Implementing aes-128-cbc-pkcs5padding encryption with PHP

  • Recently, I was responsible for interfacing with API. During data connection and interaction, some sensitive data will inevitably be transmitted. In order to make the data interaction more secure, the data is encrypted. The other party’s requirement is to update the business data of the interfaceAES-128-CBC-PKCS5PaddingEncrypt and then do itBase64The encoding submits the final string obtained, and also gives the key and initialization vector (offset) corresponding to the encryption method.

  • First, after seeing this encryption method, I looked in the PHP function library to see if there was a corresponding encryption function. However, after looking around, I found that there was no encryption function. I need to implement it myself. Later, I learned that it can be extended with the mcrypt function, but the mcrypt function has been abandoned since PHP 7.1.0. It is strongly recommended not to use this function, so I have to find other functionsEncryption function library, you can see it at the bottom of the manualOpenSSL function, by understandingopenssl_ Encrypt (encrypted data)Function discovery can realize requirements,openssl_encryptPlease refer to the manual for specific usage,

  • The implementation functions are as follows:

    function encrypt($input, $key, $iv){
          return base64_encode(openssl_encrypt($input, 'AES-128-CBC', $key, OPENSSL_RAW_DATA,$iv));
      function decrypt($input, $key, $iv){
          return openssl_decrypt(base64_decode($input), 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
      //Test encryption (I use JSON string here)
      $dataJson = '[{"Code": "123123", "Name": "Bob", "Address": "\u94f6\u5ddd\u5e02"}, {"Code": "464776", "Name": "Hello", "Address": "\u5317\u4eac\u5e02"}]';
      print_r(encrypt($dataJson, $key, $iv));
      //Test decryption
      $strr = 'u9Bd8oHXDGvjZcTIX9HK1r1q+aSu+/48gsfoGVrxoScZuX8yaj/xco8F2yHt2T987JNHil9LwjAmu9o5NJaicWQDaiKwMD5o70k1A9bGjDd71xb4hXRx3ddZwI85oTQQEUQLadR5C759SdaN8AOxlzH+yGlAWTOaEleulKoRTwaknG1NCM/qIRQ8gI5lzv+D';
      print_r(decrypt($strr, $key, $iv));
      // [{"Code": "123123", "Name": "Bob", "Address": "\u94f6\u5ddd\u5e02"}, {"Code": "464776", "Name": "Hello", "Address": "\u5317\u4eac\u5e02"}]
  • The self-test passed and sat proudly waiting for the joint commissioning. Then I started to write other businesses. After a few days, the joint commissioning found that the other party I encrypted could not decrypt, the other party encrypted could not decrypt, and the encryption algorithm did not match (scratching your head. After Google searching for relevant problems, I found a sentence, which roughly means that in the abandoned mcrypt encryption library, 128 actually refers to the block size rather than the key size, but in OpenSSL, 128 of aes-128-cbc refers to the key size, that is, when using a valid 256 bit key, they are AES-256, and if you want to convert mcrypt to For the encryption method of OpenSSL, mcrypt 128 needs to be written as OpenSSL 256, so with a try attitude, changed aes-128-cbc to aes-256-cbc, then debugged, and finally found that the joint debugging passed. However, the specific technical details and principles are not very clear. Modify and use it like this first, and then study it when you have time.

Implementing aes-128-cbc-pkcs5padding encryption with PHP

>* * the solution is to replace the encryption method aes-128-cbc with aes-256-cbc**

This work adoptsCC agreement, reprint must indicate the author and the link to this article

Yong Li Gao

Recommended Today

On the mutation mechanism of Clickhouse (with source code analysis)

Recently studied a bit of CH code.I found an interesting word, mutation.The word Google has the meaning of mutation, but more relevant articles translate this as “revision”. The previous article analyzed background_ pool_ Size parameter.This parameter is related to the background asynchronous worker pool merge.The asynchronous merge and mutation work in Clickhouse kernel is completed […]