An article explaining in detail how to implement AES-128-CBC-PKCS5Padding encryption in PHP

I’ve recently been responsible for docking APIs at work. During the data interface interaction process, it is inevitable that some sensitive data will be transmitted. In order to make the data interaction more secure, the data is encrypted.

The other party’s request is to AES-128-CBC-PKCS5Padding encrypt the business data of the interface, and then Base64encode it and submit the final string. , the key and initialization vector (offset) corresponding to the encryption method are also given.

After first seeing this encryption method, I searched in the PHP function library to see if there was a corresponding encryption function. However, after searching around, I found that there was not one. I needed to implement it myself. Later I learned that It can be implemented with the mcrypt function extension, but the mcrypt function has been abandoned since PHP 7.1.0. It is strongly recommended not to use this function. I have to look for other encryption function libraries. I saw the OpenSSL function at the bottom of the manual. By understanding openssl_encrypt (encrypted data ) Function discovery can meet the requirements, please read the manual for specific usage of openssl_encrypt [Recommendation: PHP Video Tutorial]

The implementation function is as follows:

  function encrypt($input, $key, $iv){
      return base64_encode(openssl_encrypt($input, 'AES-128-CBC', $key, OPENSSL_RAW_DATA,$iv));
  }

  // 解密
  function decrypt($input, $key, $iv){
      return openssl_decrypt(base64_decode($input), 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);
  }

  // 测试加密 (我这里用的是json字符串)
  $dataJson = '[{"Code": "123123", "Name": "Bob", "Address": "\u94f6\u5ddd\u5e02"}, {"Code": "464776", "Name": "Hello", "Address": "\u5317\u4eac\u5e02"}]';
  print_r(encrypt($dataJson, $key, $iv));
  //u9Bd8oHXDGvjZcTIX9HK1r1q+aSu+/48gsfoGVrxoScZuX8yaj/xco8F2yHt2T987JNHil9LwjAmu9o5NJaicWQDaiKwMD5o70k1A9bGjDd71xb4hXRx3ddZwI85oTQQEUQLadR5C759SdaN8AOxlzH+yGlAWTOaEleulKoRTwaknG1NCM/qIRQ8gI5lzv+D

  // 测试解密
  $strr = 'u9Bd8oHXDGvjZcTIX9HK1r1q+aSu+/48gsfoGVrxoScZuX8yaj/xco8F2yHt2T987JNHil9LwjAmu9o5NJaicWQDaiKwMD5o70k1A9bGjDd71xb4hXRx3ddZwI85oTQQEUQLadR5C759SdaN8AOxlzH+yGlAWTOaEleulKoRTwaknG1NCM/qIRQ8gI5lzv+D';
  print_r(decrypt($strr, $key, $iv));
  // [{"Code": "123123", "Name": "Bob", "Address": "\u94f6\u5ddd\u5e02"}, {"Code": "464776", "Name": "Hello", "Address": "\u5317\u4eac\u5e02"}]

I passed the self-test and sat back and waited for the joint debugging with a proud look on my face. Then I started writing about other business. After a few days, a joint debugging found that the other party could not decrypt what I encrypted, and I could not decrypt what the other party encrypted. The encryption algorithm did not match (scratching my head. After searching related issues on Google, I found a sentence, The general meaning is that in the abandoned mcrypt encryption library, 128 actually refers to the block size rather than the key size, but in aes-128-cbc in openssl, 128 refers to the key size, that is , when using valid 256-bit keys, they are all aes-256, and if you want to convert mcrypt to openssl's encryption method, mcrypt's 128 needs to be written as openssl's 256, so I changed it with the attitude of giving it a try. aes-128-cbc is aes-256-cbc, and then debugged, and finally found that the joint debugging passed. However, the specific technical details are not very clear. I will modify and use it like this first, and then study it when I have time.

> **解决的方案，是把加密方式 AES-128-CBC 替换成 AES-256-CBC**

The above is the detailed content of An article explaining in detail how to implement AES-128-CBC-PKCS5Padding encryption in PHP. For more information, please follow other related articles on the PHP Chinese website!