dqaq59269 2012-11-22 19:18
浏览 110

在Android上围绕现有PHP系统实施AES加密/解密

I'm expanding an iOS project over to Android. My existing application communicates with a server via PHP using an AES encryption system.

Here are the functions that I am using on the PHP side:

Encrypt

function cryptAESEncrypt($string,$key) {
    $key = md5($key);
    $iv = "1234567890123436"; //IV isn't needed if MCRYPT_MODE is ECB (What we are using)
    $data = $data = base64_encode($string);
    $algorythm = MCRYPT_RIJNDAEL_128;
    $mode = MCRYPT_MODE_ECB;

    $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128,$key,$data,MCRYPT_MODE_ECB,$iv);

    return base64_encode($encrypted);
}

Decrypt

function cryptAESDecrypt($string,$key) {
    $key = md5($key);
    $iv = "1234567890123436"; //IV isn't needed if MCRYPT_MODE is ECB (What we are using)
    $data = base64_decode($string);
    $algorythm = MCRYPT_RIJNDAEL_128;
    $mode = MCRYPT_MODE_ECB;

    $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128,$key,$data,MCRYPT_MODE_ECB,$iv);

    return base64_decode($decrypted);
}

The general flow of the process is:

  • md5 hash the $key (brings it down to 16 characters regardless)
  • Base64 Encode the $string
  • Encrypt the Base64'ed using 128Bit AES/RIJNDAEL in ECB mode (no IV)
  • Base64 the encrypted data and returns it as a string.

The decryption works the same but in reverse.

Now I'm just playing with samples but don't seem to be having much luck. I've encrypted the string "test" in PHP using that function ("test" was the key too - MD5'ed to 098f6bcd4621d373cade4e832627b4f6) and I am given the output of "ijzLe/2WgbaP+n3YScQSgQ==".

Now what I tried in Java didn't work as I get an incorrect key length error but I had more luck with a previous snippet earlier. Here's what I had anyway:

String key = "test";
String in = "ijzLe/2WgbaP+n3YScQSgQ==";

SecretKeySpec skeySpec = new SecretKeySpec(md5(key).getBytes(), "AES");

Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
cipher.init(Cipher.DECRYPT_MODE, skeySpec);

byte[] encryptedByteArray = Base64.decode(in.getBytes(),0);
byte[] decryptedByteArray = cipher.doFinal(encryptedByteArray);
String decryptedData = new String(Base64.decode(decryptedByteArray, 0));

Log.v("NOTE","Data: "+decryptedData);

As I said though, that doesn't work. Now my question is, is there anybody that can help me make my Java code work with the supplied PHP code as I can't change that (had other code working using different PHP snippets).

  • 写回答

1条回答 默认 最新

  • duanchanguo7603 2012-11-23 09:22
    关注

    Thanks to Duncan in the comments I found out the issue was with my MD5 hash function..

    Found a working version for reference:

    public String md5(String s) {
    if (s != null)
    {
        try { // Create MD5 Hash
            MessageDigest digest = java.security.MessageDigest .getInstance("MD5");
            digest.update(s.getBytes());
            byte messageDigest[] = digest.digest();

            // Create Hex String
            StringBuffer hexString = new StringBuffer();
            for (int i = 0; i < messageDigest.length; i++) {
                String h = Integer.toHexString(0xFF & messageDigest[i]);
                while (h.length() < 2)
                    h = "0" + h;
                hexString.append(h);
            }
            return hexString.toString();

        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        return "";
    }
    return "";
}
    评论

报告相同问题?

悬赏问题

  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图