logo标签列表

在PHP中加密字符串并在Node.js中解密

javascriptphpjsonnode.jsencryption
18

我正在通过Apache和Node.js服务器之间的不安全连接发送数据。我需要在PHP中加密数据并在Node.js中解密数据。我已经花了两天时间尝试让它工作,但是我只能让消息签名工作,没有加密。我尝试使用AES128-CBC,AES256-CBC,DES,AES128,AES256等算法进行传递,但是没有什么效果...

我在PHP中尝试了以下内容:

$data = json_encode(Array('mk' => $_SESSION['key'], 'algorithm' => 'SHA1', 'username' => $_SESSION['userid'], 'expires' => $expires));
$payload = openssl_encrypt($data, 'des', '716c26ef');
return base64_encode($payload);

另外在 Node.js 中:

var enc_json = new Buffer(response[1], 'base64');
var decipher = crypto.createDecipher('des', '716c26ef');
var json = decipher.update(enc_json).toString('ascii');
json += decipher.final('ascii');

除了错误的解密数据之外,我还会收到以下这些错误:

TypeError: error:0606508A:digital envelope routines:EVP_DecryptFinal_ex:data not multiple of block length

TypeError: error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length

我需要一种简单的加密方式,因为数据不太敏感(没有密码或用户数据),但是只有接收者可以读取数据。密钥长度可以是任何值,但加密/解密的过程必须尽可能简单,请不要使用初始化向量。

为什么不能使用HTTPS? - ThiefMaster
3
你应该返回base64_encode($payload);吧? - Ben Fortune
@BenFortune 我正在编辑问题的变量名称。 - Xeos
@ThiefMaster 这里有第三方参与:数据会传输到客户端,可以存储以备将来使用,或立即发送到 Node.js 服务器。 - Xeos
这可能有所帮助。https://stackoverflow.com/questions/41181905/php-mcrypt-encrypt-to-openssl-encrypt-and-openssl-zero-padding-problems - Dnyaneshwar Harer
4个回答
41

本周我遇到了相同的问题,但是方向相反(PHP加密 -> NodeJS解密),并且已经成功让以下代码片段工作:

aes256cbc.js

var crypto = require('crypto');

var encrypt = function (plain_text, encryptionMethod, secret, iv) {
    var encryptor = crypto.createCipheriv(encryptionMethod, secret, iv);
    return encryptor.update(plain_text, 'utf8', 'base64') + encryptor.final('base64');
};

var decrypt = function (encryptedMessage, encryptionMethod, secret, iv) {
    var decryptor = crypto.createDecipheriv(encryptionMethod, secret, iv);
    return decryptor.update(encryptedMessage, 'base64', 'utf8') + decryptor.final('utf8');
};

var textToEncrypt = new Date().toISOString().substr(0,19) + '|My super secret information.';
var encryptionMethod = 'AES-256-CBC';
var secret = "My32charPasswordAndInitVectorStr"; //must be 32 char length
var iv = secret.substr(0,16);

var encryptedMessage = encrypt(textToEncrypt, encryptionMethod, secret, iv);
var decryptedMessage = decrypt(encryptedMessage, encryptionMethod, secret, iv);

console.log(encryptedMessage);
console.log(decryptedMessage);

aes256cbc.php

<?php
date_default_timezone_set('UTC');
$textToEncrypt = substr(date('c'),0,19) . "|My super secret information.";
$encryptionMethod = "AES-256-CBC";
$secret = "My32charPasswordAndInitVectorStr";  //must be 32 char length
$iv = substr($secret, 0, 16);

$encryptedMessage = openssl_encrypt($textToEncrypt, $encryptionMethod, $secret,0,$iv);
$decryptedMessage = openssl_decrypt($encryptedMessage, $encryptionMethod, $secret,0,$iv);

echo "$encryptedMessage\n";
echo "$decryptedMessage\n";
?>

避免在密钥/iv大小/解密问题上出现问题的秘诀是确保密钥长度恰好为32个字符,IV长度为16个字符。 此外,在NodeJS中使用'base64'和'utf8'非常重要,因为这些是PHP中的默认值。
以下是一些示例运行:
$ node aes256cbc.js && php aes256cbc.php
zra3FX4iyCc7qPc1dZs+G3ZQ40f5bSw8P9n5OtWl1t86nV5Qfh4zNRPFbsciyyHyU3Qi4Ga1oTiTwzrPIZQXLw==
2015-01-27T18:29:12|My super secret information.
zra3FX4iyCc7qPc1dZs+G3ZQ40f5bSw8P9n5OtWl1t86nV5Qfh4zNRPFbsciyyHyU3Qi4Ga1oTiTwzrPIZQXLw==
2015-01-27T18:29:12|My super secret information.

