openssl_encrypt()
en openssl_decrypt()
stil knipt de sleutel tot een maximale lengte van 16 bytes (tenminste voor aes-128-ecb)
<?php
$key1 = hex2bin(openssl_digest('mysecretphrase', 'sha512'));
$key2 = substr($key1, 0, 16);
$key3 = substr($key1, 0, 15);
$method = 'aes-128-ecb';
$in = 'testvalue';
$data1 = base64_decode(openssl_encrypt($in, $method, $key1));
$data2 = base64_decode(openssl_encrypt($in, $method, $key2));
$data3 = base64_decode(openssl_encrypt($in, $method, $key3));
var_dump(
array(
'key1'=>bin2hex($key1),
'key2'=>bin2hex($key2),
'key3'=>bin2hex($key3),
'data1'=>bin2hex($data1),
'data2'=>bin2hex($data2),
'data3'=>bin2hex($data3),
'data1==data2'=>($data1===$data2),
'data1==data3'=>($data1===$data3)
)
);
?>
resultaat:
array(8) {
["key1"]=>string(128) "5fe76dfd5b75cf7cf68fae85d26fcc9b7951806ad6daaa71d843c6ec0e0ec9233a828ad9b60986a43d734983c8a0a50d3a0a49ec5ac196cfcc136aa16e0c5f89"
["key2"]=>string(32) "5fe76dfd5b75cf7cf68fae85d26fcc9b"
["key3"]=>string(30) "5fe76dfd5b75cf7cf68fae85d26fcc"
["data1"]=>string(32) "eb69e89312c1f7b9522d0e66346f2029"
["data2"]=>string(32) "eb69e89312c1f7b9522d0e66346f2029"
["data3"]=>string(32) "664f5a28d241f959beac350f2314b079"
["data1==data2"]=>bool(true)
["data1==data3"]=>bool(false)
}
In mysql wordt de sleutel met volledige lengte gebruikt door AES_ENCRYPT()
en AES_DECRYPT()
SELECT
HEX(AES_ENCRYPT('testvalue',UNHEX(SHA2('mysecretphrase',512)))) AS l_full,
HEX(AES_ENCRYPT('testvalue',SUBSTR(UNHEX(SHA2('mysecretphrase',512)),1,16))) AS l_16,
HEX(AES_ENCRYPT('testvalue',SUBSTR(UNHEX(SHA2('mysecretphrase',512)),1,15))) AS l_15;
resultaat:
l_full | l_16 | l_15
---------------------------------|----------------------------------|----------------------------------------
A88DD1EFB377FD31A0EFA55EA29BA8C6 | EB69E89312C1F7B9522D0E66346F2029 | 664F5A28D241F959BEAC350F2314B079