Blowfish encryption. do not use PHP and C ++ for encryption, but the results are different.

Source: Internet
Author: User
Tags php online
Blowfish encryption is implemented using PHP and C ++, but the results are different... first, the MD5 experiment has the same results, but the Blowfish experiment cannot be successful. the following code is called: PHPcode & lt ;? Php $ ciphermcrypt_module_open (MCRYPT_BLOWFISH, MCRYPT_MODE_ECB,); Blowfish encryption, which is implemented using PHP and C ++ respectively, but with different results...
First, the MD5 experiment has the same results, but the Blowfish experiment fails.
The call is as follows:
PHP code
  
  % S

", Strtoupper (bin2hex ($ dtext);} mcrypt_module_close ($ cipher );

C ++ is like this:
C/C ++ code
      MD5_CTX md5;    unsigned char str[16];    md5.MD5String(strSource.c_str() ,str);    BlockCipher *bf;    char key[] = "strkey11";              //Key    bf = new BlowFish();    bf->setKey((void *)key, 8*8);    bf->encrypt((void *)str, 8);      //unsigned char str[16];    bf->encrypt((void *)(str+8), 8);    char temp1[4] = {0};    char buff1[128] = {0};    for(int i = 0;i<16;i++)    {        sprintf(temp1,"%02x",str[i]);        strcat(buff1,temp1);    }    AnsiString strResult = String(buff1).UpperCase();    delete bf;


------ Solution --------------------
$ Iv = '000000 ';???
Press bf-> setKey (void *) key, 8*8 );
It should be
$ Iv = "\ x00 \ x00 \ x00 \ x00 \ x00 \ x00 \ x00 \ x00 ";
Right?

------ Solution --------------------
IV is ignored in ECB. iv must exist in CFB, CBC, STREAM, nOFB and OFB modes.
In MCRYPT_MODE_ECB mode, $ iv is ignored and should not be the problem.

It seems that padding is required before encryption. try again.
$ Size = mcrypt_get_block_size (MCRYPT_BLOWFISH, MCRYPT_MODE_ECB );
$ Input = pkcs5_pad ($ input, $ size );

Function pkcs5_pad ($ text, $ blocksize)
{
$ Pad = $ blocksize-(strlen ($ text) % $ blocksize );
Return $ text. str_repeat (chr ($ pad), $ pad );
}

Function pkcs5_unpad ($ text)
{
$ Pad = ord ($ text {strlen ($ text)-1 });
If ($ pad> strlen ($ text) return false;
If (strspn ($ text, chr ($ pad), strlen ($ text)-$ pad )! = $ Pad) return false;
Return substr ($ text, 0,-1 * $ pad );
}
------ Solution --------------------
Is there a problem with the result of c ++? here there is an online blowfish encrypted, you can verify it
Http://webnet77.com/cgi-bin/helpers/blowfish.pl
------ Solution --------------------

First, you need to find out whether PHP is wrong or C ++ is wrong. I used bin2hex before, but md5 is followed by binary data and cannot be verified,
Can you not use the md5 direct character abcdefgh? what is it after encryption?

The webpage result is
Plaintext abcdefgh
Ciphertext 5B4148819C51DCB5
------ Solution --------------------
I used PHP online decoding.
Http://www.tools4noobs.com/online_tools/decrypt/

5B4148819C51DCB5 can be decrypted, but 12DB6214F5EAB031 cannot be decrypted

Is there anything different between C ++ programs? As long as the data can be encrypted and decrypted, the same algorithm must be followed for mutual decryption.

The same symmetric algorithm, the same key, is unlikely to have different ciphertext values, except for some random interference. But from the blowfish algorithm,
There is no random interference. Is it possible that pbox and sbox are different definitions?
------ Solution --------------------
You have two questions about the C ++ code.
1) bf-> setKey (void *) key, 8*8); the second parameter should be the key length. why is it 8*8?
2) PHP has the ECB mode, but c ++ does not. Is it the ECB by default?
------ Solution --------------------
I found the reason. your algorithm is different from the blowfish algorithm in PHP. The c ++ algorithm is blowfish-compat.

So change to $ cipher = mcrypt_module_open ('blowfish-compat', '', MCRYPT_MODE_ECB ,'');
This should be done.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.