$ node aes256cbc.js && php aes256cbc.php
zra3FX4iyCc7qPc1dZs+G6B6+8aavHNc/Ymv9L6Omod8Di3tMbvOa2B7O2Yiyoutm9fy9l0G+P5VJT9z2qNESA==
2015-01-27T18:29:15|My super secret information.
zra3FX4iyCc7qPc1dZs+G6B6+8aavHNc/Ymv9L6Omod8Di3tMbvOa2B7O2Yiyoutm9fy9l0G+P5VJT9z2qNESA==
2015-01-27T18:29:15|My super secret information.

$ node aes256cbc.js && php aes256cbc.php
zra3FX4iyCc7qPc1dZs+G4oD1Fr5yLByON6QDE56UOqP6kkfGJzpyH6TbwZYX2oGlh2JGv+aHYUMh0qQnAj/uw==
2015-01-27T18:29:29|My super secret information.
zra3FX4iyCc7qPc1dZs+G4oD1Fr5yLByON6QDE56UOqP6kkfGJzpyH6TbwZYX2oGlh2JGv+aHYUMh0qQnAj/uw==
2015-01-27T18:29:29|My super secret information.

$ node aes256cbc.js && php aes256cbc.php
zra3FX4iyCc7qPc1dZs+G5OVCbCaUy8a0LLF+Bn8UT4X3nYbtynO0Zt2mvXnnli9dRxrxMw43uWnkh8MIwVHXA==
2015-01-27T18:29:31|My super secret information.
zra3FX4iyCc7qPc1dZs+G5OVCbCaUy8a0LLF+Bn8UT4X3nYbtynO0Zt2mvXnnli9dRxrxMw43uWnkh8MIwVHXA==
2015-01-27T18:29:31|My super secret information.

$ node aes256cbc.js && php aes256cbc.php
fdsqSyHBJjlwD0jYfOUZM2FrONG6Fk5d7FOItYEdbnaZIhhmg/apa8/jPwKFkDXD9eNqWC3w0JzY5wjtZADiBA==
2015-01-27T18:30:08|My super secret information.
fdsqSyHBJjlwD0jYfOUZM2FrONG6Fk5d7FOItYEdbnaZIhhmg/apa8/jPwKFkDXD9eNqWC3w0JzY5wjtZADiBA==
2015-01-27T18:30:08|My super secret information.

$ node aes256cbc.js && php aes256cbc.php
fdsqSyHBJjlwD0jYfOUZM4SRfi6jG5EoDFEF6d9xCIyluXSiMaKlhd89ovpeOz/YyEIlPbYR4ly00gf6hWfKHw==
2015-01-27T18:30:45|My super secret information.
fdsqSyHBJjlwD0jYfOUZM4SRfi6jG5EoDFEF6d9xCIyluXSiMaKlhd89ovpeOz/YyEIlPbYR4ly00gf6hWfKHw==
2015-01-27T18:30:45|My super secret information.

