问题描述
我尝试在 ReactJs(不是 NodeJs)中编写以下代码,但这在 JS 中不起作用。
function decryptOpensslDigestSHA256Sum($data)
{
$key = hash('sha256','Nootric2703202'); //My password has 14 characters
$method = 'AES-256-CBC';
$data = base64_decode($data);
$iv_size = openssl_cipher_iv_length($method);
$salt_header = substr($data,$iv_size);
if (substr($salt_header,8) != "Salted__") {
return "";
}
$salt = substr($salt_header,8);
$creds = extractOpenSSLCreds($key,$salt,$iv_size);
$data = openssl_decrypt(substr($data,$iv_size),$method,$creds['password'],OPENSSL_RAW_DATA,$creds['iv']);
return $data;
}
function extractOpenSSLCreds($key,$iv_size)
{
$m = "";
while (strlen($m) < 48) {
$m .= hashCryptoDigestSHA256Sum($m,$key,$salt);
}
$result = array(
'password' => substr($m,32),'iv' => substr($m,32,$iv_size)
);
return $result;
}
function hashCryptoDigestSHA256Sum($hash,$salt)
{
$hash.= $key.$salt;
$prev = openssl_digest($hash,"sha256",true);
return $prev;
}
$data = "U2FsdGVkX1++7PN6CsF5Bi38t0N3EjXpH5oGpaIZXUwk4T8QCwcATjvA4b/8VaxD8nf/MZhKPnWb1L8raLR4lw==";
echo "Data urlEncoded: $data<br>";
$decryption = decryptOpensslDigestSHA256Sum($data);
echo "Data decrypted: $decryption<br><br>";
这表明: 解密数据:email=abc@xyz.abc&name=&gpw_id=gpwID
但是当我尝试在 JS 中使用这个函数时,这不起作用(我在这个 Stackoverflow 条目中找到的源代码 decrypt-openssl-aes-256-cbc-in-browser-cryptojs
function CryptoJSAEsDecrypt(encrypted){
// 1. Separate ciphertext and salt
var encryptedWA = CryptoJS.enc.Base64.parse(encrypted);
var prefixWA = CryptoJS.lib.WordArray.create(encryptedWA.words.slice(0,8/4)); // Salted__ prefix
var saltWA = CryptoJS.lib.WordArray.create(encryptedWA.words.slice(8/4,16/4)); // 8 bytes salt: 0x0123456789ABCDEF
var ciphertextWA = CryptoJS.lib.WordArray.create(encryptedWA.words.slice(16/4,encryptedWA.words.length)); // ciphertext
// 2. Determine key and IV using PBKDF2
var password = 'Nootric2703202'
var keyIvWA = CryptoJS.PBKDF2(
password,saltWA,{
keySize: (32+16)/4,// key and IV
iterations: 10000,hasher: CryptoJS.algo.SHA256
}
);
var keyWA = CryptoJS.lib.WordArray.create(keyIvWA.words.slice(0,32/4));
var ivWA = CryptoJS.lib.WordArray.create(keyIvWA.words.slice(32/4,(32+16)/4));
// 3. Decrypt
var decryptedWA = CryptoJS.AES.decrypt(
{ciphertext: ciphertextWA},keyWA,{iv: ivWA}
);
var decrypted = decryptedWA.toString(CryptoJS.enc.Utf8)
return decrypted;
}
const dec = CryptoJSAEsDecrypt("U2FsdGVkX1++7PN6CsF5Bi38t0N3EjXpH5oGpaIZXUwk4T8QCwcATjvA4b/8VaxD8nf/MZhKPnWb1L8raLR4lw==");
console.log("Data Decrypted: " + dec);
这显示为空: 数据解密:
如果我使用这些数据进行调用:
const dec = CryptoJSAEsDecrypt("U2FsdGVkX18BI0VniavN78vlhR6fryIan0VvUrdIr+YeLkDYhO2xyA+/oVXJj/c35swVVkCqHPh9VdRbNQG6NQ==");
console.log("Data Decrypted: " + dec);
在 Javascript 函数中,我替换了这一行:
var password = 'Nootric2703202'
有了这个:
var password = 'mypassword'
这很好用!但是使用我自己的密码和我的加密数据,这个 JS 解密代码不起作用。 请帮忙?
