沙滩星空的博客DESEncrypt.php.class场景:
PHP与Java加解密交互。
java的ecb模式不用设置偏移量, cbc模式的需要设置偏移量
- 初始化向量iv的长度可用
openssl_cipher_iv_length函数确定 - 可用
openssl_random_pseudo_bytes函数生成随机的初始化向量iv
PHP版DES算法加密数据(3DES),可与java的DES(DESede/CBC/PKCS5Padding)加密方式兼容
$ava_methods = openssl_get_cipher_methods();
$my_method = 'DES-EDE3-CBC';
if ( !in_array( strtolower($my_method), $ava_methods ) ) {
print_r($ava_methods);
exit( '错误的加密方法'.$my_method.PHP_EOL );
}
// 处理iv向量的两行代码
$iv_length = openssl_cipher_iv_length($my_method);
$iv = openssl_random_pseudo_bytes($iv_length);
openssl_encrypt($str, 'des-ede3-cbc', $des_key, OPENSSL_RAW_DATA, $iv)
DES加密的分组加密的模式为“ECB”,最后一个分组的填充方式为“PKCS5Padding”
function pkcsPadding($str, $blocksize)
{
$pad = $blocksize - (strlen($str) % $blocksize);
return $str . str_repeat(chr($pad), $pad);
}
$str = pkcsPadding($str, 8);
openssl_encrypt($str, 'DES-ECB', $des_key, OPENSSL_RAW_DATA, $iv)
DES加解密类:
/**
* openssl 实现的 DES 加密类,支持各种 PHP 版本
* @link https://www.jianshu.com/p/546137b8ac7a?utm_campaign=maleskine&utm_content=note&utm_medium=seo_notes&utm_source=recommendation
* @link https://blog.csdn.net/qq_18870023/article/details/52180768 java加解密之DES多种使用方式
* @link https://www.php.net/manual/zh/function.openssl-encrypt.php PHP官方文档
*/
class DESEncrypt
{
/**
* @var string $method 加解密方法,可通过 openssl_get_cipher_methods() 获得
*/
protected $method;
/**
* @var string $key 加解密的密钥
*/
protected $key;
/**
* @var string $output 输出格式 无、base64、hex
*/
protected $output;
/**
* @var string $iv 加解密的向量
*/
protected $iv;
/**
* @var string $options
*/
protected $options;
// output 的类型
const OUTPUT_NULL = '';
const OUTPUT_BASE64 = 'base64';
const OUTPUT_HEX = 'hex';
/**
* DES constructor.
* @param string $key
* @param string $method 加解密方法,可通过 openssl_get_cipher_methods() 获得
* ECB DES-ECB、DES-EDE3 (为 ECB 模式时,$iv 为空即可)
* CBC DES-CBC、DES-EDE3-CBC、DESX-CBC
* CFB DES-CFB8、DES-EDE3-CFB8
* CTR
* OFB
*
* @param string $output
* base64、hex
*
* @param string $iv
* @param int $options
*/
public function __construct($key, $method = 'DES-ECB', $output = '', $iv = '', $options = OPENSSL_RAW_DATA | OPENSSL_NO_PADDING)
{
$this->key = $key;
$this->method = $method;
$this->output = $output;
$this->iv = $iv;
$this->options = $options;
}
// 加解密的向量 des-ecb iv偏移量可以为不填,为空字符串
static public function getIv($my_method){
$ava_methods = openssl_get_cipher_methods();
if ( !in_array( strtolower($my_method), $ava_methods ) ) {
print_r($ava_methods);
exit( '错误的加密方法'.$my_method.PHP_EOL );
}
// 处理iv向量的两行代码
$iv_length = openssl_cipher_iv_length( $my_method );
$iv = openssl_random_pseudo_bytes( $iv_length );
return $iv;
}
/**
* 加密
*
* @param $str
* @return string
*/
public function encrypt($str)
{
$str = $this->pkcsPadding($str, 8);
$sign = openssl_encrypt($str, $this->method, $this->key, $this->options, $this->iv);
if ($this->output == self::OUTPUT_BASE64) {
$sign = base64_encode($sign);
} else if ($this->output == self::OUTPUT_HEX) {
$sign = bin2hex($sign);
}
return $sign;
}
/**
* 解密
*
* @param $encrypted
* @return string
*/
public function decrypt($encrypted)
{
if ($this->output == self::OUTPUT_BASE64) {
$encrypted = base64_decode($encrypted);
} else if ($this->output == self::OUTPUT_HEX) {
$encrypted = hex2bin($encrypted);
}
$sign = @openssl_decrypt($encrypted, $this->method, $this->key, $this->options, $this->iv);
$sign = $this->unPkcsPadding($sign);
$sign = rtrim($sign);
return $sign;
}
/**
* 填充
*
* @param $str
* @param $blocksize
* @return string
*/
private function pkcsPadding($str, $blocksize)
{
$pad = $blocksize - (strlen($str) % $blocksize);
return $str . str_repeat(chr($pad), $pad);
}
/**
* 去填充
*
* @param $str
* @return string
*/
private function unPkcsPadding($str)
{
$pad = ord($str{strlen($str) - 1});
if ($pad > strlen($str)) {
return false;
}
return substr($str, 0, -1 * $pad);
}
}
$key = 'key123456';
$iv = 'iv123456';
// DES CBC 加解密
$des = new DESEncrypt($key, 'DES-CBC', DES::OUTPUT_BASE64, $iv);
echo $base64Sign = $des->encrypt('Hello DES CBC');
echo "\n";
echo $des->decrypt($base64Sign);
echo "\n";
// DES ECB 加解密 $iv 可留空
$des = new DESEncrypt($key, 'DES-ECB', DES::OUTPUT_HEX);
echo $base64Sign = $des->encrypt('Hello DES ECB');
echo "\n";
echo $des->decrypt($base64Sign);
php中实现3DES算法(ECB加密模式PKCS5Padding填充) https://blog.csdn.net/liangxun0712/article/details/78615365
PHP使用openssl_encrypt进行aes对称加密AES/CBC/PKCS5Padding与JAVA互通 https://blog.csdn.net/baidu_22309415/article/details/90247613
PHP版DES算法加密数据(3DES)另附openssl_encrypt版本 https://www.cnblogs.com/xiami2046/p/12693237.html