注意:

我使用“时间戳|消息”格式来避免中间人攻击。例如,如果加密的消息包含要进行身份验证的ID,则中间人可以捕获该消息并在他想要重新验证身份时重新发送它。

因此,我可以检查加密消息上的时间戳是否在一个短时间间隔内。这样,由于时间戳的存在,每秒钟相同的消息会以不同的方式加密,并且不能在此固定时间间隔之外使用。

编辑:

我在这里误用了初始化向量(IV)。 正如@ArtjomB.所解释的那样,IV应该是加密消息的第一部分,并且应该是一个随机值。 建议在HTTP头中使用x-hmac: *value*hmac值,以验证消息是否来自有效来源(但这不能解决先前描述的“重新发送”消息问题)。

以下是改进版本,包括php和node的hmac和将IV作为加密消息的一部分:

aes256cbc.js (v2)

var crypto = require('crypto');

var encrypt = function (message, method, secret, hmac) {
    //var iv = crypto.randomBytes(16).toString('hex').substr(0,16);    //use this in production
    var iv = secret.substr(0,16);    //using this for testing purposes (to have the same encryption IV in PHP and Node encryptors)
    var encryptor = crypto.createCipheriv(method, secret, iv);
    var encrypted = new Buffer(iv).toString('base64') + encryptor.update(message, 'utf8', 'base64') + encryptor.final('base64');
    hmac.value = crypto.createHmac('md5', secret).update(encrypted).digest('hex');
    return encrypted;
};

var decrypt = function (encrypted, method, secret, hmac) {
    if (crypto.createHmac('md5', secret).update(encrypted).digest('hex') == hmac.value) {
        var iv = new Buffer(encrypted.substr(0, 24), 'base64').toString();
        var decryptor = crypto.createDecipheriv(method, secret, iv);
        return decryptor.update(encrypted.substr(24), 'base64', 'utf8') + decryptor.final('utf8');
    }
};

var encryptWithTSValidation = function (message, method, secret, hmac) {
    var messageTS = new Date().toISOString().substr(0,19) + message;
    return encrypt(messageTS, method, secret, hmac);
}

var decryptWithTSValidation = function (encrypted, method, secret, hmac, intervalThreshold) {
    var decrypted = decrypt(encrypted, method, secret, hmac);
    var now = new Date();
    var year = parseInt(decrypted.substr(0,4)), month = parseInt(decrypted.substr(5,2)) - 1,
    day = parseInt(decrypted.substr(8,2)), hour = parseInt(decrypted.substr(11,2)), 
    minute = parseInt(decrypted.substr(14,2)), second = parseInt(decrypted.substr(17,2));
    var msgDate = new Date(Date.UTC(year, month, day, hour, minute, second))
    if (Math.round((now - msgDate) / 1000) <= intervalThreshold) {
        return decrypted.substr(19);
    }
}

var message = 'My super secret information.';
var method = 'AES-256-CBC';
var secret = "My32charPasswordAndInitVectorStr"; //must be 32 char length
var hmac = {};

//var encrypted = encrypt(message, method, secret, hmac);
//var decrypted = decrypt(encrypted, method, secret, hmac);
var encrypted = encryptWithTSValidation(message, method, secret, hmac);
var decrypted = decryptWithTSValidation(encrypted, method, secret, hmac, 60*60*12); //60*60m*12=12h

console.log("Use HTTP header 'x-hmac: " + hmac.value + "' for validating against MitM-attacks.");
console.log("Encrypted: " + encrypted);
console.log("Decrypted: " + decrypted);

请注意,crypto.createHmac(...).digest('hex')使用hex进行摘要处理。这是在PHP中进行hmac的默认设置。 aes256cbc.php (v2) 
<?php

function encrypt ($message, $method, $secret, &$hmac) {
    //$iv = substr(bin2hex(openssl_random_pseudo_bytes(16)),0,16);    //use this in production
    $iv = substr($secret, 0, 16);        //using this for testing purposes (to have the same encryption IV in PHP and Node encryptors)
    $encrypted = base64_encode($iv) . openssl_encrypt($message, $method, $secret, 0, $iv);
    $hmac = hash_hmac('md5', $encrypted, $secret);
    return $encrypted;
}

function decrypt ($encrypted, $method, $secret, $hmac) {
    if (hash_hmac('md5', $encrypted, $secret) == $hmac) {
        $iv = base64_decode(substr($encrypted, 0, 24));
        return openssl_decrypt(substr($encrypted, 24), $method, $secret, 0, $iv);
    }
}

function encryptWithTSValidation ($message, $method, $secret, &$hmac) {
    date_default_timezone_set('UTC');
    $message = substr(date('c'),0,19) . "$message";
    return encrypt($message, $method, $secret, $hmac);
}

function decryptWithTSValidation ($encrypted, $method, $secret, $hmac, $intervalThreshold) {
    $decrypted = decrypt($encrypted, $method, $secret, $hmac);
    $now = new DateTime();
    $msgDate = new DateTime(str_replace("T"," ",substr($decrypted,0,19)));
    if (($now->getTimestamp() - $msgDate->getTimestamp()) <= $intervalThreshold) {
        return substr($decrypted,19);
    }
}

