請(qǐng)大佬們幫忙一下，使用JavaScript的aesjs進(jìn)行數(shù)據(jù)加密，如何轉(zhuǎn)化成PHP的加密方式

li914 更新于2022-05-10

這是 JavaScript的aesjs進(jìn)行數(shù)據(jù)加密代碼

const aesjs = require('aes-js');
const Counter = aesjs.Counter
const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
const aesSuffix = '12345678'
const hexPrefix = '22222222'
const hexSuffix = '33333333'

const generateRandomNum = (min, max) => {
    if (max === undefined || min === undefined) {
        return false
    }
    const num = Math.floor(Math.random() * (max - min + 1) + min)
    return num
}
//對(duì)稱加解密code
const generateCode = (len = 8) => {
    const maxPos = chars.length
    let code = ''
    for (let i = 0; i < len; i++) {
        const randomNum = generateRandomNum(0, maxPos - 1)
        const char = chars.charAt(randomNum)
        code += char
    }
    return code
}

const encrypt = (data, key) => {
    const hexData = hexPrefix + Buffer.from(data).toString('hex') + hexSuffix
    console.log('hexData == ',hexData)
    console.log('key + aesSuffix == ',key + aesSuffix)
    const cipher = new aesjs.ModeOfOperation.ctr(Buffer.from(key + aesSuffix), new Counter(5))

    const encrypted = cipher.encrypt(Buffer.from(hexData, 'hex'))
    return Buffer.from(aesjs.utils.hex.fromBytes(encrypted)).toString('hex')
}

let key = generateCode();
let pass = encrypt('1a',key);

搞了一下午，沒(méi)有改成PHP的加密方式

 1642  3 0

3個(gè)回答

liziyu 2022-05-09

mark

li914 2022-05-10

額大佬不要mark

nitron 2022-05-10

你這個(gè)沒(méi)寫全啊..
decrypt沒(méi)寫,很多定西都沒(méi)法去,比如encrypt里頭尾加了東西
encrypt寫了, 但是在加密內(nèi)容頭尾加了料 2222222 就是4個(gè)雙引號(hào), 3333333就是4個(gè)3
然后key size是要求16/24/32 bytes的,你這上面對(duì)key也沒(méi)做處理

按照你上面的代碼推斷,大概是下面這樣,你上面的generatecode和generaterandomnum沒(méi)用到,就不寫了

<?php

function run($data, $key) {
    $aesSuffix = '12345678';
    $hexPrefix = '22222222';
    $hexSuffix = '33333333';
    $algorithm = "aes-256-ctr";
    $buffer = bin2hex($data);
    $hexData = "{$hexPrefix}{$buffer}{$hexSuffix}";
    $key = bin2hex("{$key}{$aesSuffix}");
    $iv = "0000000000000005";   // Counter(5);
    // Encrypted
    $encrypted_data = openssl_encrypt($hexData, $algorithm, $key, OPENSSL_RAW_DATA, $iv);
    echo "Encrypted: ".bin2hex($encrypted_data).PHP_EOL;
    //Decrypt
    $decrypted_data = openssl_decrypt($encrypted_data, $algorithm, $key, OPENSSL_RAW_DATA, $iv);
    echo "Decrypted: ".$decrypted_data.PHP_EOL;
    $obuffer = ltrim($decrypted_data, $hexPrefix);
    $obuffer = rtrim($obuffer, $hexSuffix);
    echo $obuffer.PHP_EOL;
    echo hex2bin($obuffer);
}

run("you are not here", "b1234567");

li914 2022-05-10

寫全了，只是忘了寫調(diào)用代碼
nitron 2022-05-10

generatecode就是隨機(jī)從'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'拿8個(gè)出來(lái)當(dāng)key(默認(rèn)8個(gè)),這個(gè)你可以自己實(shí)現(xiàn) , 加上aesSuffix的8個(gè)字母就是 16bytes, 我看aes-js的文檔,根據(jù)key長(zhǎng)度用不同的方式
16位就是用aes-128-ctr. 24是aes-196-ctr, 32是aes-256-ctr. 把我上面的aes-256-ctr改成aes-128-ctr就行
nitron 2022-05-10

實(shí)際上改不改不影響,可以正常加解密
li914 2022-05-10

謝謝大佬今天上午我自己也搞了一個(gè) 只是我對(duì) $hexData $iv 進(jìn)行了 hex2bin 才得到的結(jié)果進(jìn)行了兩次 bin2hex 才得到j(luò)s的結(jié)果

li914 2022-05-10

nitron 2022-05-10

[捂臉],我寫的時(shí)候忘記把iv轉(zhuǎn)了, 因?yàn)閏ounter(5)實(shí)際就是js的[00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,05],
下午忙里偷閑寫的,就驗(yàn)證了enc和dec的結(jié)果是否一致,沒(méi)有去跟你那個(gè)js的enc/dec做比較
li914 2022-05-10

大佬威武
li914 2022-05-10

謝謝大佬
nitron 2022-05-10

補(bǔ)充一下,你那個(gè)$aesSuffix,$hexPrefix,$hexSuffix,還有iv可以單獨(dú)提出來(lái)做類成員,這樣做decrypt的時(shí)候會(huì)方便點(diǎn)
nitron 2022-05-10

我不是大佬,你客氣了
li914 2022-05-10

我只是進(jìn)行寫驗(yàn)證以及測(cè)試，具體使用不是我 --.--