dqe9657 2015-11-23 05:07
浏览 61
已采纳

加密不适用于> 5.6.0

I've created my own encryption class, using mcrypt_encrypt is working fine but mcrypt_decrypt is not working as expected. So here's the following code

error_reporting(1);
ini_set('display_errors', 1);

class Encryption {

    private $key = "myKeyIs";
    protected $iv_size;
    protected $iv;

    public function __construct(){
        $this->iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
        $this->iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    }

    public function encryptData($input) {
        $input = $input;
        $output = $this->encrypt($input);
        return $output;
    }

    public function decryptData($input) {
        $input = base64_decode($input);
        $output = $this->decrypt($input);
        return $output;
    }

    public function decrypt($string) {
        $string = base64_decode($string);
        # retrieves the IV, iv_size should be created using mcrypt_get_iv_size()
        $iv_dec = substr($string, 0, $this->iv_size);

        # retrieves the cipher text (everything except the $iv_size in the front)
        $string = substr($string, $this->iv_size);

        # may remove 00h valued characters from end of plain text
        $output = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key,
                                        $string, MCRYPT_MODE_CBC, $iv_dec);
        return $output;
    }

    public function encrypt($string) {

        $output = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->key,
                                 $string, MCRYPT_MODE_CBC, $this->iv);

        # prepend the IV for it to be available for decryption
        $output = $this->iv . $output;

        # encode the resulting cipher text so it can be represented by a string
        $output = base64_encode($output);

        return $output;
    }

}

$test = new Encryption();
$encrypted  = $test->encryptData("Vicky");
echo $encrypted."
";
echo $test->decryptData($encrypted);

Output

hCaIoMokbIjLlnFnlrS3Iw==
�M����+�=�l�

Now the questions are

  1. Why its not decrypting as expected?
  2. Why its not outputting any text above PHP versions 5.6.0. You can check over here for the version output.
  • 写回答

1条回答

  • dongtuoji5396 2015-11-23 06:27
    关注

    I've identified some bugs and its working well in PHP versions above 5.3.29

    <?php
    
    error_reporting(E_ALL);
    ini_set('display_errors', 1);
    
    class Encryption {
    
        private $key;
        protected $iv_size;
        protected $iv;
    
        public function __construct() {
            # --- ENCRYPTION ---
            # the key should be random binary, use scrypt, bcrypt or PBKDF2 to
            # convert a string into a key
            # key is specified using hexadecimal
            $this->key = pack("H*", "myKeyIsGreaterth2nanndbestofall04nkdsdffsd546754sdfvsdg6efflsdfs");
            # create a random IV to use with CBC encoding
            $this->iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
            $this->iv = mcrypt_create_iv($this->iv_size, MCRYPT_RAND);
        }
    
        public function encryptData($input) {
            $output = $this->encrypt($input);
            return $output;
        }
    
        public function decryptData($input) {
            $input = base64_decode($input);
            $output = $this->decrypt($input);
            return $output;
        }
    
        protected function decrypt($string) {
    
            # retrieves the IV, iv_size should be created using mcrypt_get_iv_size()
            $iv_dec = substr($string, 0, $this->iv_size);
    
            # retrieves the cipher text (everything except the $iv_size in the front)
            $string = substr($string, $this->iv_size);
    
            # may remove 00h valued characters from end of plain text
            $output = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $string, MCRYPT_MODE_CBC, $iv_dec);
    
            return $output;
        }
    
        protected function encrypt($string) {
            # creates a cipher text compatible with AES (Rijndael block size = 128)
            # to keep the text confidential 
            # only suitable for encoded input that never ends with value 00h
            # (because of default zero padding)
            $output = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->key, $string, MCRYPT_MODE_CBC, $this->iv);
    
            # prepend the IV for it to be available for decryption
            $output = $this->iv . $output;
    
            # encode the resulting cipher text so it can be represented by a string
            $output = base64_encode($output);
    
            # === WARNING ===
            # Resulting cipher text has no integrity or authenticity added
            # and is not protected against padding oracle attacks.
    
            return $output;
        }
    
    }
    
    $test = new Encryption();
    $encrypted = $test->encryptData("Vicky");
    echo "This is encrypted text of a string Vicky  $encrypted 
    ";
    echo "This is decrypted text ".$test->decryptData($encrypted);
    

    Update that I've done are as

    1. error_reporting(E_ALL); instead of error_reporting(1);
    2. Used pack function for key // If you don't want to use pack you can simply use key Size of 16, 24 or 32
    3. Update mcrypt_create_iv($iv_size, into mcrypt_create_iv($this->iv_size,
    4. Removed extra base64_decode($string); from decrypt function

    So its now ready to use just update your own key

    Demo

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题