我必须加密一些数据,以便通过PBEWITHSHAAND3-KEYTRIPLEDES-CBC将其发送到第三方服务。
我有这个工作示例Java代码,由第三方提供:
String algorithm = "PBEWITHSHAAND3-KEYTRIPLEDES-CBC";
String password = "eKhfdPKO54OddrfgghuBGHsA5BGTYHon";
byte[] salt = {-87, -101, -56, 50, 86, 52, -29, 3};
int iterations = 19;
String text = "foobar";
Provider bouncy = new org.bouncycastle.jce.provider.BouncyCastleProvider();
Security.addProvider(bouncy);
KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, iterations);
SecretKey key = SecretKeyFactory.getInstance(algorithm, bouncy).generateSecret(keySpec);
Cipher cipher = Cipher.getInstance(algorithm, bouncy);
cipher.init(1, key, new PBEParameterSpec(salt, iterations));
System.out.println(new String(Base64.getEncoder().encode(cipher.doFinal(text.getBytes("UTF8")))));
// Output: kaxAiR1Qb9s=
这是使用phpseclib
的我(不工作)PHP代码:
$hash = 'sha1';
$kdf = 'pkcs12';
$password = 'eKhfdPKO54OddrfgghuBGHsA5BGTYHon';
$salt = chr(-87) . chr(-101) . chr(-56) . chr(50) . chr(86) . chr(52) . chr(-29) . chr(3);
$iterations = 19;
$text = "foobar";
$cipher = new \phpseclib\Crypt\TripleDES('cbc');
$cipher->setPassword($password, $kdf, $hash, $salt, $iterations);
echo base64_encode($cipher->encrypt($text));
// Output: daAlVF+JjNg=
问题:如何使我的PHP代码生成与Java相同的输出?
最后我找到了解决方案!
我从Java版本中提取了生成的密钥和IV字节:
byte[] keyBytes = key.getEncoded();
byte[] iv = cipher.getIV();
并直接在PHP中使用它:
$key = chr(208) . chr(193) . chr(208) . chr(49) . chr(81) . chr(84) . chr(244) . chr(181) . chr(234) . chr(244) . chr(94) . chr(164) . chr(44) . chr(55) . chr(244) . chr(64) . chr(233) . chr(97) . chr(4) . chr(64) . chr(179) . chr(155) . chr(161) . chr(155);
$iv = chr(187) . chr(159) . chr(143) . chr(131) . chr(24) . chr(115) . chr(157) . chr(64);
$text = "foobar";
echo openssl_encrypt($text, 'DES-EDE3-CBC', $key, 0, $iv);
// Output: kaxAiR1Qb9s=
您甚至可以将密钥和IV编码到base64中,以便可以轻松地在配置文件中编写它们:
$key = base64_decode('0MHQMVFU9LXq9F6kLDf0QOlhBECzm6Gb');
$iv = base64_decode('u5+PgxhznUA=');
谢谢大家!