mdecrypt_generic

(PHP 4 >= 4.0.2, PHP 5, PHP 7 < 7.2.0, PECL mcrypt >= 1.0.0)

mdecrypt_generic解密数据

Warning

本函数已自 PHP 7.1.0 起废弃。强烈建议不要使用本函数。

说明

mdecrypt_generic ( resource $td , string $data ) : string

解密数据。 请注意,由于存在数据补齐的情况, 返回字符串的长度可能和明文的长度不相等。

参数

td

mcrypt_module_open() 函数创建的加密描述符。

data

密文。

范例

Example #1 mdecrypt_generic() 例程

<?php
    
/* 数据 */
    
$key 'this is a very long key, even too long for the cipher';
    
$plain_text 'very important data';

    
/* 打开加密模块,并且创建初始向量 */
    
$td mcrypt_module_open('des''''ecb''');
    
$key substr($key0mcrypt_enc_get_key_size($td));
    
$iv_size mcrypt_enc_get_iv_size($td);
    
$iv mcrypt_create_iv($iv_sizeMCRYPT_RAND);

    
/* 初始化加密句柄 */
    
if (mcrypt_generic_init($td$key$iv) != -1) {

        
/* 加密数据 */
        
$c_t mcrypt_generic($td$plain_text);
        
mcrypt_generic_deinit($td);

        
/* 为解密重新初始化缓冲区 */
        
mcrypt_generic_init($td$key$iv);
        
$p_t mdecrypt_generic($td$c_t);

        
/* 执行清理工作 */
        
mcrypt_generic_deinit($td);
        
mcrypt_module_close($td);
    }

    if (
strncmp($p_t$plain_textstrlen($plain_text)) == 0) {
        echo 
"ok\n";
    } else {
        echo 
"error\n";
    }
?>

上例中演示了如何检测 解密后的数据是否和原始明文长度一致。 需要着重提醒的是,在对数据进行机密之前, 必须使用 mcrypt_generic_init() 函数来重新初始化缓冲区。

调用本函数之前, 必须使用密钥和初始向量来调用 mcrypt_generic_init() 函数 对解密句柄进行初始化。 加解密工作完成之后,需要调用 mcrypt_generic_deinit() 来释放加解密缓冲区。 例程请参见 mcrypt_module_open()

参见

User Contributed Notes

Ulysse 07-Nov-2013 02:27
Based on the information provided by "jakub dot lopuszanski at nasza-klasa dot pl" that in PKCS#7, the last byte contains the number of byte to remove (see RFC 5652, part 6.3), and for those like me who like to copy paste an already-made snippet:

<?php
function unpadPKCS7($data, $blocksize)
{
   
$last = substr($data, -1);
    return
substr($data, 0, strlen($data) - ord($last));
}
?>

Now you have no more reason to use rtrim() to remove the padding at the end of the result.
jakub dot lopuszanski at nasza-klasa dot pl 25-Jun-2013 07:16
For all those of you which are "surprised" by the padding (even though it is mentioned in the description of the method) please do not just "strip away everything which I do not understand".
The approach with rtrim, rtrim "\0", removing all charcodes < 16, etc. are all wrong.
The PKCS #7 padding works just as described in  RFC 5652.
To remove it, just look at the last byte of the message, and it will tell you how many bytes to remove.
For example, if the last byte is equal to \0A, then remove 10 bytes.
Peter Bailey 19-Mar-2012 05:49
We found that sometimes the resulting padding is not null characters "\0" but rather one of several control characters.

If you know your data is not supposed to have any trailing control characters "as we did" you can strip them like so.

<?php

$data
= mdecrypt_generic( $cipher, $data );

// Strip trailing control-character padding
$data = preg_replace( "/\p{Cc}*$/u", "", $data );

?>
trashmail dot hashishin at gmail dot com 01-Jun-2010 12:46
Whenever you need to decrypt files encrypted with dot.net (and others?) you can use the following settings:

Encryption: 'rijndael-256'
Mode: 'cbc'
Padding-Mode: Zeros
iv: "yes"

encode the data with base64 to send them to your php script
Anonymous 21-Mar-2009 07:31
Here's a quick snippet for removing PKCS7 padding:

<?php
function unpadPKCS7($data, $blockSize) {
   
$length = strlen ( $data );
    if (
$length > 0) {
       
$first = substr ( $data, - 1 );
       
        if (
ord ( $first ) <= $blockSize) {
            for(
$i = $length - 2; $i > 0; $i --)
                if (
ord ( $data [$i] != $first ))
                    break;
           
            return
substr ( $data, 0, $i );
        }
    }
    return
$data;
}
?>
nytro_rst at yahoo dot com 09-Feb-2009 03:33
<?php
// Parameters:
// $text = The text that you want to encrypt.
// $key = The key you're using to encrypt.
// $alg = The algorithm.
// $crypt = 1 if you want to crypt, or 0 if you want to decrypt.

function cryptare($text, $key, $alg, $crypt)
{
   
$encrypted_data="";
    switch(
$alg)
    {
        case
"3des":
           
