2017-03-14 12:56
浏览 56


I have a string encrypted with AES 128 CBC, which I need to decrypt. I have the key which seems to work fine. The problem is with the initialization vector (IV).

The IV is 16 bytes long,


but when I add it to my script, OpenSSL truncates it saying it's 32 long like so:

openssl_decrypt(): IV passed is 32 bytes long which is longer than the 16 expected by selected cipher, truncating

I guess it means it is 32 characters long - but how do I make it understand it's just 16 bytes?

UPDATE: using hex2bin on the IV solved the truncating - but my openssl_decrypt yields nothing. Also did the hex2bin on the key, still no output. Simplified the code to make it easier to find the problem:

$str = "7F53B967F1BF7C9EC26B0C405E453ABD";
$k = "F71D4590A6E6E219EBBE8BFE9D3DC21A";
$intv = "B409678003171307B8B8B8B8B8B8B8B8";
$key = hex2bin($k);
$iv = hex2bin($intv);
$plaintext = openssl_decrypt($str, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);

So, is the hex2bin the wrong way to go? Or is there something wrong in how I use the openssl_decrypt? There are NO errors in the PHP error_log.

Thanks in advance!

图片转代码服务由CSDN问答提供 功能建议

我有一个用AES 128 CBC加密的字符串,我需要解密。 我有一把似乎工作得很好的钥匙。 问题在于初始化向量(IV)。




openssl_decrypt( ):IV传递的是32个字节长,比选定密码所期望的16个长,截断

我想这意味着它长度为32个字符 - 但是怎么做 我让它理解它只有16个字节?

更新:在IV上使用hex2bin解决了截断 - 但我的openssl_decrypt没有产生任何结果。 还在键上做了hex2bin,仍然没有输出。 简化代码以便更容易找到问题:

 $ str =“7F53B967F1BF7C9EC26B0C405E453ABD”; 
 $ k =“F71D4590A6E6E219EBBE8BFE9D3DC21A”; 
  $ intv =“B409678003171307B8B8B8B8B8B8B8B8”; 
 $ key = hex2bin($ k); 
 $ iv = hex2bin($ intv); 
 $ plaintext = openssl_decrypt($ str,'AES-128-CBC',$ key,  OPENSSL_RAW_DATA,$ iv); 
print_r($ plaintext); 

那么,hex2bin是错误的方法吗? 或者我如何使用openssl_decrypt有什么问题? PHP error_log中没有错误。


  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongtang4019 2017-03-14 15:09

    OK this appears to achieve the same results as the web-based service linked by the OP. The key steps are a) in addition to $k and $intv, make sure you also convert the encrypted $str to binary from its hex representation b) supply the extra flag OPENSSL_ZERO_PADDING c) when you echo or var_dump or print_r the output, make sure you do a conversion back to hex so the output is readable

    $encrypted = "7F53B967F1BF7C9EC26B0C405E453ABD";
    $k = "F71D4590A6E6E219EBBE8BFE9D3DC21A";
    $intv = "B409678003171307B8B8B8B8B8B8B8B8";
    $str = hex2bin($encrypted);
    $key = hex2bin($k);
    $iv = hex2bin($intv);
    $decrypted = openssl_decrypt($str, 'AES-128-CBC', $key,  OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
    $str_decrypted = bin2hex($decrypted);


    string(32) "2f2f0c1335000000046d372b27230f15"

    NOTE: I can't be sure that this is in fact the decrypted form of the originally encrypted data. It just matches the web-based service. I'm assuming the value you linked is in fact the correct value. Simply adding the OPENSSL_ZERO_PADDING flag to your original code can get rid of the errors but the output will be different. Maybe try some experimenting.

    点赞 评论

相关推荐 更多相似问题