2

我已经通过在 CI 中对它们进行编码来存储登录名、密码等凭据,例如-

$login = "foo@example.com";
$this->load->library('encrypt');
$encrypted = $this->encrypt->encode($login);
//Then stored it in db

现在我的一个 python 代码想要获取实际的凭据。所以通过观察 CI 的解码,我在 python 中编写了我自己的 Decrypt 模块——

// Like CI get_key
def getKey(self, key):
            self.log.info("In getKey method with key : %s"%key)
            md5Key = hashlib.md5()
            md5Key.update(key)
            return md5Key.hexdigest()

// Like CI base64_decode
def getBase64Decode(self, encString):
            self.log.info("In getBase64Decode.")
            b64DecString = base64.b64decode(encString)
            return b64DecString

// Like CI _xor_decode
def xorDecode(self, string, key):
            self.log.info("In xorDecode method with string : %s and key : %s"%(string, key))
            mString = self.xorMerge(string, key)
            if mString == self.FAILED:
                    self.log.info("xorMerge Failed!")
                    return self.FAILED
            self.log.info("xor Merge returned %s"%mString)
            dec = ''
            for (x, y) in izip(mString[1:], cycle(mString)):
                   dec += ''.join(chr(ord(x) ^ ord(y)))

// Like CI _xor_merge
def xorMerge(self, string, key):
            self.log.info("In xorMerge method. with string : %s and key : %s"%(string, key))
            hashString = self.hashMethod(key)
            if hashString == self.FAILED:
                    self.log.info("hasMethod failed!")
                    return self.FAILED
            self.log.info("hash method retured : %s"%hashString)
            xored = ''
            for (x, y) in izip(string, cycle(hashString)):
                   xored += ''.join(chr(ord(x) ^ ord(y)))

// Like CI hash
def hashMethod(self, key):
            self.log.info("In hash method with key : %s"%key)
            hashStr = ''
            try:
                    hashStr = hashlib.sha1(key).hexdigest()
            except Exception, e:
                    self.log.info("Exception in sha1 %s"%str(e))
                    return self.FAILED
            return hashStr

// Like CI decode
def decode(self, string):
            self.log.info("In decode method. Decoding string : %s"%string)
            securitySection = "security"
            keyItem = "key"
            key = self.config.get(securitySection, keyItem)
            if not key:
                    self.log.info("Key Invalid")
                    return  self.FAILED
            key = self.getKey(key)
            self.log.info("Encrypted key : %s"%key)
            dec = self.getBase64Decode(string)
            self.log.info("b64decoded string : %s"%dec)
            xorDec = self.xorDecode(dec, key)
            if xorDec == self.FAILED:
                    self.log.info("Decoding failed!")
                    return self.FAILED
            self.log.info("Decoded string: %s"%xorDec)
            return xorDec

以上所有方法都写在 Decrypt 模块的 Decrypt 类中。

因此,当我将加密字符串传递给 decode 方法时,我得到了一些奇怪的 unicode 字符串,而不是实际的凭据。当我用 CI 检查它时,xorMerge上面的代码不会产生与_xor_mergeCI 中给出的相同的输出。我究竟做错了什么?

4

2 回答 2

0

如果你使用相同encoding/decoding standard的并且same encryption key你应该没有语言之间的问题

于 2013-04-05T10:40:15.163 回答
0

我编写了一个 python 模块来“使用加密库解密在 CodeIgniter 中加密的内容”。这里checkout的代码

于 2013-04-09T10:22:05.537 回答