我在JavaScript中加密我的用户密码,如下所示:
var encryptedPassword = CryptoJS.AES.encrypt(password, "Secret Passphrase");
它工作正常,但现在我试图在服务器端解密PHP,如下所示:
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
$decryptPassword = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, "Secret Passphrase", base64_decode($password), MCRYPT_MODE_CBC, $iv);
它根本不起作用,解密的密码字符串看起来很奇怪:
string(64) ">?OX2MS???v?<$????i????_??P???\??=?_6(?m????,4WT7??a"
以下是有用评论之后我的JavaScript代码的当前状态:
var encryptedPassword = CryptoJS.AES.encrypt(password, "Secret Passphrase");
var ivHex = encryptedPassword.iv.toString();
var ivSize = encryptedPassword.algorithm.ivSize; // same as blockSize
var keySize = encryptedPassword.algorithm.keySize;
var keyHex = encryptedPassword.key.toString();
var saltHex = encryptedPassword.salt.toString(); // must be sent
var openSslFormattedCipherTextString = encryptedPassword.toString(); // not used
var cipherTextHex = encryptedPassword.ciphertext.toString(); // must be sent
我将saltHex和CipherTextHex发送到PHP服务器,我正在使用mcrypt_decrypt(),如下所示:
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), $saltHex); …