$message = "My super secret information.";
$method = "AES-256-CBC";
$secret = "My32charPasswordAndInitVectorStr";  //must be 32 char length

//$encrypted = encrypt($message, $method, $secret, $hmac);
//$decrypted = decrypt($encrypted, $method, $secret, $hmac);

$encrypted = encryptWithTSValidation($message, $method, $secret, $hmac);
$decrypted = decryptWithTSValidation($encrypted, $method, $secret, $hmac, 60*60*12); //60*60m*12=12h

echo "Use HTTP header 'x-hmac: $hmac' for validating against MitM-attacks.\n";
echo "Encrypted: $encrypted\n";
echo "Decrypted: $decrypted\n";
?>

以下是一些示例运行:
$ node aes256cbc.js && php aes256cbc.php
Use HTTP header 'x-hmac: 6862972ef0f463bf48523fc9e334bb42' for validating against MitM-attacks.
Encrypted: YjE0ZzNyMHNwVm50MGswbQ==I6cAKeoxeSP5TGgtK59PotB/iG2BUSU8Y6NhAhVabN9UB+ZCTn7q2in4JyLwQiGN
Decrypted: My super secret information.
Use HTTP header 'x-hmac: 6862972ef0f463bf48523fc9e334bb42' for validating against MitM-attacks.
Encrypted: YjE0ZzNyMHNwVm50MGswbQ==I6cAKeoxeSP5TGgtK59PotB/iG2BUSU8Y6NhAhVabN9UB+ZCTn7q2in4JyLwQiGN
Decrypted: My super secret information.

$ node aes256cbc.js && php aes256cbc.php
Use HTTP header 'x-hmac: b2e63f216acde938a82142220652cf59' for validating against MitM-attacks.
Encrypted: YjE0ZzNyMHNwVm50MGswbQ==YsFRdKzCLuCk7Yg+U+S1CSgYBBR8dkZytORm8xwEDmD9WB1mpqC3XnSrB+wR3/KW
Decrypted: My super secret information.
Use HTTP header 'x-hmac: b2e63f216acde938a82142220652cf59' for validating against MitM-attacks.
Encrypted: YjE0ZzNyMHNwVm50MGswbQ==YsFRdKzCLuCk7Yg+U+S1CSgYBBR8dkZytORm8xwEDmD9WB1mpqC3XnSrB+wR3/KW
Decrypted: My super secret information.

$ node aes256cbc.js && php aes256cbc.php
Use HTTP header 'x-hmac: 73181744453d55eb6f81896ffd284cd8' for validating against MitM-attacks.
Encrypted: YjE0ZzNyMHNwVm50MGswbQ==YsFRdKzCLuCk7Yg+U+S1CTGik4Lv9PnWuEg5SiADJcdKX1to0LrNKmuCiYIweBAZ
Decrypted: My super secret information.
Use HTTP header 'x-hmac: 73181744453d55eb6f81896ffd284cd8' for validating against MitM-attacks.
Encrypted: YjE0ZzNyMHNwVm50MGswbQ==YsFRdKzCLuCk7Yg+U+S1CTGik4Lv9PnWuEg5SiADJcdKX1to0LrNKmuCiYIweBAZ
Decrypted: My super secret information.