const dec = CryptoJSAEsDecrypt();
console.log("Decrypted: " + dec);
function CryptoJSAEsDecrypt(encrypted){
// 1. Separate ciphertext and salt
var encrypted = "U2FsdGVkX1++7PN6CsF5Bi38t0N3EjXpH5oGpaIZXUwk4T8QCwcATjvA4b/8VaxD8nf/MZhKPnWb1L8raLR4lw==";
console.log("Encrypted:",encrypted);
var encryptedWA = CryptoJS.enc.Base64.parse(encrypted);
var prefixWA = CryptoJS.lib.WordArray.create(encryptedWA.words.slice(0,16/4)); // 8 bytes salt: 0x0123456789ABCDEF
var ciphertextWA = CryptoJS.lib.WordArray.create(encryptedWA.words.slice(16/4,encryptedWA.words.length)); // ciphertext
// 2. Determine key and IV using PBKDF2
var password = 'Nootric2703202'
var keyIvWA = CryptoJS.PBKDF2(
password,{iv: ivWA}
);
var decrypted = decryptedWA.toString(CryptoJS.enc.Utf8)
return decrypted;
}
<script src="https://cdnjs.cloudflare.com/ajax/libs/react/16.6.3/umd/react.production.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/react-dom/16.6.3/umd/react-dom.production.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>
这里是PHP openssl-decrypt的源代码(它是一个openssl.c文件)PHP openssl.c:
PHP_OPENSSL_API zend_string* PHP_openssl_decrypt(
const char *data,size_t data_len,const char *method,size_t method_len,const char *password,size_t password_len,zend_long options,const char *iv,size_t iv_len,const char *tag,zend_long tag_len,const char *aad,size_t aad_len)
{
const EVP_CIPHER *cipher_type;
EVP_CIPHER_CTX *cipher_ctx;
struct PHP_openssl_cipher_mode mode;
int i = 0,outlen;
zend_string *base64_str = NULL;
bool free_iv = 0,free_password = 0;
zend_string *outbuf = NULL;
PHP_OPENSSL_CHECK_SIZE_T_TO_INT_NULL_RETURN(data_len,data);
PHP_OPENSSL_CHECK_SIZE_T_TO_INT_NULL_RETURN(password_len,password);
PHP_OPENSSL_CHECK_SIZE_T_TO_INT_NULL_RETURN(aad_len,aad);
PHP_OPENSSL_CHECK_SIZE_T_TO_INT_NULL_RETURN(tag_len,tag);
cipher_type = EVP_get_cipherbyname(method);
if (!cipher_type) {
PHP_error_docref(NULL,E_WARNING,"UnkNown cipher algorithm");
return NULL;
}
cipher_ctx = EVP_CIPHER_CTX_new();
if (!cipher_ctx) {
PHP_error_docref(NULL,"Failed to create cipher context");
return NULL;
}
PHP_openssl_load_cipher_mode(&mode,cipher_type);
if (!(options & OPENSSL_RAW_DATA)) {
base64_str = PHP_base64_decode((unsigned char*)data,data_len);
if (!base64_str) {
PHP_error_docref(NULL,"Failed to base64 decode the input");
EVP_CIPHER_CTX_free(cipher_ctx);
return NULL;
}
data_len = ZSTR_LEN(base64_str);
data = ZSTR_VAL(base64_str);
}
if (PHP_openssl_cipher_init(cipher_type,cipher_ctx,&mode,&password,&password_len,&free_password,&iv,&iv_len,&free_iv,tag,tag_len,options,0) == FAILURE ||
PHP_openssl_cipher_update(cipher_type,&outbuf,&outlen,data,data_len,aad,aad_len,0) == FAILURE) {
outbuf = NULL;
} else if (mode.is_single_run_aead ||
EVP_DecryptFinal(cipher_ctx,(unsigned char *)ZSTR_VAL(outbuf) + outlen,&i)) {
outlen += i;
ZSTR_VAL(outbuf)[outlen] = '\0';
ZSTR_LEN(outbuf) = outlen;
} else {
PHP_openssl_store_errors();
zend_string_release_ex(outbuf,0);
outbuf = NULL;
}
if (free_password) {
efree((void *) password);
}
if (free_iv) {
efree((void *) iv);
}
if (base64_str) {
zend_string_release_ex(base64_str,0);
}
EVP_CIPHER_CTX_reset(cipher_ctx);
