问题描述
我们使用 Sage Pay / Opayo 表单集成将客户订单传递给 Sage Pay 进行付款,然后处理返回的报告。 Sage Pay 的示例代码依赖于 PHP 7.2 不再支持的 PHP mcrypt 函数,因此我们需要将脚本更新为 OpenSSL。
这里有一篇很棒的文章介绍了加密: Upgrade mcrypt to OpenSSL encryption in SagePay form
- 这对我来说很好用:
function encryptAes_new ($string,$key) {
$key = str_pad($key,16,"\0"); # if supplied key is,or may be,less than 16 bytes
$crypt = openssl_encrypt($string,'aes-128-cbc',$key,OPENSSL_RAW_DATA,$key);
// Perform hex encoding and return.
return "@" . strtoupper(bin2hex($crypt));
}
当前代码为:
function decryptAes($strIn,$password)
{
// HEX decoding then AES decryption,CBC blocking with PKCS5 padding.
// Use initialization vector (IV) set from $str_encryption_password.
$strInitVector = $password;
// Remove the first char which is @ to flag this is AES encrypted and HEX decoding.
$hex = substr($strIn,1);
$strIn = pack('H*',$hex);
// Perform decryption with PHP's MCRYPT module.
$string = mcrypt_decrypt(MCRYPT_RIJNDAEL_128,$password,$strIn,MCRYPT_MODE_CBC,$strInitVector);
return removePKCS5Padding($string);
}
有人可以帮忙提供一个 OpenSSL 版本吗?
解决方法
解密时,必须先去掉@
前缀,然后进行十六进制解码,最后才能进行解密。 openssl_decrypt()
隐式删除填充,因此不需要显式删除。这是在下面的 decryptAes_new()
中实现的:
<?php
function encryptAes_new ($string,$key) {
$key = str_pad($key,16,"\0"); # if supplied key is,or may be,less than 16 bytes
$crypt = openssl_encrypt($string,'aes-128-cbc',$key,OPENSSL_RAW_DATA,$key);
// Perform hex encoding and return.
return "@" . strtoupper(bin2hex($crypt));
}
function decryptAes_new($string,"\0");
$binary = hex2bin(substr($string,1));
return openssl_decrypt($binary,$key);
}
$plaintext = 'The quick brown fox jumps over the lazy dog';
$key = '0123456789012345';
$ciphertext = encryptAes_new($plaintext,$key);
$decrypted = decryptAes_new($ciphertext,$key);
print('Ciphertext: ' . $ciphertext . PHP_EOL);
print('Plaintext: ' . $decrypted . ' - Size: ' . strlen($decrypted) . PHP_EOL);
?>
产生输出:
Ciphertext: @3089E6BC224BD95B85CF56F4B967118AAA4705430F25B6B4D953188AD15DD78F3867577E7D58E18C9CB340647C8B4FD8
Plaintext: The quick brown fox jumps over the lazy dog - Size: 43
查看解密后的明文长度,43个字节,显示已自动去除padding。