所以我不需要评论3DES不安全和ECB不好等等,我们知道,这就是为什么我们试图解密,以有一个更好的加密算法。
我在下面提供了使用mcrypt进行加密的代码,以及我们试图使用的1行代码(openssl)对其进行解密。它总是返回false,我们想知道为什么。
我开始怀疑问题是mcrypt库使用了8字节的IV,而openssl说它必须是0字节。
如果您能找到使用openssl解密这些值的方法,我们将不胜感激。
提前谢谢。
代码如下:
$sEncryptionKey = 'aaaabbbbccccddddeeeeffff';
$sDataToEncrypt = 'Foo bar';
echo "Data to be Encrypted: $sDataToEncrypt\n";
$rMcrypt = mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_ECB, '');
$iIvSize = mcrypt_enc_get_iv_size($rMcrypt); //This gives 8 bytes
$sInitializationVector = mcrypt_create_iv($iIvSize, MCRYPT_RAND);
$iKeySize = mcrypt_enc_get_key_size($rMcrypt);
if ($iKeySize != strlen($sEncryptionKey)) {
throw new Exception ('Invalid key length: '.$iKeySize);
}
mcrypt_generic_init($rMcrypt, $sEncryptionKey, $sInitializationVector);
$sEncryptedString = base64_encode(mcrypt_generic($rMcrypt, $sDataToEncrypt));
echo "Data Encrypted: $sEncryptedString\n";
$sDecryptedString = trim(mdecrypt_generic($rMcrypt, base64_decode($sEncryptedString)));
echo "Data Decrypted: $sDecryptedString\n";
mcrypt_generic_deinit($rMcrypt);
mcrypt_module_close($rMcrypt);
$sDecryptedString2 = openssl_decrypt(base64_decode($sEncryptedString), 'des-ede3', $sEncryptionKey, 0, ''); //this returns false.
echo "Data Decrypted (open SSL): $sDecryptedString2\n";
$sDecryptedString2 = openssl_decrypt(base64_decode($sEncryptedString), 'des-ede3', $sEncryptionKey, 0, $sInitializationVector); //Warning: openssl_decrypt(): IV passed is 8 bytes long which is longer than the 0 expected by selected cipher, truncating
?>
Data to be Encrypted: Foo bar
Data Encrypted: 5Mraf9swmaI=
Data Decrypted: Foo bar
Data Decrypted (open SSL):
Warning: openssl_decrypt(): IV passed is 8 bytes long which is longer than the 0 expected by selected cipher, truncating in /usr/local/www/appcluster01.ezmax.ca/pub/web/test/ian/test.cmd on line 31