EVP_CIPHER_CTX_free(cipher_ctx);
return outbuf;
}
/* {{{ Takes raw or base64 encoded string and decrypts it using given method and key */
PHP_FUNCTION(openssl_decrypt)
{
zend_long options = 0;
char *data,*method,*password,*iv = "",*tag = NULL,*aad = "";
size_t data_len,method_len,password_len,iv_len = 0,tag_len = 0,aad_len = 0;
zend_string *ret;
if (zend_parse_parameters(ZEND_NUM_ARGS(),"sss|lsss",&data,&data_len,&method,&method_len,&options,&tag,&tag_len,&aad,&aad_len) == FAILURE) {
RETURN_THROWS();
}
if (!method_len) {
zend_argument_value_error(2,"cannot be empty");
RETURN_THROWS();
}
if ((ret = PHP_openssl_decrypt(data,method,password,iv,iv_len,aad_len))) {
RETVAL_STR(ret);
} else {
RETVAL_FALSE;
}
}
/* {{{ Computes digest hash value for given data using given method,returns raw or binhex encoded string */
PHP_FUNCTION(openssl_digest)
{
bool raw_output = 0;
char *data,*method;
size_t data_len,method_len;
const EVP_MD *mdtype;
EVP_MD_CTX *md_ctx;
unsigned int siglen;
zend_string *sigbuf;
if (zend_parse_parameters(ZEND_NUM_ARGS(),"ss|b",&raw_output) == FAILURE) {
RETURN_THROWS();
}
mdtype = EVP_get_digestbyname(method);
if (!mdtype) {
PHP_error_docref(NULL,"UnkNown digest algorithm");
RETURN_FALSE;
}
siglen = EVP_MD_size(mdtype);
sigbuf = zend_string_alloc(siglen,0);
md_ctx = EVP_MD_CTX_create();
if (EVP_Digestinit(md_ctx,mdtype) &&
EVP_DigestUpdate(md_ctx,(unsigned char *)data,data_len) &&
EVP_DigestFinal (md_ctx,(unsigned char *)ZSTR_VAL(sigbuf),&siglen)) {
if (raw_output) {
ZSTR_VAL(sigbuf)[siglen] = '\0';
ZSTR_LEN(sigbuf) = siglen;
RETVAL_STR(sigbuf);
} else {
int digest_str_len = siglen * 2;
zend_string *digest_str = zend_string_alloc(digest_str_len,0);
make_digest_ex(ZSTR_VAL(digest_str),(unsigned char*)ZSTR_VAL(sigbuf),siglen);
ZSTR_VAL(digest_str)[digest_str_len] = '\0';
zend_string_release_ex(sigbuf,0);
RETVAL_NEW_STR(digest_str);
}
} else {
PHP_openssl_store_errors();
zend_string_release_ex(sigbuf,0);
RETVAL_FALSE;
}
EVP_MD_CTX_destroy(md_ctx);
}
解决方法
PHP 实现使用 EVP_BytesToKey()
作为密钥派生函数,因此与 CryptoJS 密钥派生兼容。
但是,CryptoJS 默认使用 MD5 作为摘要,而 PHP 代码使用 SHA256(请注意,OpenSSL 从 v1.1.0 版本开始将默认摘要从 MD5 更改为 SHA256)。
此外,用于密钥派生函数的密码不是密码本身(即Nootric2703202),而是密码的十六进制编码 SHA256 哈希值。
如果考虑到这一点,使用 CryptoJS 解密是:
var password = 'Nootric2703202';
var passwordHashWA = CryptoJS.SHA256(password);
var passwordHashHex = passwordHashWA.toString(CryptoJS.enc.Hex);
var ciphertext = 'U2FsdGVkX1++7PN6CsF5Bi38t0N3EjXpH5oGpaIZXUwk4T8QCwcATjvA4b/8VaxD8nf/MZhKPnWb1L8raLR4lw==';
CryptoJS.algo.EvpKDF.cfg.hasher = CryptoJS.algo.SHA256.create();
var data = CryptoJS.AES.decrypt(ciphertext,passwordHashHex);
console.log(data.toString(CryptoJS.enc.Utf8));
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js"></script>
产生预期的明文:
email=abc@xyz.abc&name=&gpw_id=gpwID
由于 OpenSSL 的兼容性,密文也可以用以下 OpenSSL 表达式解密:
openssl enc -aes-256-cbc -d -md sha256 -in <ciphertextFile> -k d0f95d5e54a7aa25934a5d4915c9e2a06dadac20d16551693be1d21d4d8e8798 -A -a -p
其中 <ciphertextFile>
是包含 Base64 编码密文(无换行符)的文件的路径:U2FsdGVkX1...
,密码 d0f95d...
是密码的十六进制编码 SHA256 哈希Nootric2703202。
请记住,EVP_BytesToKey()
被认为是不安全的,s。例如here。相反,应该使用像 PBKDF2 这样可靠的密钥派生函数。