我接管的数据库中的许多数据都包含加密字段。用于加密数据的方法是以下PHP代码:<?php
$text = "test 1234\ntest 2345\ntest 3456\ntest 4567";
$key = "0123456789abcdefghijklmnopqrstuv";
$enc = openssl_encrypt($text, "AES-256-CBC", $key);
echo "Raw: " . $text . "\n";
echo "Key: " . $key . "\n";
echo "Key (Hex) " . bin2hex($key) . "\n";
echo $enc;
echo "\n";
?>
当我运行代码时,我得到了以下输出,其中包括一个关于空初始化向量(iv)的警告,我不得不忽略它,因为整个DB数据都是这样加密的(我完全知道不应该这样做)。在
^{pr2}$
使用php解密openssl_decrypt($encrypted, "AES-256-CBC", $key)可以得到完整的输出。Php手册并没有提供很多关于填充和iv加密的细节,当这些值为空时。在
接下来,我尝试使用openssl命令在命令行上解密:echo "uPNXdo2K0Gvy/+MW0YFR7utFsrNDAp8yYaDxT352W3lPKNOkNMg+l3eFKEi0zeze" | openssl aes-256-cbc -d -a -K 303132333435363738396162636465666768696a6b6c6d6e6f70717273747576 -iv 0
它可以正常工作并返回初始输入:test 1234
test 2345
test 3456
test 4567
尝试使用以下代码在Python中解密会导致错误的解密:import base64
from Crypto.Cipher import AES
PAD = u'\0000'
def decrypt(enc, key):
decobj = AES.new(key, AES.MODE_ECB)
data = decobj.decrypt(base64.b64decode(enc))
data = data.rstrip(PAD.encode())
print(str(data))
key = "0123456789abcdefghijklmnopqrstuv"
decrypt("uPNXdo2K0Gvy/+MW0YFR7utFsrNDAp8yYaDxT352W3lPKNOkNMg+l3eFKEi0zeze", key)
结果,前16个字节可读,但其余字节不可读:b'test 1234\ntest 2\x8b\xc7b|\xf9\xef\xa3\x1f\xd2\xcc\xd7#\xe7\x8b%\x8b\x981\x92\x87v4\xa8;h\xa9\xf8Fw\x7fRp'
修改输入以包含更多数据也将使用openssl命令中断解密:Raw: [system] test:1234
[system] test:2345
[database] test:3456
[unknown] test:4567
Key: 0123456789abcdefghijklmnopqrstuv
Key (Hex) 303132333435363738396162636465666768696a6b6c6d6e6f70717273747576
9KWsGGLa1/g3f36kUJJ/oHNiEnIDorZULwR8pXZHwJhul2XsdZLwLN8jMptP9fcWgY42oTq7RTm+/8CKPiGFPWrY/3neLvf8UNedsVuKRlc=
Openssl命令行:echo "9KWsGGLa1/g3f36kUJJ/oHNiEnIDorZULwR8pXZHwJhul2XsdZLwLN8jMptP9fcWgY42oTq7RTm+/8CKPiGFPWrY/3neLvf8UNedsVuKRlc=" | openssl aes-256-cbc -d -a -K 303132333435363738396162636465666768696a6b6c6d6e6f70717273747576 -iv 0
bad decrypt
15143:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64/src/crypto/evp/evp_enc.c:323:
使用上面的Python代码同样可以得到前16个字节的可读性,但其他字节不可读:b'[system] test:12\xc7\x91\xa6C\x11\xa3\xa4\x8cR\x12#\x84$\xf7\x0c\xd4IP!F6\xa8\xed0Np\x1d\xc7\x174\xa5\xc5N\xe3\x00\x9f\x01\xa8\xc3\x18\xea\x158\xc0:\x9b\x9cx\xee\xf9X\xfc\x1a\xcf J\xca\xc5\xf4\xbf\x08\x16\x8f
同样,如果使用php openssl_decrypt有效:<?php
$text = "9KWsGGLa1/g3f36kUJJ/oHNiEnIDorZULwR8pXZHwJhul2XsdZLwLN8jMptP9fcWgY42oTq7RTm+/8CKPiGFPWrY/3neLvf8UNedsVuKRlc=";
$key = "0123456789abcdefghijklmnopqrstuv";
$dec = openssl_decrypt($text, "AES-256-CBC", $key);
echo $dec;
echo "\n";
?>
[system] test:1234
[system] test:2345
[database] test:3456
[unknown] test:4567
有人知道php如何加密数据,我想这是一个填充问题,但不确定,我愿意在这个主题上提供任何帮助。在