#1號
#2是(見下文)
#3沒有
#4沒有,它看起來好像沒什麼問題
#5,請試試這個用PHP實現你的加密數據。我沒有測試過它。
<?php
function pbkdf2($p, $s, $c, $kl, $a = 'sha1') {
$hl = strlen(hash($a, null, true)); # Hash length
$kb = ceil($kl/$hl); # Key blocks to compute
$dk = ''; # Derived key
# Create key
for ($block = 1; $block <= $kb; $block ++) {
# Initial hash for this block
$ib = $b = hash_hmac($a, $s . pack('N', $block), $p, true);
# Perform block iterations
for ($i = 1; $i < $c; $i ++)
# XOR each iterate
$ib ^= ($b = hash_hmac($a, $b, $p, true));
$dk .= $ib; # Append iterated block
}
# Return derived key of correct length
return substr($dk, 0, $kl);
}
//Usage example (Decryption by PHP)
$ciphertext_b64 = "owiCMbopBmr+NvjBEUT2Hg==";
$password = "password";
$salt = "g46dzQ80"; //Please change to the salt you are using. Copied from the referenced answer code.
//This is the key derivation part. I think .net uses 1000 iterations of sha1.
$key = pbkdf2($password, $salt, 1000, 32, "sha1");
$iv = "OFRna74m*aze01xY"; //Again, I copied the IV from the .NET code in the answer you referenced.
$plaintext = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($ciphertext_b64), MCRYPT_MODE_CBC, $iv), "\0");
echo $plaintext;
// Output = hello
這是不可能的東西。您必須在PHP中重新創建相同的密鑰派生代碼。提示:這可能是PBKDF2。您必須問自己,您是需要基於密碼的解決方案還是基於密鑰的解決方案。 –
因此,在仔細閱讀代碼後,我需要做的是從原密碼/密鑰和鹽中派生出一組新字節用作解密密鑰?我有這個權利嗎?這意味着我仍然需要在PHP中實現'Rfc2898DeriveBytes',如@ Ospho的答案中所述,我假設? – Arcandio