$ node aes256cbc.js && php aes256cbc.php
Use HTTP header 'x-hmac: 5372ecca442d65f582866cf3b24cb2b6' for validating against MitM-attacks.
Encrypted: YjE0ZzNyMHNwVm50MGswbQ==YsFRdKzCLuCk7Yg+U+S1CYEITF6aozBNp7bA54qY0Ugg9v6ktwoH6nqRyatkFqy8
Decrypted: My super secret information.
Use HTTP header 'x-hmac: 5372ecca442d65f582866cf3b24cb2b6' for validating against MitM-attacks.
Encrypted: YjE0ZzNyMHNwVm50MGswbQ==YsFRdKzCLuCk7Yg+U+S1CYEITF6aozBNp7bA54qY0Ugg9v6ktwoH6nqRyatkFqy8
Decrypted: My super secret information.

最后但并非最不重要的,如果您在php中没有安装openssl模块,您可以使用mcrypt代替,并使用rijndael128pkcs7填充(来源),像这样:

aes256cbc-mcrypt.php(v2)

<?php

function pkcs7pad($message) {
    $padding = 16 - (strlen($message) % 16);
    return $message . str_repeat(chr($padding), $padding);
}

function pkcs7unpad($message) {
    $padding = ord(substr($message, -1));  //get last char and transform it to Int
    return substr($message, 0, -$padding); //remove the last 'padding' string
}

function encrypt ($message, $method, $secret, &$hmac) {
    //$iv = substr(bin2hex(mcrypt_create_iv(mcrypt_get_iv_size($method, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM)),0,16);    //use this in production
    $iv = substr($secret, 0, 16);    //using this for testing purposes (to have the same encryption IV in PHP and Node encryptors)
    $message = pkcs7pad($message);
    $encrypted = base64_encode($iv) . base64_encode(mcrypt_encrypt($method, $secret, $message, MCRYPT_MODE_CBC, $iv));
    $hmac = hash_hmac('md5', $encrypted, $secret);
    return $encrypted;
}

function decrypt ($encrypted, $method, $secret, $hmac) {
    if (hash_hmac('md5', $encrypted, $secret) == $hmac) {
        $iv = base64_decode(substr($encrypted, 0, 24));
        return pkcs7unpad(mcrypt_decrypt($method, $secret , base64_decode(substr($encrypted, 24)) , MCRYPT_MODE_CBC, $iv));
    }
}

function encryptWithTSValidation ($message, $method, $secret, &$hmac) {
    date_default_timezone_set('UTC');
    $message = substr(date('c'),0,19) . "$message";
    return encrypt($message, $method, $secret, $hmac);
}

function decryptWithTSValidation ($encrypted, $method, $secret, $hmac, $intervalThreshold) {
    $decrypted = decrypt($encrypted, $method, $secret, $hmac);
    $now = new DateTime();
    //echo "Decrypted: $decrypted\n";
    $msgDate = new DateTime(str_replace("T"," ",substr($decrypted,0,19)));
    if (($now->getTimestamp() - $msgDate->getTimestamp()) <= $intervalThreshold) {
        return substr($decrypted,19);
    }
}

$message = "My super secret information.";
$method = MCRYPT_RIJNDAEL_128;
$secret = "My32charPasswordAndInitVectorStr";  //must be 32 char length

//$encrypted = encrypt($message, $method, $secret, $hmac);
//$decrypted = decrypt($encrypted, $method, $secret, $hmac);

$encrypted = encryptWithTSValidation($message, $method, $secret, $hmac);
$decrypted = decryptWithTSValidation($encrypted, $method, $secret, $hmac, 60*60*12); //60*60m*12=12h

echo "Use HTTP header 'x-hmac: $hmac' for validating against MitM-attacks.\n";
echo "Encrypted: $encrypted\n";
echo "Decrypted: $decrypted\n";
?>

当然,接下来进行一些测试:

