1

我制作了这段代码来加密数据库中的数据(在测试期间它被存储为纯文本):

try {
$link = new PDO("mysql:host=localhost;dbname=MAIN", 'USER', 'PASSWORD');
$stmt = $link->prepare("SELECT * FROM workers WHERE crypt = '0'");
$stmt->execute();
$prepared = $stmt->fetchAll(PDO::FETCH_ASSOC);

$sentinel = mcrypt_module_open(MCRYPT_3DES,'',MCRYPT_MODE_CBC,'');
$key_c = substr(sha1(microtime()),0,24);
$iv = substr(sha1(microtime()),24,8);
mcrypt_generic_init($sentinel, $key_c, $iv);
for($key=0; $key<count($prepared); $key++)
{



    $sort = mcrypt_generic($sentinel, $prepared[$key]['sort']);
    $account = mcrypt_generic($sentinel, $prepared[$key]['account']);
    $bank_name = mcrypt_generic($sentinel, $prepared[$key]['bank_name']);
    $bank_holder = mcrypt_generic($sentinel, $prepared[$key]['bank_holder']);
    $address = mcrypt_generic($sentinel, $prepared[$key]['address']);
    $post_code = mcrypt_generic($sentinel, $prepared[$key]['post_code']);

    $mobile = mcrypt_generic($sentinel, $prepared[$key]['mobile']);
    $phone = mcrypt_generic($sentinel, $prepared[$key]['phone']);

    $kin_name = mcrypt_generic($sentinel, $prepared[$key]['kin_name']);
    $kin_rel = mcrypt_generic($sentinel, $prepared[$key]['kin_relation']);
    $kin_phone = mcrypt_generic($sentinel, $prepared[$key]['kin_phone']);



$stmt = null;
$stmt = $link->prepare("UPDATE workers SET sort = :sort, account = :acc, bank_name = :bank_name, bank_holder = :bank_holder, address = :address, post_code = :post_code, crypt = '1', mobile = :mobile, phone = :phone, kin_name = :kin_name, kin_relation = :kin_rel, kin_phone = :kin_phone WHERE reference = :id");

$stmt->bindParam('sort', base64_encode($sort));
$stmt->bindParam('acc',base64_encode($account));
$stmt->bindParam('bank_name', base64_encode($bank_name));
$stmt->bindParam('bank_holder', base64_encode($bank_holder));
$stmt->bindParam('address', base64_encode($address));
$stmt->bindParam('post_code', base64_encode($post_code));
$stmt->bindParam('mobile', base64_encode($mobile));
$stmt->bindParam('phone', base64_encode($phone));
$stmt->bindParam('kin_name', base64_encode($kin_name));
$stmt->bindParam('kin_rel', base64_encode($kin_rel));
$stmt->bindParam('kin_phone', base64_encode($kin_phone));
$stmt->bindParam('id',$prepared[$key]['reference']);

$stmt->execute();

$stmt=null;

$stmt= $link->prepare('INSERT INTO crypt VALUES (\'\', :id, :key, :iv);');
$stmt->bindParam('id', $prepared[$key]['reference']);
$stmt->bindParam('key', base64_encode($key_c));
$stmt->bindParam('iv',base64_encode($iv));

$stmt->execute();
}
} catch (PDOException $e) {

var_dump($e);
}

数据库中的一切看起来都很好。直到我尝试解密数据...:

$lnk=new PDO("mysql:host=localhost;dbname=MAIN", 'USER', 'PASSWORD');
$stmt=$lnk->prepare("SELECT * FROM crypt WHERE reference = :ref");
$stmt->bindValue('ref', $result['reference']);
$stmt->execute();
$crypt = $stmt->fetch(PDO::FETCH_ASSOC);
        $key_c = base64_decode($crypt['key']);
        $iv = base64_decode($crypt['iv']);

print mcrypt_decrypt ( MCRYPT_3DES , $key_c , base64_decode($result['address']) , MCRYPT_MODE_CBC , $iv)."<br />";

所有数据都已到位,base64 编码的密钥和向量一切都很完美,但地址的解密显示如下输出:

8×Áê kâäase 大道

这个问题与所有数据有关......

谁能解释为什么会这样?

PHP 版本 5.3.15 MCrypt 版本 2.5.8

4

1 回答 1

1

编码 IV 时出现问题。如果 IV 值不正确,则(仅)解密输出的前 8 个字节将不正确,可能是8×Áê kâä. se Avenue很可能是正确的。

于 2012-12-27T15:08:50.630 回答