在 Coldfusion 中加密,然后在 PHP 中解密

2022-01-09 00:00:00 encryption php coldfusion coldfusion-11

我在重现 PHP 与 Coldfusion 中生成的相同结果时遇到问题.

I have a problem reproducing the same result generated in PHP vs Coldfusion.

在 PHP 中以这种方式加密:

In PHP encrypting this way:

<?php
    $key = "$224455@";
    $Valor = "TESTE";

    $base = chop(base64_encode(mcrypt_encrypt(MCRYPT_DES, $key, $Valor, MCRYPT_MODE_ECB)));     
?>

我有结果:

TzwRx5Bxoa0=

TzwRx5Bxoa0=

在 Coldfusion 中这样做了:

In Coldfusion did so:

<cfset Valor = "TESTE">
<cfset Key = "$224455@">
<cfset base = Encrypt(Valor,ToBase64(Key),"DES/ECB/PKCS5Padding","BASE64")>

结果:

qOQnhdxiIKs=

qOQnhdxiIKs=

什么是 ColdFusion 产生的价值与 PHP 不同?

What isn't ColdFusion yielding the same value as PHP?

非常感谢

推荐答案

(评论太长)

Artjom B. 已经提供了上述答案.Artjom B. 写道

问题是填充.PHP 的 mcrypt 扩展只使用ZeroPadding [...] 您要么需要在 php [...] 中填充明文,要么在 ColdFusion 中使用不同的密码,例如DES/ECB/NoPadding".一世推荐前者,因为如果使用NoPadding,明文必须已经是块大小的倍数.

The problem is the padding. The mcrypt extension of PHP only uses ZeroPadding [...] you either need to pad the plaintext in php [...] or use a different cipher in ColdFusion such as "DES/ECB/NoPadding". I recommend the former, because if you use NoPadding, the plaintext must already be a multiple of the block size.

不幸的是,在 CF 中很难生成 空字符.AFAIK,唯一有效的技术是使用URLDecode("%00").如果您无法按照@Artjom B. 的建议修改 PHP 代码,您可以尝试使用下面的函数来填充 CF 中的文本.免责声明:它只是经过轻微测试(CF10),但似乎产生与上述相同的结果.

Unfortunately, it is difficult to produce a null character in CF. AFAIK, the only technique that works is to use URLDecode("%00"). If you cannot modify the PHP code as @Artjom B. suggested, you could try using the function below to pad the text in CF. Disclaimer: It is only lightly tested (CF10), but seemed to produce the same result as above.

更新:由于 CF encrypt() 函数 始终将纯文本输入解释为 UTF-8 字符串,您也可以使用 charsetEncode(bytes, "utf-8") 从单元素字节数组创建空字符,即 charsetEncode( javacast("byte[]", [0] ), "utf-8")

Update: Since the CF encrypt() function always interprets the plain text input as a UTF-8 string, you can also use charsetEncode(bytes, "utf-8") to create a null character from a single element byte array, ie charsetEncode( javacast("byte[]", [0] ), "utf-8")

示例:

Valor = nullPad("TESTE", 8);
Key = "$224455@";
result = Encrypt(Valor, ToBase64(Key), "DES/ECB/NoPadding", "BASE64");
// Result: TzwRx5Bxoa0=
WriteDump( "Encrypted Text = "& Result ); 

功能:

/*
   Pads a string, with null bytes, to a multiple of the given block size

   @param plainText - string to pad
   @param blockSize - pad string so it is a multiple of this size
   @param encoding - charset encoding of text
*/
string function nullPad( string plainText, numeric blockSize, string encoding="UTF-8")
{
    local.newText = arguments.plainText;
    local.bytes = charsetDecode(arguments.plainText, arguments.encoding);
    local.remain = arrayLen( local.bytes ) % arguments.blockSize;

    if (local.remain neq 0) 
    {
        local.padSize = arguments.blockSize - local.remain;
        local.newText &= repeatString( urlDecode("%00"), local.padSize );
    }

    return local.newText;
}

相关文章