如何从 AES 加密字符串中添加/删除 PKCS7 填充?
我正在尝试使用 128 位 AES 加密 (ECB) 加密/解密字符串.我想知道的是如何向它添加/删除 PKCS7 填充.Mcrypt 扩展似乎可以处理加密/解密,但必须手动添加/删除填充.
I'm trying to encrypt/decrypt a string using 128 bit AES encryption (ECB). What I want to know is how I can add/remove the PKCS7 padding to it. It seems that the Mcrypt extension can take care of the encryption/decryption, but the padding has to be added/removed manually.
有什么想法吗?
推荐答案
让我们看看.PKCS #7 在 RFC 5652(加密消息语法)中有描述.
Let's see. PKCS #7 is described in RFC 5652 (Cryptographic Message Syntax).
填充方案本身在 6.3 部分中给出.内容加密过程.它本质上是说:根据需要追加足够多的字节来填充给定的块大小(但至少是一个),并且每个字节都应该将填充长度作为值.
The padding scheme itself is given in section 6.3. Content-encryption Process. It essentially says: append that many bytes as needed to fill the given block size (but at least one), and each of them should have the padding length as value.
因此,查看最后一个解密的字节,我们知道要剥离多少字节.(也可以检查它们是否都具有相同的值.)
Thus, looking at the last decrypted byte we know how many bytes to strip off. (One could also check that they all have the same value.)
我现在可以为您提供一对 PHP 函数来执行此操作,但是我的 PHP 有点生疏.所以要么自己做(然后随意编辑我的答案以添加它),要么查看 用户贡献的注释到 mcrypt 文档 - 其中相当一部分是关于填充并提供 PKCS #7 填充的实现.
I could now give you a pair of PHP functions to do this, but my PHP is a bit rusty. So either do this yourself (then feel free to edit my answer to add it in), or have a look at the user-contributed notes to the mcrypt documentation - quite some of them are about padding and provide an implementation of PKCS #7 padding.
那么,让我们看看第一条注释 详细说明:
So, let's look on the first note there in detail:
<?php
function encrypt($str, $key)
{
$block = mcrypt_get_block_size('des', 'ecb');
这将获得所用算法的块大小.在你的情况下,你会使用 aes
或 rijndael_128
而不是 des
,我想(我没有测试它).(相反,您可以在此处简单地将 16
用于 AES,而不是调用该函数.)
This gets the block size of the used algorithm. In your case, you would use aes
or rijndael_128
instead of des
, I suppose (I didn't test it). (Instead, you could simply take 16
here for AES, instead of invoking the function.)
$pad = $block - (strlen($str) % $block);
这会计算填充大小.strlen($str)
是数据的长度(以字节为单位),% $block
给出余数模 $block
,即最后一个块中的数据字节数.$block - ...
因此给出填充最后一个块所需的字节数(现在是 1
和 $block
之间的数字,包括在内).
This calculates the padding size. strlen($str)
is the length of your data (in bytes), % $block
gives the remainder modulo $block
, i.e. the number of data bytes in the last block. $block - ...
thus gives the number of bytes needed to fill this last block (this is now a number between 1
and $block
, inclusive).
$str .= str_repeat(chr($pad), $pad);
str_repeat
产生由相同字符串的重复组成的字符串,这里是给定的 字符的重复by $pad
, $pad
次,即长度为$pad
的字符串,填充$pad代码>.
$str .= ...
将此填充字符串附加到原始数据中.
str_repeat
produces a string consisting of a repetition of the same string, here a repetition of the character given by $pad
, $pad
times, i.e. a string of length $pad
, filled with $pad
.
$str .= ...
appends this padding string to the original data.
return mcrypt_encrypt(MCRYPT_DES, $key, $str, MCRYPT_MODE_ECB);
这是加密本身.使用 MCRYPT_RIJNDAEL_128
而不是 MCRYPT_DES
.
Here is the encryption itself. Use MCRYPT_RIJNDAEL_128
instead of MCRYPT_DES
.
}
现在另一个方向:
function decrypt($str, $key)
{
$str = mcrypt_decrypt(MCRYPT_DES, $key, $str, MCRYPT_MODE_ECB);
解密.(你当然会改变算法,如上所述).$str 现在是解密后的字符串,包括填充.
The decryption. (You would of course change the algorithm, as above). $str is now the decrypted string, including the padding.
$block = mcrypt_get_block_size('des', 'ecb');
这又是块大小.(见上文.)
This is again the block size. (See above.)
$pad = ord($str[($len = strlen($str)) - 1]);
这看起来有点奇怪.最好分多个步骤编写:
This looks a bit strange. Better write it in multiple steps:
$len = strlen($str);
$pad = ord($str[$len-1]);
$len
现在是填充字符串的长度,$str[$len - 1]
是这个字符串的最后一个字符.ord
将其转换为数字.因此,$pad
是我们之前用作填充填充值的数字,这就是填充长度.
$len
is now the length of the padded string, and $str[$len - 1]
is the last character of this string. ord
converts this to a number. Thus $pad
is the number which we previously used as the fill value for the padding, and this is the padding length.
return substr($str, 0, strlen($str) - $pad);
所以现在我们从字符串中截取最后一个 $pad
字节.(代替 strlen($str)
我们也可以在这里写 $len
: substr($str, 0, $len - $pad)
.).
So now we cut off the last $pad
bytes from the string. (Instead of strlen($str)
we could also write $len
here: substr($str, 0, $len - $pad)
.).
}
?>
注意,除了使用 substr($str, $len - $pad)
,还可以写成 substr($str, -$pad)
,作为PHP 中的 substr
函数对负操作数/参数进行了特殊处理,从字符串的末尾开始计数.(我不知道这比先获取长度然后手动计算索引效率更高还是更低.)
Note that instead of using substr($str, $len - $pad)
, one can also write substr($str, -$pad)
, as the substr
function in PHP has a special-handling for negative operands/arguments, to count from the end of the string. (I don't know if this is more or less efficient than getting the length first and and calculating the index manually.)
如前所述并在 rossum 的评论中指出,而不是像这里所做的那样简单地去除填充,您应该检查它是否正确 - 即查看 substr($str, $len - $pad)
,并检查其所有字节是否都是 chr($pad)
.这是对损坏的轻微检查(尽管如果您使用链接模式而不是 ECB,这种检查会更有效,并且不能替代真正的 MAC).
As said before and noted in the comment by rossum, instead of simply stripping off the padding like done here, you should check that it is correct - i.e. look at substr($str, $len - $pad)
, and check that all its bytes are chr($pad)
. This serves as a slight check against corruption (although this check is more effective if you use a chaining mode instead of ECB, and is not a replacement for a real MAC).
(而且,告诉您的客户他们应该考虑更改为比 ECB 更安全的模式.)
(And still, tell your client they should think about changing to a more secure mode than ECB.)
相关文章