問題描述
我正在嘗試使用 128 位 AES 加密 (ECB) 加密/解密字符串.我想知道的是如何向它添加/刪除 PKCS7 填充.Mcrypt 擴展似乎可以處理加密/解密,但必須手動添加/刪除填充.
I'm trying to encrypt/decrypt a string using 128 bit AES encryption (ECB). What I want to know is how I can add/remove the PKCS7 padding to it. It seems that the Mcrypt extension can take care of the encryption/decryption, but the padding has to be added/removed manually.
有什么想法嗎?
推薦答案
讓我們看看.PKCS #7 在 RFC 5652(加密消息語法)中有描述.
Let's see. PKCS #7 is described in RFC 5652 (Cryptographic Message Syntax).
填充方案本身在 6.3 部分中給出.內容加密過程.它本質上是說:根據需要追加足夠多的字節來填充給定的塊大小(但至少是一個),并且每個字節都應該將填充長度作為值.
The padding scheme itself is given in section 6.3. Content-encryption Process. It essentially says: append that many bytes as needed to fill the given block size (but at least one), and each of them should have the padding length as value.
因此,查看最后一個解密的字節,我們知道要剝離多少字節.(也可以檢查它們是否都具有相同的值.)
Thus, looking at the last decrypted byte we know how many bytes to strip off. (One could also check that they all have the same value.)
我現在可以為您提供一對 PHP 函數來執行此操作,但是我的 PHP 有點生疏.所以要么自己做(然后隨意編輯我的答案以添加它),要么查看 用戶貢獻的注釋到 mcrypt 文檔 - 其中相當一部分是關于填充并提供 PKCS #7 填充的實現.
I could now give you a pair of PHP functions to do this, but my PHP is a bit rusty. So either do this yourself (then feel free to edit my answer to add it in), or have a look at the user-contributed notes to the mcrypt documentation - quite some of them are about padding and provide an implementation of PKCS #7 padding.
那么,讓我們看看第一條注釋 詳細說明:
So, let's look on the first note there in detail:
<?php
function encrypt($str, $key)
{
$block = mcrypt_get_block_size('des', 'ecb');
這將獲得所用算法的塊大小.在你的情況下,你會使用 aes 或 rijndael_128 而不是 des,我想(我沒有測試它).(相反,您可以在此處簡單地將 16 用于 AES,而不是調用該函數.)
This gets the block size of the used algorithm. In your case, you would use aes or rijndael_128 instead of des, I suppose (I didn't test it). (Instead, you could simply take 16 here for AES, instead of invoking the function.)
$pad = $block - (strlen($str) % $block);
這會計算填充大小.strlen($str) 是數據的長度(以字節為單位),% $block 給出余數模 $block,即最后一個塊中的數據字節數.$block - ... 因此給出填充最后一個塊所需的字節數(現在是 1 和 $block 之間的數字,包括在內).
This calculates the padding size. strlen($str) is the length of your data (in bytes), % $block gives the remainder modulo $block, i.e. the number of data bytes in the last block. $block - ... thus gives the number of bytes needed to fill this last block (this is now a number between 1 and $block, inclusive).
$str .= str_repeat(chr($pad), $pad);
str_repeat 產生由相同字符串的重復組成的字符串,這里是給定的 字符的重復by $pad, $pad 次,即長度為$pad的字符串,填充$pad.$str .= ... 將此填充字符串附加到原始數據中.
str_repeat produces a string consisting of a repetition of the same string, here a repetition of the character given by $pad, $pad times, i.e. a string of length $pad, filled with $pad.
$str .= ... appends this padding string to the original data.
return mcrypt_encrypt(MCRYPT_DES, $key, $str, MCRYPT_MODE_ECB);
這是加密本身.使用 MCRYPT_RIJNDAEL_128 而不是 MCRYPT_DES.
Here is the encryption itself. Use MCRYPT_RIJNDAEL_128 instead of MCRYPT_DES.
}
現在另一個方向:
function decrypt($str, $key)
{
$str = mcrypt_decrypt(MCRYPT_DES, $key, $str, MCRYPT_MODE_ECB);
解密.(你當然會改變算法,如上所述).$str 現在是解密后的字符串,包括填充.
The decryption. (You would of course change the algorithm, as above). $str is now the decrypted string, including the padding.
$block = mcrypt_get_block_size('des', 'ecb');
這又是塊大小.(見上文.)
This is again the block size. (See above.)
$pad = ord($str[($len = strlen($str)) - 1]);
這看起來有點奇怪.最好分多個步驟編寫:
This looks a bit strange. Better write it in multiple steps:
$len = strlen($str);
$pad = ord($str[$len-1]);
$len 現在是填充字符串的長度,$str[$len - 1] 是這個字符串的最后一個字符.ord 將其轉換為數字.因此,$pad 是我們之前用作填充填充值的數字,這就是填充長度.
$len is now the length of the padded string, and $str[$len - 1] is the last character of this string. ord converts this to a number. Thus $pad is the number which we previously used as the fill value for the padding, and this is the padding length.
return substr($str, 0, strlen($str) - $pad);
所以現在我們從字符串中截取最后一個 $pad 字節.(代替 strlen($str) 我們也可以在這里寫 $len: substr($str, 0, $len - $pad).).
So now we cut off the last $pad bytes from the string. (Instead of strlen($str) we could also write $len here: substr($str, 0, $len - $pad).).
}
?>
注意,除了使用 substr($str, $len - $pad),還可以寫成 substr($str, -$pad),作為PHP 中的 substr 函數對負操作數/參數進行了特殊處理,從字符串的末尾開始計數.(我不知道這比先獲取長度然后手動計算索引效率更高還是更低.)
Note that instead of using substr($str, $len - $pad), one can also write substr($str, -$pad), as the substr function in PHP has a special-handling for negative operands/arguments, to count from the end of the string. (I don't know if this is more or less efficient than getting the length first and and calculating the index manually.)
如前所述并在 rossum 的評論中指出,而不是像這里所做的那樣簡單地去除填充,您應該檢查它是否正確 - 即查看 substr($str, $len - $pad),并檢查其所有字節是否都是 chr($pad).這是對損壞的輕微檢查(盡管如果您使用鏈接模式而不是 ECB,這種檢查會更有效,并且不能替代真正的 MAC).
As said before and noted in the comment by rossum, instead of simply stripping off the padding like done here, you should check that it is correct - i.e. look at substr($str, $len - $pad), and check that all its bytes are chr($pad). This serves as a slight check against corruption (although this check is more effective if you use a chaining mode instead of ECB, and is not a replacement for a real MAC).
(而且,告訴您的客戶他們應該考慮更改為比 ECB 更安全的模式.)
(And still, tell your client they should think about changing to a more secure mode than ECB.)
這篇關于如何從 AES 加密字符串中添加/刪除 PKCS7 填充?的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!