douzhang1926 2019-01-14 06:49
浏览 460


I am using following code snippet to encrypt a text in PHP7:

$plaintext = "message to be encrypted";
$cipher = "aes-256-cbc";
$ivlen = openssl_cipher_iv_length($cipher);
$iv = "0123456789012345";
$key = "akshayakshayaksh";
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv);
print $ciphertext;

Output: cUXDhOEGz19QEo9XDvMzXkGFmg/YQUnXEqKVpfYtUGo=

Now, when I try to decrypt this in Python3 it gives error:

from Crypto.Cipher import AES
obj2 ='akshayakshayaksh', AES.MODE_CBC, '0123456789012345')
ciphertext = "cUXDhOEGz19QEo9XDvMzXkGFmg/YQUnXEqKVpfYtUGo="

Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/anaconda3/lib/python3.6/site-packages/Crypto/Cipher/", line 295, in decrypt return self._cipher.decrypt(ciphertext) ValueError: Input strings must be a multiple of 16 in length

I get that AES is a block cipher algorithm. However, how should I fix my PHP code so that it generates "padded" cipher, any clues?

  • 写回答

1条回答 默认 最新

  • dsa456369 2019-01-14 09:51

    The main issue here is that you're using different key-size. PHP's openssl_encrypt determines the key size from the encryption algorithm string ("aes-256-cbc" in this case) so it expects a 256 bit key. If the key is shorter it is padded with zero bytes, so the actual key used by openssl_encrypt is:


    Pycryptodome determines the key size from the actual size of the key, so your Python code uses AES-128-CBC. Also, as mentioned in the coments by kelalaka, the ciphertext is base64 encoded (openssl_encrypt base64-encodes the ciphertext by default - we can get raw bytes if we use OPENSSL_RAW_DATA in $options). Pycryptodome doesn't decode the ciphertext, so we must use b64decode().

    key = b'akshayakshayaksh\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0'
    obj2 =, AES.MODE_CBC, b'0123456789012345')
    ciphertext = b"cUXDhOEGz19QEo9XDvMzXkGFmg/YQUnXEqKVpfYtUGo="
    #b'message to be encrypted\t\t\t\t\t\t\t\t\t'

    The extra \t characters at the end is the padding - CBC requires padding. Pycryptodome doesn't remove padding automatically but it provides padding functions in Crypto.Util.Padding.

    from Crypto.Cipher import AES
    from Crypto.Util.Padding import unpad
    from base64 import b64decode
    key = b'akshayakshayaksh\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0'
    obj2 =, AES.MODE_CBC, b'0123456789012345')
    ciphertext = b"cUXDhOEGz19QEo9XDvMzXkGFmg/YQUnXEqKVpfYtUGo="
    plaintext = obj2.decrypt(b64decode(ciphertext))
    plaintext = unpad(plaintext, AES.block_size)

    Although PHP's openssl accepts arbitrary sized keys, it's best to use key size specified in the algorithm string, to prevent confusion at the very least. Also the key bytes should be as random as possible.

    As noted by Maarten Bodewes in the comments this key uses a limited range of bytes and so it's very weak. Furthermore it is created by repeating a word and that makes it vulnerable to dictionary attacks (which are much faster than bruteforce attacks).

    In PHP we can get cryptographically secure random bytes with random_bytes(),

    $key = random_bytes(32);  

    and in Python with os.urandom()

    key = os.urandom(32)

    (You can use the same functions to create the IV; you shouldn't use a static IV, the IV must be unpredictable)

    You could also derive a key from your password with a KDF. In this case it is important to use a random salt and a high enough number of iterations. PHP provies a PBKDF2 algorithm with the hash_pbkdf2 function, and Python with hashlib.pbkdf2_hmac.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?



  • ¥15 逐月累计,月份不连续,补齐月份
  • ¥15 应用简单的Python代码完成一个学生成绩管理系统
  • ¥15 用matlab求微分方程初值问题
  • ¥15 vscode下编写第三方库opencv与pcl代码时没有代码提示
  • ¥15 能够跑通不报错,如何解决?(标签-matlab)
  • ¥15 MOS在RDS较大,频率高时开关波形异常
  • ¥15 SCENIC分析报错求解答
  • ¥15 ceph初始化mon不成功 下图不报错 这个是什么元
  • ¥15 数学建模数学建模少ai
  • ¥35 这个等效电路图是什么意思?(答疑)(有没有不是chat的,我就是在chat搜不到才来问的,chat还开了VIP)(可以追加酬金)