加密不适用于> 5.6.0

I've created my own encryption class, using mcrypt_encrypt is working fine but mcrypt_decrypt is not working as expected. So here's the following code

error_reporting(1);
ini_set('display_errors', 1);

class Encryption {

    private $key = "myKeyIs";
    protected $iv_size;
    protected $iv;

    public function __construct(){
        $this->iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
        $this->iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    }

    public function encryptData($input) {
        $input = $input;
        $output = $this->encrypt($input);
        return $output;
    }

    public function decryptData($input) {
        $input = base64_decode($input);
        $output = $this->decrypt($input);
        return $output;
    }

    public function decrypt($string) {
        $string = base64_decode($string);
        # retrieves the IV, iv_size should be created using mcrypt_get_iv_size()
        $iv_dec = substr($string, 0, $this->iv_size);

        # retrieves the cipher text (everything except the $iv_size in the front)
        $string = substr($string, $this->iv_size);

        # may remove 00h valued characters from end of plain text
        $output = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key,
                                        $string, MCRYPT_MODE_CBC, $iv_dec);
        return $output;
    }

    public function encrypt($string) {

        $output = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->key,
                                 $string, MCRYPT_MODE_CBC, $this->iv);

        # prepend the IV for it to be available for decryption
        $output = $this->iv . $output;

        # encode the resulting cipher text so it can be represented by a string
        $output = base64_encode($output);

        return $output;
    }

}

$test = new Encryption();
$encrypted  = $test->encryptData("Vicky");
echo $encrypted."
";
echo $test->decryptData($encrypted);

Output

hCaIoMokbIjLlnFnlrS3Iw==
�M����+�=�l�

Now the questions are

  1. Why its not decrypting as expected?
  2. Why its not outputting any text above PHP versions 5.6.0. You can check over here for the version output.
doupijin0397
doupijin0397 问题是你使用了error_reporting(1),它没有做你预期的事情。它将禁用几乎所有错误。您正在寻找error_reporting(E_ALL)。有了这个,您应该看到一个警告,解释调用失败的原因(错误的密钥大小)。
4 年多之前 回复

1个回答

I've identified some bugs and its working well in PHP versions above 5.3.29

<?php

error_reporting(E_ALL);
ini_set('display_errors', 1);

class Encryption {

    private $key;
    protected $iv_size;
    protected $iv;

    public function __construct() {
        # --- ENCRYPTION ---
        # the key should be random binary, use scrypt, bcrypt or PBKDF2 to
        # convert a string into a key
        # key is specified using hexadecimal
        $this->key = pack("H*", "myKeyIsGreaterth2nanndbestofall04nkdsdffsd546754sdfvsdg6efflsdfs");
        # create a random IV to use with CBC encoding
        $this->iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
        $this->iv = mcrypt_create_iv($this->iv_size, MCRYPT_RAND);
    }

    public function encryptData($input) {
        $output = $this->encrypt($input);
        return $output;
    }

    public function decryptData($input) {
        $input = base64_decode($input);
        $output = $this->decrypt($input);
        return $output;
    }

    protected function decrypt($string) {

        # retrieves the IV, iv_size should be created using mcrypt_get_iv_size()
        $iv_dec = substr($string, 0, $this->iv_size);

        # retrieves the cipher text (everything except the $iv_size in the front)
        $string = substr($string, $this->iv_size);

        # may remove 00h valued characters from end of plain text
        $output = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $string, MCRYPT_MODE_CBC, $iv_dec);

        return $output;
    }

    protected function encrypt($string) {
        # creates a cipher text compatible with AES (Rijndael block size = 128)
        # to keep the text confidential 
        # only suitable for encoded input that never ends with value 00h
        # (because of default zero padding)
        $output = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->key, $string, MCRYPT_MODE_CBC, $this->iv);

        # prepend the IV for it to be available for decryption
        $output = $this->iv . $output;

        # encode the resulting cipher text so it can be represented by a string
        $output = base64_encode($output);

        # === WARNING ===
        # Resulting cipher text has no integrity or authenticity added
        # and is not protected against padding oracle attacks.

        return $output;
    }

}

$test = new Encryption();
$encrypted = $test->encryptData("Vicky");
echo "This is encrypted text of a string Vicky  $encrypted 
";
echo "This is decrypted text ".$test->decryptData($encrypted);

Update that I've done are as

  1. error_reporting(E_ALL); instead of error_reporting(1);
  2. Used pack function for key // If you don't want to use pack you can simply use key Size of 16, 24 or 32
  3. Update mcrypt_create_iv($iv_size, into mcrypt_create_iv($this->iv_size,
  4. Removed extra base64_decode($string); from decrypt function

So its now ready to use just update your own key

Demo

douzuita7325
douzuita7325 感谢它的作品就像一个魅力。
4 年多之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问