php - PHP 3DES 解密显示奇怪（坏）字符

Question

我有一个 PHP 表单，我已经为其实现了 3des 加密/解密。从前端提交并插入信息到数据库后，我想读出后端的信息。

解密我的表单信息而不是正确的字符后，它只会为我返回一些不好的字符，例如：�СU�k�8��t�ó�2(�f�B。我该如何解决这个问题？

这是我的源代码：

   <?php
function encrypt($clear, $key , $base64 = true)
  {
    if (!$clear)
      return '';
    $clear = pack("a*H2", $clear, "80");

    if (function_exists('mcrypt_module_open') &&
        ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, "")))
    {
      $iv = create_iv(mcrypt_enc_get_iv_size($td));
      mcrypt_generic_init($td, $key, $iv);
      $cipher = $iv . mcrypt_generic($td, $clear);
      mcrypt_generic_deinit($td);
      mcrypt_module_close($td);
    }
    else {
      @include_once('des.inc');

      if (function_exists('des')) {
        $des_iv_size = 8;
        $iv = create_iv($des_iv_size);
        $cipher = $iv . des($key, $clear, 1, 1, $iv);
      }
      else {
        raise_error(array(
          'code' => 500, 'type' => 'php',
          'file' => __FILE__, 'line' => __LINE__,
          'message' => "Could not perform encryption; make sure Mcrypt is installed or lib/des.inc is available"
        ), true, true);
      }
    }
    return $base64 ? base64_encode($cipher) : $cipher;

  }


function decrypt($cipher, $key , $base64 = true)
  {
    if (!$cipher)
      return '';

    $cipher = $base64 ? base64_decode($cipher) : $cipher;

    if (function_exists('mcrypt_module_open') &&
        ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, "")))
    {
      $iv_size = mcrypt_enc_get_iv_size($td);
      $iv = substr($cipher, 0, $iv_size);

      // session corruption? (#1485970)
      if (strlen($iv) < $iv_size)
        return '';

      $cipher = substr($cipher, $iv_size);
      mcrypt_generic_init($td, $key, $iv);
      $clear = mdecrypt_generic($td, $cipher);
      mcrypt_generic_deinit($td);
      mcrypt_module_close($td);
    }
    else {
      @include_once('lib/des.inc');

      if (function_exists('des')) {
        $des_iv_size = 8;
        $iv = substr($cipher, 0, $des_iv_size);
        $cipher = substr($cipher, $des_iv_size);
        $clear = des($this->config->get_crypto_key($key), $cipher, 0, 1, $iv);
      }
      else {
        raise_error(array(
          'code' => 500, 'type' => 'php',
          'file' => __FILE__, 'line' => __LINE__,
          'message' => "Could not perform decryption; make sure Mcrypt is installed or lib/des.inc is available"
        ), true, true);
      }
    }

    /*-
     * Trim PHP's padding and the canary byte; see note in
     * rcmail::encrypt() and http://php.net/mcrypt_generic#68082
     */
    $clear = substr(rtrim($clear, "\0"), 0, -1);

    return $clear;
  }


function create_iv($size)
  {
    $iv = '';
    for ($i = 0; $i < $size; $i++)
        $iv .= chr(mt_rand(0, 255));
    return $iv;
  }

**echo decrypt('ijvdfvf1==+Ac44tgLHdAL+w7O2MiiIZplC','s&gs1?m5l8PQIOGckvxDT4kR',true);**

?>

我想加密和解密表单中的 UTF-8 字符。

score 0 · Accepted Answer

I think you have forgotten one $cipher = substr($cipher, $des_iv_size); in the mcrypt part of your decrypt function.

Furthermore you should explicitly convert strings to (and from) UTF-8 encoding if you want to support UTF-8.

Finally it seems you are using single DES if 3DES is not available. Is that on purpose?

php - PHP 3DES 解密显示奇怪（坏）字符

1 回答 1

Related

Reference