$ php aes256cbc-mcrypt.php && node aes256cbc.js 
Use HTTP header 'x-hmac: 801282a9ed6b2d5bd2254140d7a17582' for validating against MitM-attacks.
Encrypted: YjE0ZzNyMHNwVm50MGswbQ==ipQ+Yah8xoF0C6yjCJr8v9IyatyGeNT2yebrpJZ5xH73H5fFcV1zhqhRGwM0ToGU
Decrypted: My super secret information.
Use HTTP header 'x-hmac: 801282a9ed6b2d5bd2254140d7a17582' for validating against MitM-attacks.
Encrypted: YjE0ZzNyMHNwVm50MGswbQ==ipQ+Yah8xoF0C6yjCJr8v9IyatyGeNT2yebrpJZ5xH73H5fFcV1zhqhRGwM0ToGU
Decrypted: My super secret information.
$ php aes256cbc-mcrypt.php && node aes256cbc.js 
Use HTTP header 'x-hmac: 0ab2bc83108e1e250f6ecd483cd65329' for validating against MitM-attacks.
Encrypted: YjE0ZzNyMHNwVm50MGswbQ==ipQ+Yah8xoF0C6yjCJr8v79P+j4YUl8ln8eu7FDqEdbxMe1Z7BvW8iVUN1qFCiHM
Decrypted: My super secret information.
Use HTTP header 'x-hmac: 0ab2bc83108e1e250f6ecd483cd65329' for validating against MitM-attacks.
Encrypted: YjE0ZzNyMHNwVm50MGswbQ==ipQ+Yah8xoF0C6yjCJr8v79P+j4YUl8ln8eu7FDqEdbxMe1Z7BvW8iVUN1qFCiHM
Decrypted: My super secret information.
IV不应该是秘密的。通常在加密过程中,它会被添加到密文前面,在解密时被切掉。此外,如果您的情况存在中间人攻击的可能性,您应该使用认证加密,例如在密文上使用HMAC或直接使用GCM这样的认证模式。 - Artjom B.
@ArtjomB。感谢您的澄清!我已经修改了我的代码,添加了IV前缀,增加了'hmac'验证,并尝试澄清我试图描述的MitM场景。现在您对此有何看法?谢谢!Ignacio - inieto
节省了我数小时的时间! - steampowered
12

处理对称加密时,首先要意识到它可能会非常麻烦 - 即使当我在复制粘贴自己的代码时,我从来没有一次成功过。这主要是因为加密和解密方法出于设计目的,非常严格,并且很少给出有用的错误消息。一个单独的空字符、回车符、换行符或动态转换类型可能会无声地炸掉整个过程。

知道这一点后,逐步进展。我建议按照以下步骤进行:

首先,让PHP单独工作。传入样本文本,加密它,立即解密它,并将其与原始明文变量进行严格比较。它们完全相同吗?同时输出两者 - 它们的类型是否相同并且看起来完全没有受到影响?注意不可打印字符 - 也要检查长度和字符编码!

现在,用比上一个样本少或多1个字符的另一个样本重复以上步骤。这可以调试块大小/零填充问题 - 这很重要。

如果已经工作 - 而它很少能立刻工作,由于难以预测的原因,继续进行Node.js。

在Node.js中,做与PHP中相同的操作,即使看起来像是浪费努力 - 出于额外的原因,这在一刻钟后会变得明显。在Node.js中一起加密和解密。它能否按照上述所有条件工作?

完成了这些步骤后,接下来是“有趣”的部分:独立使用相同的加密方法在Node.js和PHP中进行加密,让它们都向您输出“最终”准备传输的密文。

如果一切正常,它们应该完全、精确地相同。如果不是,则表示您的加密实现和方法在系统之间不兼容。某些设置错误或冲突(例如零填充或其他可能性,或IV等),或者需要尝试不同的实现。

如果我要瞎猜的话,我会说问题在于base64编码和解码(这是最常见的问题)。由于Web应用程序中二进制数据类型很难调试(通过浏览器),所以事情往往会做两次。有时会对某些东西进行两次编码,但只解码一次,或者一个实现将自动“有用地”进行编码/解码而不清楚它正在做什么等。

还可能是Node和PHP之间的零填充实现问题,如此处所建议:在Node.js中进行AES加密,在PHP中进行解密。失败了。

根据您的错误代码,以上两个问题也是强烈建议考虑的。加密方法预测特定长度的块大小,如果出错,那就意味着传递给函数的数据已损坏-如果单个额外字符滑入,或者如果编码处理不同等等。

