26/04/2012, 09:16
|
| | | Fecha de Ingreso: septiembre-2010 Ubicación: Madrid
Mensajes: 44
Antigüedad: 13 años, 7 meses Puntos: 0 | |
| Encriptar en AES128 en un sitio y desencriptar en otro
Hola gente,
Tengo un código PHP en un server con un enlace que manda un parámetro codificado en AES128 de este tipo:
<a href="otroserver.php?param=estocodificadoenAES128" />Click</a>
En otroserver.php tengo el código en teoría para descifrarlo, pero por más que lo intento no lo logro. La idea es coger ese parámetro y descodificarlo.
En codificar.php tengo el siguiente código
Código:
<?php
// This PHP code snippet provides a basic understanding of
// PHP's AES encryption.
// The first thing to understand is the meaning of these constants:
// MCRYPT_RIJNDAEL_128
// MCRYPT_RIJNDAEL_192
// MCRYPT_RIJNDAEL_256
// You would think that MCRYPT_RIJNDAEL_256 specifies 256-bit encryption,
// but that is wrong. The three choices specify the block-size to be used
// with Rijndael encryption. They say nothing about the key size (i.e. strength)
// of the encryption. (Read further to understand how the strength of the
// AES encryption is set.)
//
// The Rijndael encyrption algorithm is a block cipher. It operates on discrete
// blocks of data. Padding MUST be added such that
// the data to be encrypted has a length that is a multiple of the block size.
// (PHP pads with NULL bytes)
// Thus, if you specify MCRYPT_RIJNDAEL_256, your encrypted output will always
// be a multiple of 32 bytes (i.e. 256 bits). If you specify MCRYPT_RIJNDAEL_128,
// your encrypted output will always be a multiple of 16 bytes.
//
// Note: Strictly speaking, AES is not precisely Rijndael (although in practice
// they are used interchangeably) as Rijndael supports a larger range of block
// and key sizes; AES has a fixed block size of 128 bits and a key size of
// 128, 192, or 256 bits, whereas Rijndael can be specified with key and block
// sizes in any multiple of 32 bits, with a minimum of 128 bits and a maximum of
// 256 bits.
// In summary: If you want to be AES compliant, always choose MCRYPT_RIJNDAEL_128.
//
// So the first step is to create the cipher object:
$cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
// We're using CBC mode (cipher-block chaining). Block cipher modes are detailed
// here: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
// CBC mode requires an initialization vector. The size of the IV (initialization
// vector) is always equal to the block-size. (It is NOT equal to the key size.)
// Given that our block size is 128-bits, the IV is also 128-bits (i.e. 16 bytes).
// Thus, for AES encryption, the IV is always 16 bytes regardless of the
// strength of encryption.
//
// Here's some PHP code to verify our IV size:
$iv_size = mcrypt_enc_get_iv_size($cipher);
printf("iv_size = %d\n",$iv_size);
// How do you do 256-bit AES encryption in PHP vs. 128-bit AES encryption???
// The answer is: Give it a key that's 32 bytes long as opposed to 16 bytes long.
// For example:
$key128 = '1234567890123456';
// Here's our 128-bit IV which is used for both 256-bit and 128-bit keys.
$iv = '1234567890123456';
/*printf("iv: %s\n",bin2hex($iv));
printf("key256: %s\n",bin2hex($key256));
printf("key128: %s\n",bin2hex($key128));*/
// This is the plain-text to be encrypted:
$cleartext = 'The quick brown fox jumped over the lazy dog';
printf("plainText: %s\n\n",$cleartext);
// Now let's do 128-bit encryption:
if (mcrypt_generic_init($cipher, $key128, $iv) != -1)
{
// PHP pads with NULL bytes if $cleartext is not a multiple of the block size..
$cipherText = mcrypt_generic($cipher,$cleartext );
mcrypt_generic_deinit($cipher);
// Display the result in hex.
//printf("128-bit encrypted result:\n%s\n\n",bin2hex($cipherText));
printf("128-bit encrypted result:\n%s\n\n",$cipherText);
}
//echo ('<p><a href=test4b.php?param='.bin2hex($cipherText).'>Clickme</a></p>');
echo ('<p><a href=test4b.php?param='.$cipherText.'>Clickme</a></p>');
?>
Y en test4b lo siguiente:
Código:
<?php
$cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
$encryptedData = $_GET['param'];
// How do you do 256-bit AES encryption in PHP vs. 128-bit AES encryption???
// The answer is: Give it a key that's 32 bytes long as opposed to 16 bytes long.
// For example:
$key128 = '1234567890123456';
// Here's our 128-bit IV which is used for both 256-bit and 128-bit keys.
$iv = '1234567890123456';
/*printf("iv: %s\n",bin2hex($iv));
printf("key128: %s\n",bin2hex($key128));*/
/* Reinitialize buffers for decryption */
mcrypt_generic_init($cipher, $key128, $iv);
$p_t = mdecrypt_generic($cipher, $encryptedData);
/* Clean up */
mcrypt_generic_deinit($cipher);
mcrypt_module_close($cipher);
//print_r("DEC: ".bin2hex($p_t));
print_r("DEC: ".$p_t);
?>
Alguna idea?? |