PHP AES/CBC/PKCS7Padding的加密与解密 # 背景 公司要求使用微信一物一码功能进行二维码喷印,拿到微信一物一码二维码包后需要解密。 微信文档: https://developers.weixin.qq.com/doc/offiaccount/Unique_Item_Code/Unique_Item_Code_API_Documentation.html ``` 微信文档解密说明 实名数据的加密方式使用AES的CBC模式,iv使用加解密钥,填充使用PKCS7Padding,最后使用base64进行编码。 解密时,先进行base64解码,然后使用密钥及AES/CBC/PKCS7Padding进行解密。 密钥在申请实名接口权限时,会提供到申请方。 ``` # 解码 ```php //$response为微信返回的结果集,$pass为秘钥 $file_buffer = base64_decode($response['buffer']); $decyypt = openssl_decrypt($file_buffer, 'AES-128-CBC', self::$pass, OPENSSL_RAW_DATA, self::$pass); file_put_contents("1.txt", $decyypt); ``` # 拓展 ## 解密 使用PHP自带函数<a href="https://www.php.net/manual/en/function.openssl-decrypt.php" traget="_blank">openssl_decrypt</a> 该函数支持(PHP 5 >= 5.3.0, PHP 7) 使用方法为: ``` openssl_decrypt($data, $method, $password, $options, $iv) //如果是PKCS7Padding,则在拓展中传入OPENSSL_RAW_DATA //openssl_decrypt("带解密字符串","解密方法","秘钥","拓展","iv"); ``` ``` //$method参数 Array ( [0] => AES-128-CBC [1] => AES-128-CFB [2] => AES-128-CFB1 [3] => AES-128-CFB8 [5] => AES-128-OFB [6] => AES-192-CBC [7] => AES-192-CFB [8] => AES-192-CFB1 [9] => AES-192-CFB8 [11] => AES-192-OFB [12] => AES-256-CBC [13] => AES-256-CFB [14] => AES-256-CFB1 [15] => AES-256-CFB8 [17] => AES-256-OFB [18] => BF-CBC [19] => BF-CFB [21] => BF-OFB [22] => CAST5-CBC [23] => CAST5-CFB [25] => CAST5-OFB [41] => IDEA-CBC [42] => IDEA-CFB [44] => IDEA-OFB [53] => aes-128-cbc [54] => aes-128-cfb [55] => aes-128-cfb1 [56] => aes-128-cfb8 [58] => aes-128-ofb [59] => aes-192-cbc [60] => aes-192-cfb [61] => aes-192-cfb1 [62] => aes-192-cfb8 [64] => aes-192-ofb [65] => aes-256-cbc [66] => aes-256-cfb [67] => aes-256-cfb1 [68] => aes-256-cfb8 [70] => aes-256-ofb [71] => bf-cbc [72] => bf-cfb [74] => bf-ofb [75] => cast5-cbc [76] => cast5-cfb [78] => cast5-ofb [94] => idea-cbc [95] => idea-cfb [97] => idea-ofb ) ``` ## 加密 同理,加密用到的方法<a href="https://www.php.net/manual/en/function.openssl-encrypt.php" traget="_blank">openssl_decrypt</a> ``` //使用方法 openssl_encrypt($data, $method, $password, $options, $iv) ``` # 附录 微信一物一码的开发可以参看我的另一篇文章<a href="http://chenls.me/blog/details.html?id=62" target="_blank">传送门</a>