在 Coldfusion 中加密,然后在 PHP 中解密
我在重现 PHP 与 Coldfusion 中生成的相同结果时遇到问题.
I have a problem reproducing the same result generated in PHP vs Coldfusion.
在 PHP 中以这种方式加密:
In PHP encrypting this way:
<?php
$key = "$224455@";
$Valor = "TESTE";
$base = chop(base64_encode(mcrypt_encrypt(MCRYPT_DES, $key, $Valor, MCRYPT_MODE_ECB)));
?>
我有结果:
TzwRx5Bxoa0=
TzwRx5Bxoa0=
在 Coldfusion 中这样做了:
In Coldfusion did so:
<cfset Valor = "TESTE">
<cfset Key = "$224455@">
<cfset base = Encrypt(Valor,ToBase64(Key),"DES/ECB/PKCS5Padding","BASE64")>
结果:
qOQnhdxiIKs=
qOQnhdxiIKs=
什么是 ColdFusion 产生的价值与 PHP 不同?
What isn't ColdFusion yielding the same value as PHP?
非常感谢
推荐答案
(评论太长)
Artjom B. 已经提供了上述答案.Artjom B. 写道
问题是填充.PHP 的 mcrypt 扩展只使用ZeroPadding [...] 您要么需要在 php [...] 中填充明文,要么在 ColdFusion 中使用不同的密码,例如DES/ECB/NoPadding".一世推荐前者,因为如果使用NoPadding,明文必须已经是块大小的倍数.
The problem is the padding. The mcrypt extension of PHP only uses ZeroPadding [...] you either need to pad the plaintext in php [...] or use a different cipher in ColdFusion such as "DES/ECB/NoPadding". I recommend the former, because if you use NoPadding, the plaintext must already be a multiple of the block size.
不幸的是,在 CF 中很难生成 空字符.AFAIK,唯一有效的技术是使用URLDecode("%00")
.如果您无法按照@Artjom B. 的建议修改 PHP 代码,您可以尝试使用下面的函数来填充 CF 中的文本.免责声明:它只是经过轻微测试(CF10),但似乎产生与上述相同的结果.
Unfortunately, it is difficult to produce a null character in CF. AFAIK, the only technique that works is to use URLDecode("%00")
. If you cannot modify the PHP code as @Artjom B. suggested, you could try using the function below to pad the text in CF. Disclaimer: It is only lightly tested (CF10), but seemed to produce the same result as above.
更新:由于 CF encrypt() 函数 始终将纯文本输入解释为 UTF-8 字符串,您也可以使用 charsetEncode(bytes, "utf-8") 从单元素字节数组创建空字符,即 charsetEncode( javacast("byte[]", [0] ), "utf-8")
Update:
Since the CF encrypt() function always interprets the plain text input as a UTF-8 string, you can also use charsetEncode(bytes, "utf-8") to create a null character from a single element byte array, ie charsetEncode( javacast("byte[]", [0] ), "utf-8")
示例:
Valor = nullPad("TESTE", 8);
Key = "$224455@";
result = Encrypt(Valor, ToBase64(Key), "DES/ECB/NoPadding", "BASE64");
// Result: TzwRx5Bxoa0=
WriteDump( "Encrypted Text = "& Result );
功能:
/*
Pads a string, with null bytes, to a multiple of the given block size
@param plainText - string to pad
@param blockSize - pad string so it is a multiple of this size
@param encoding - charset encoding of text
*/
string function nullPad( string plainText, numeric blockSize, string encoding="UTF-8")
{
local.newText = arguments.plainText;
local.bytes = charsetDecode(arguments.plainText, arguments.encoding);
local.remain = arrayLen( local.bytes ) % arguments.blockSize;
if (local.remain neq 0)
{
local.padSize = arguments.blockSize - local.remain;
local.newText &= repeatString( urlDecode("%00"), local.padSize );
}
return local.newText;
}
相关文章