douxie5176 2019-01-11 07:18
浏览 41
已采纳

如何捕获sodium_crypto_box的异常

I am trying to see if the message gets corrupted in the middle I should be able to get an error but all I am seeing is a white page.

<?php 
$keypair = hex2bin('66b70b4e93416f8a7a82a40a856fe9884fd7a6e5018837c5421f507307026b40b2c8fbaf820ee38198af1dcf23143ec7ae21da1c785f58d1053940b9f317180e');
$encrypted_text = hex2bin('de261df126463f57b6c38bf42b69252b2f9382267b51e137e20e27ace37c5853279b00c95536cc9a44945146376c5d94355ae0bab5c1eb0ceb9669002ee5dd13e7aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa');
$decrypted_text = sodium_crypto_box_seal_open($encrypted_text, $keypair);
echo $decrypted_text;
?>

As you can see there are aaaaaaaaaaaaaa in the end in $encrypted_text I should get an error but there is no error.

  • 写回答

2条回答 默认 最新

  • dr5648 2019-01-13 20:12
    关注

    sodium_crypto_box_seal_open() returns FALSE if the message cannot be decrypted.

    You should compare its output against FALSE, not check if it is empty, as it is perfectly fine to encrypt an empty message. Empty messages are authenticated and will be rejected if the key is not correct.

    Also, if secrets are involved, you should use sodium_bin2hex() and sodium_hex2bin(), that are designed to avoid side channels

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥100 连续两帧图像高速减法
  • ¥15 组策略中的计算机配置策略无法下发
  • ¥15 如何绘制动力学系统的相图
  • ¥15 对接wps接口实现获取元数据
  • ¥20 给自己本科IT专业毕业的妹m找个实习工作
  • ¥15 用友U8:向一个无法连接的网络尝试了一个套接字操作,如何解决?
  • ¥30 我的代码按理说完成了模型的搭建、训练、验证测试等工作(标签-网络|关键词-变化检测)
  • ¥50 mac mini外接显示器 画质字体模糊
  • ¥15 TLS1.2协议通信解密
  • ¥40 图书信息管理系统程序编写