duanchuonong5370 2015-09-22 19:31
浏览 64
已采纳

PHP中的ASCII密钥编码

I am new to PHP and my first assignment. The secretword is encrypted using c# (TripleDES /

CBC). On comparison, I found that the IV, and the secretword bytes do match, but not the key.

This is the c# code that works fine...

   string epws = secretWord;
   byte[] rawdata = Convert.FromBase64CharArray(char[] aArr);
   mCryptoService = new TripleDESCryptoServiceProvider();

   string key = ASCIIEncoding.ASCII.GetString(rawdata);
   key = key.Substring(0, 24); 
   mCryptoService.Key = ASCIIEncoding.ASCII.GetBytes(key);

   byte[] ivB = new byte[8];
   Buffer.BlockCopy(rawdata, 31, ivB, 0, 8);
   mCryptoService.IV = ivB;

   byte[] epwb = Convert.FromBase64String(epws);
   ICryptoTransform cryptoTransform = mCryptoService.CreateDecryptor();
   MemoryStream ms = new MemoryStream(epwb, 0, epwb.Length);
   CryptoStream cs = new CryptoStream(ms, cryptoTransform, CryptoStreamMode.Read);
   StreamReader sr = new StreamReader(cs);
   return sr.ReadToEnd();

This is the PHP code that I need help...

<?php

 // dkey is the rawdata passed in as string from database

 $byteArray = unpack('C*', $dkey);
 $mkey = implode(array_map('chr', $byteArray));
 $mkey = base64_decode($mkey);

 $iv = substr($mkey, 31, 8);
 $mkey = substr($mkey, 0, 24);

 // the encrypted secretword passed in as string from database
 $epws = base64_decode($epws);

 $ok= trim(mcrypt_decrypt(MCRYPT_3DES, $mkey, $epws, MCRYPT_MODE_CBC, $iv));

?>

These are the keys that are different. IF I substitute the c# key in php, it works fine.

From c#
key = (35, 63, 63,43, 63,49,20, 63, 63,97,21,24, 63,97, 63, 63,125,98,125,15,62,108,55,70)

From php            
key = (35,229,239,43,244,49,20,141,144,97,21,24,200,97,196,216,125,98,125,15,62,108,55,70)
           ^   ^      ^         ^   ^            ^      ^   ^

Don't know what else to do.

  • 写回答

1条回答 默认 最新

  • douzhuan4406 2015-09-23 00:02
    关注

    A key consists of bytes, not characters. If you need a key displayed as string - usually you don't - then you should encode it to hexadecimals. If you want to use it later on, you can decode the hexadecimals to a byte array again.

    ASCII only has values from 0 to 127, of which the bottom 32 characters as well as the value 127 isn't printable. So your C# code is in that sense worse than your PHP code, and it needs the biggest change.


    Currently the C# code is simply replacing bytes outside the ASCII range (0-127) with question marks (3F hex, or 63 in decimals - check the print out of the key). You can simply replace each value of 128 or higher with the value 63.

    Obviously that means that your key loses entropy, on average it will only be half as strong (true in your example, with 8 bytes replaced). If you are unlucky then all bytes are converted into question marks (about once in 65536) or anything in between, leaving you extremely vulnerable to attack.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 Yolov5训练报错
  • ¥15 Unity发布gzip压缩的webgl之后让浏览器可以正常显示画面
  • ¥15 有没有人知道这种提示怎么关?现在不做ts项目了不知道咋关了,求解,现在我以前的js项目都是这种提示了
  • ¥15 为什么mysql做了碎片化处理data_free还是很高
  • ¥15 single positional indexer is out-of-bounds
  • ¥15 LSTM 模型数据量需要多少?
  • ¥15 mysql数据抓包开发报表
  • ¥15 linux系统下安装office打不开
  • ¥20 rsync脚本分发错误,文件不齐全
  • ¥15 labview顺序结构与时间延时