')
ciphertext = b"cUXDhOEGz19QEo9XDvMzXkGFmg/YQUnXEqKVpfYtUGo="
print(obj2.decrypt(b64decode(ciphertext)))
#b'message to be encrypted\t\t\t\t\t\t\t\t\t'

    The extra \t characters at the end is the padding - CBC requires padding. Pycryptodome doesn't remove padding automatically but it provides padding functions in Crypto.Util.Padding. 

    from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
from base64 import b64decode

key = b'akshayakshayaksh\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0'
obj2 = AES.new(key, AES.MODE_CBC, b'0123456789012345')
ciphertext = b"cUXDhOEGz19QEo9XDvMzXkGFmg/YQUnXEqKVpfYtUGo="
plaintext = obj2.decrypt(b64decode(ciphertext))
plaintext = unpad(plaintext, AES.block_size)

    Although PHP's openssl accepts arbitrary sized keys, it's best to use key size specified in the algorithm string, to prevent confusion at the very least. Also the key bytes should be as random as possible.

    As noted by Maarten Bodewes in the comments this key uses a limited range of bytes and so it's very weak. Furthermore it is created by repeating a word and that makes it vulnerable to dictionary attacks (which are much faster than bruteforce attacks).

    In PHP we can get cryptographically secure random bytes with random_bytes(), 

    $key = random_bytes(32);

    and in Python with os.urandom()

    key = os.urandom(32)

    (You can use the same functions to create the IV; you shouldn't use a static IV, the IV must be unpredictable)

    You could also derive a key from your password with a KDF. In this case it is important to use a random salt and a high enough number of iterations. PHP provies a PBKDF2 algorithm with the hash_pbkdf2 function, and Python with hashlib.pbkdf2_hmac.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 oracle集群安装出bug
  • ¥15 关于#python#的问题:自动化测试
  • ¥20 问题请教!vue项目关于Nginx配置nonce安全策略的问题
  • ¥15 教务系统账号被盗号如何追溯设备
  • ¥20 delta降尺度方法,未来数据怎么降尺度
  • ¥15 c# 使用NPOI快速将datatable数据导入excel中指定sheet,要求快速高效
  • ¥15 再不同版本的系统上,TCP传输速度不一致
  • ¥15 高德地图点聚合中Marker的位置无法实时更新
  • ¥15 DIFY API Endpoint 问题。
  • ¥20 sub地址DHCP问题