lua 与 php 通过AES数据加密进行通讯
来源:互联网 发布:linq过滤重复数据 编辑:程序博客网 时间:2024/05/08 18:12
最近公司有款《围住神经猫》的微信小游戏火爆的不行!公司又决定开发一系列的神经猫的小游戏,于是,我被拉过来了。
后来使用cocos-2dx 开发一款小游戏,客户端用的是lua脚本,为了服务器与客户端交互的安全性,我们决定对API接口
传输的JSON数据进行加密、解密。一般情况就是客户端加密,服务器段进行解密:
lua客户端使用的是一个纯lua写的库:aeslua,下载地址:http://luaforge.net/projects/aeslua/
但是该库是有问题的:用该库加密解密是没有问题的,但是跟PHP通讯就存在问题了,因为该库加密后base64之后的
字符串PHP是无法解密的!为了这个问题,我查阅了好多资料,终于找到某个国外大神的解决办法:
http://chainans.blogspot.com/2012/09/working-with-lua-encryption.html(可能有些同学无法FQ,故把原文贴出来如下:)
Working with Lua encryption
Recently working with Corona SDK, I start to need some standard encryption/decryption algorithm in Lua. To start with, actually, it has rather small number of developers comparing to the Objective-C which I have been working with. Meaning that there are fewer 3rd party librarys you can rely upon. Luckily, I found one called AESLua which has some code to start. From there, my objective is to make a way to securely passing data between my client and server. (php on server-side) In fact, from what I'd read, my method is not very secure but it is better than nothing. Just for my reference, here are the list of issues along the wayEdited: Tested with iPhone 4... Input cipher text of 1280 characters. Take around 25 seconds. Unacceptable speed for general uses.1) It requires Lua 5.2 feature which does not seem to be in CoronaSolution: Download LuaBit v0.4 and integrate it... You will need to make a mapping to allow API call to the proper place2) Next you need to get Base64 library -- grab it here https://gist.github.com/2563975 -- It initially made to allow passing it over the URL (using '-' and '_' instead of '+' and '/') So, I change them to the latter one.3) For AESLua, by default, it uses AES-128, CBC, some kind of random padding <- I don't know its name, IV = 0. I will change it into is AES-128, CBC, PKCS7 padding. Here are the website to test if our conversion is ok or nothttp://www.unsw.adfa.edu.au/~lpb/src/AEScalc/AEScalc.htmlhttp://www.tools4noobs.com/online_tools/decrypt/Here are the things to do3.1) In pwInKey function, comment the line outpassword = ciphermode.encryptString(pwBytes, password, ciphermode.encryptCBC);3.2) In util.padByteString function, change it tolocal paddingLength = math.ceil(#data/16)*16 - #data;local padding = "";local paddingValue = string.char ( paddingLength ) -- PKCS7 paddingfor i=1,paddingLength dopadding = padding .. paddingValue;-- PKCS7 paddingendreturn data .. padding;4) Set up web server for testing, you will need php / mcrypt mod to test.5) Creating a php for testing... here is a codeNow, my plain text below is "1234567890123456ss@#%de".<?php$data = 'dXzNDNxckOrb7uz2ON0AAJp4BXgkYewblTNWBSAQSEw=';$key128 = '1234567890123456';$iv = '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0';echo mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key128, base64_decode($data), MCRYPT_MODE_CBC, $iv)?>That's it. The encryption backward to client machine should be a piece of cake. =)*** By using these library, the user should be aware of the fact that Lua's performance is still far from native code. You may not want to use this algorithm to encrypt a large volume of data.
按照他的办法,一切都OK了。但是有以下几点需要说明以下:(本人摸索的)
1.利用CBC模式加密的字符串的key必须是16位,否则PHP无法解密!
2.明文字符串的必须把key作为前缀加进去
3.上面文章中没有把unpack函数写出来,本人查阅了一些资料,补充了,否则aeslua无法正常解密了!
util.lua中的下面这个函数改为如下:
function public.unpadByteString(data)
local padLength = tonum((string.byte(data, #data)));
return string.sub(data,1, #data-padLength) --unpack
end
- lua 与 php 通过AES数据加密进行通讯
- lua 与 php 通过AES数据加密进行通讯
- js 与 php 通过json数据进行通讯
- IOS游戏 与PHP服务器端的AES通讯加密
- JAVA与PHP之间进行aes加密解密
- JS AES加密与PHP解密
- JS AES加密与PHP解密(转)
- AES与RSA相结合数据加密方案
- lua-string-resty的aes加密解密,无法和python的aes进行对接
- java 进行aes加密
- PHP使用mcrypt进行AES加密后的数据NodeJS等无法解密的问题修复方案
- Java中使用AES对数据进行加密
- iOS开发中使用AES算法对数据进行加密
- [安全] -- 使用AES加密算法进行数据加密和解密
- php AES加密解密
- php aes 加密解密
- php 的aes加密
- PHP的AES加密
- jquery自定义类和派生类写法一例
- Oracle当前时间与数据库时间进行计算
- 更改目录,返回指定文件夹(C/C++源程序)
- ios不支持
- 模板模式
- lua 与 php 通过AES数据加密进行通讯
- QCustomPlot之用滚动条控制坐标轴范围
- 水表图片测试的逻辑
- Ubuntu Linux下安装Oracle JDK
- 对一些感觉比较好的算法解释的收藏
- android studio中史上最简单的导入第三方类库的方法
- 读取当前所在目录(文件夹)(C/C++源程序)
- 清除缓存和数据库的工具类
- 10046事件:获取最完整的sql执行计划