$td = mcrypt_module_open('tripledes', '', 'ecb', '');
            break;
        case
"cast-128":
           
$td = mcrypt_module_open('cast-128', '', 'ecb', '');
            break;   
        case
"gost":
           
$td = mcrypt_module_open('gost', '', 'ecb', '');
            break;   
        case
"rijndael-128":
           
$td = mcrypt_module_open('rijndael-128', '', 'ecb', '');
            break;       
        case
"twofish":
           
$td = mcrypt_module_open('twofish', '', 'ecb', '');
            break;   
        case
"arcfour":
           
$td = mcrypt_module_open('arcfour', '', 'ecb', '');
            break;
        case
"cast-256":
           
$td = mcrypt_module_open('cast-256', '', 'ecb', '');
            break;   
        case
"loki97":
           
$td = mcrypt_module_open('loki97', '', 'ecb', '');
            break;       
        case
"rijndael-192":
           
$td = mcrypt_module_open('rijndael-192', '', 'ecb', '');
            break;
        case
"saferplus":
           
$td = mcrypt_module_open('saferplus', '', 'ecb', '');
            break;
        case
"wake":
           
$td = mcrypt_module_open('wake', '', 'ecb', '');
            break;
        case
"blowfish-compat":
           
$td = mcrypt_module_open('blowfish-compat', '', 'ecb', '');
            break;
        case
"des":
           
$td = mcrypt_module_open('des', '', 'ecb', '');
            break;
        case
"rijndael-256":
           
$td = mcrypt_module_open('rijndael-256', '', 'ecb', '');
            break;
        case
"xtea":
           
$td = mcrypt_module_open('xtea', '', 'ecb', '');
            break;
        case
"enigma":
           
$td = mcrypt_module_open('enigma', '', 'ecb', '');
            break;
        case
"rc2":
           
$td = mcrypt_module_open('rc2', '', 'ecb', '');
            break;   
        default:
           
$td = mcrypt_module_open('blowfish', '', 'ecb', '');
            break;                                           
    }
   
   
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
   
$key = substr($key, 0, mcrypt_enc_get_key_size($td));
   
mcrypt_generic_init($td, $key, $iv);
   
    if(
$crypt)
    {
       
$encrypted_data = mcrypt_generic($td, $text);
    }
    else
    {
       
$encrypted_data = mdecrypt_generic($td, $text);
    }
   
   
mcrypt_generic_deinit($td);
   
mcrypt_module_close($td);
   
    return
$encrypted_data;
}
?>
Silvan 17-Aug-2007 12:34
It is generally not recommended to just use rtrim to remove the padding.

Use rtrim($str, "\0") for strings that do not end in "\0" or store the data length during encryption.
(Although data containing "\0" sometimes gets corrupted during encryption so these types of data actually should be packed.)

For example:

<?php

function encrypt($original_data)
{
   
$length = strlen($original_data);
   
$data_to_encrypt = $length.'|'.$original_data;
   
// Encrypt the data including its length.
    // Do not save the length unencrypted, as this could be a (minor) security risk
}

function
decrypt($cypher)
{
   
// Decrypt the cypher data first
    // Next retrieve the original data
   
list($length, $padded_data) = explode('|', $decrypted_data, 2);
   
$original_data = substr($padded_data, 0, $length);
}

?>
php at pcwize dot com 12-Oct-2006 02:59
Just confirming the .DLL issues. With 4.3.4 you need the older .DLL. I'm guessing any version of PHP4 needs the older .DLL. With PHP5 you need the newer one.
drew at expressdynamics dot com 05-Jul-2005 10:07
On Win32 systems with PHP 5, you must use the newer libmcrypt.dll file, otherwise mdecrypt_generic will not work.
robbie [at] averill [dot] co [dot] nz 24-Mar-2005 03:15
I have noticed that sometimes when the binary ciphertext is longer than the plaintext, the decrypted plaintext can have some little boxes/squares next to it as 'padding'. I also noticed that you can't cut and paste them to be able to edit them out, but i did find a solution.

Just call rtrim() around the string and it removes them.
jon@jonroig dot com 07-Apr-2004 07:29
Here's a bit of encrypt/decrypt code.

If you're using this on the win32 platform, BEWARE! The latest DLL (19-Jan-2004) contains a bug that keeps mdecrypt_generic from functioning. Nearly drove me over the edge... The 30-Dec-2002 version seems to work with no trouble.
<?

$key = "this is a secret key";
$input = "Let us meet at 9 o'clock at the secret place.";

$td = mcrypt_module_open('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$encrypted_data = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);

echo "Encrypt: ".$encrypted_data;

echo "<br><br>";

$td = mcrypt_module_open('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$key = substr($key, 0, mcrypt_enc_get_key_size($td));
mcrypt_generic_init($td, $key, $iv);
$decrypted_data = mdecrypt_generic($td, $encrypted_data);
echo "Decrypt: ".$decrypted_data;
mcrypt_generic_deinit($td);
mcrypt_module_close($td);

?>