如果您按照上述每个步骤逐个步骤走,确保您不能匆忙,并且必须检查每一个费力的微小过程,那么问题出在哪里应该更加明显,然后可以进行故障排除。

2
很好的答案,非常详尽 - nathan hayfield
这可能比提供代码清单更好。此外,在阅读后,似乎没有“答案”可以解决我的问题,除了进行更多的测试和调试。非常感谢。 - Xeos
非常欢迎! 如果您找到了解决方法,请更新一下 - 至少我想知道我的直觉是否正确,或者是否完全不同。 当它起作用时真的很有趣,但对称加密可能会大大影响您的日/周/月,即使您没有像这样跨系统。自然地,如果您缩小范围并使用更多代码,可以随时提出另一个问题(在此处交叉发布“后续问题”的链接很方便)。 - BrianH
1
这是CodeIgniter框架默认解密等效的JS脚本(AES128CBC),希望能对某些人有所帮助。
 let crypto = require("crypto");
 let secret = 'xxxxxxxxxxxxxxxxxxxx';

 // ikm is initial keying material
 var hkdf = function (hashAlg, salt, ikm) {
  this.hashAlg = hashAlg;

  // create the hash alg to see if it exists and get its length
  var hash = crypto.createHash(this.hashAlg);
  this.hashLength = hash.digest().length;
  this.salt = salt || new Buffer(this.hashLength).fill(0).toString();
  this.ikm = ikm;

  // now we compute the PRK
  var hmac = crypto.createHmac(this.hashAlg, this.salt);
  hmac.update(this.ikm);
  this.prk = hmac.digest();
};

hkdf.prototype = {
derive: function(info, size, cb) {
  var prev = new Buffer(0);
  var output;
  var buffers = [];
  var num_blocks = Math.ceil(size / this.hashLength);
  info = new Buffer(info);

  for (var i=0; i<num_blocks; i++) {
    var hmac = crypto.createHmac(this.hashAlg, this.prk);
    hmac.update(prev);
    hmac.update(info);
    hmac.update(new Buffer([i + 1]));
    prev = hmac.digest();
    buffers.push(prev);
  }

  output = Buffer.concat(buffers, size);
  return output;
}
};

  function decrypt(code)
 {
 if (typeof code !== 'string')
    return false;
 code = code.substring(128);
 var buff = new Buffer(code, 'base64');
 var iv = buff.slice(0, 16);
 var encyptedText = buff.slice(16).toString('base64');
 var _hkdf = new hkdf('sha512', null, secret);
 var derive_key = _hkdf.derive('encryption', secret.length);
 var key = derive_key.slice(0, 16);
 var decipher = crypto.createDecipheriv('aes-128-cbc', key, iv);
 var result = decipher.update(encyptedText, 'base64');
 result += decipher.final();
 return result.replace(/[']/g, '');
}
0

基于 @inieto 的回答,我创建了两个简单的加密和解密类,一个用于php,另一个用于typescript,非常易于使用。 https://github.com/5imun/Endecryptor 只需包含/导入它们,您就可以开始使用了。 PHP示例:

#Include Endecryptor before using it
$secret = 'hxXxVEVNa3S6OQdgltNoDkbZ10b0MkQV';
$method = 'AES-256-CBC';
$valid_request_TS_interval = 100; # in seconds
$endecryptor = new Endecryptor($secret, $method, $valid_request_TS_interval );

$original_message = '{"test":"Hello, World!"}';
$endecryptor->encryptWithTS($original_message);

echo "Encrypted message: $endecryptor->temp_encrypted\n";
echo "Encrypted message hmac: $endecryptor->temp_hmac\n";

if ( $endecryptor->decryptAndValidateTS( $endecryptor->temp_encrypted, $endecryptor->temp_hmac ) ) {
  echo "Original message:  $original_message\n";
  echo "Decrypted message: $endecryptor->temp_decrypted\n";
} else {
  echo 'Description was not successful';
}

结果:

Encrypted message: MjliMmM5NzljYWQ0YjA4Mw==ULxsH1juCOrieEkiRpHY1CMkKtvSvB5X+b8E9cOcQ7yYt+SUKj+I6FjaGvYjEldt
Encrypted message: hmac: 5aa8f1b268dfef0dc2f48f1a25204e82
Original  message:  {"test":"Hello, World!"}
Decrypted message: {"test":"Hello, World!"}
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接