lua 与 php 通过AES数据加密进行通讯
近期公司有款《围住神经猫》的微信小游戏火爆的不行!公司又决定开发一系列的神经猫的小游戏,于是,我被拉过来了。
后来使用cocos-2dx 开发一款小游戏,client用的是lua脚本,为了server与client交互的安全性,我们决定对API接口
传输的JSON数据进行加密、解密。普通情况就是client加密,server段进行解密:
luaclient使用的是一个纯lua写的库:aeslua,下载地址:http://luaforge.net/projects/aeslua/
可是该库是有问题的:用该库加密解密是没有问题的,可是跟PHP通讯就存在问题了,由于该库加密后base64之后的
字符串PHP是无法解密的!为了这个问题,我查阅了好多资料,最终找到某个国外大神的解决的方法:
http://chainans.blogspot.com/2012/09/working-with-lua-encryption.html(可能有些同学无法FQ,故把原文贴出来例如以下:)
Working with Lua encryption
Recently working with Corona SDK, I start to need some standard encryption/decryption algorithm in Lua. To start with, actually, it has rather small number of developers comparing to the Objective-C which I have been working with. Meaning that there are fewer 3rd party librarys you can rely upon. Luckily, I found one called AESLua which has some code to start. From there, my objective is to make a way to securely passing data between my client and server. (php on server-side) In fact, from what I'd read, my method is not very secure but it is better than nothing. Just for my reference, here are the list of issues along the way
Edited: Tested with iPhone 4... Input cipher text of 1280 characters. Take around 25 seconds. Unacceptable speed for general uses.
1) It requires Lua 5.2 feature which does not seem to be in Corona
Solution: Download LuaBit v0.4 and integrate it... You will need to make a mapping to allow API call to the proper place
2) Next you need to get Base64 library -- grab it here https://gist.github.com/2563975 -- It initially made to allow passing it over the URL (using '-' and '_' instead of '+' and '/') So, I change them to the latter one.
3) For AESLua, by default, it uses AES-128, CBC, some kind of random padding <- I don't know its name, IV = 0. I will change it into is AES-128, CBC, PKCS7 padding. Here are the website to test if our conversion is ok or not
http://www.unsw.adfa.edu.au/~lpb/src/AEScalc/AEScalc.html
http://www.tools4noobs.com/online_tools/decrypt/
Here are the things to do
3.1) In pwInKey function, comment the line out
password = ciphermode.encryptString(pwBytes, password, ciphermode.encryptCBC);
3.2) In util.padByteString function, change it to
local paddingLength = math.ceil(#data/16)*16 - #data;
local padding = "";
local paddingValue = string.char ( paddingLength ) -- PKCS7 padding
for i=1,paddingLength do
padding = padding .. paddingValue; -- PKCS7 padding
end
return data .. padding;
4) Set up web server for testing, you will need php / mcrypt mod to test.
5) Creating a php for testing... here is a code
Now, my plain text below is "1234567890123456ss@#%de".
<?php
$data = 'dXzNDNxckOrb7uz2ON0AAJp4BXgkYewblTNWBSAQSEw=';
$key128 = '1234567890123456';
$iv = '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0';
echo mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key128, base64_decode($data), MCRYPT_MODE_CBC, $iv)
?>
That's it. The encryption backward to client machine should be a piece of cake. =)
*** By using these library, the user should be aware of the fact that Lua's performance is still far from native code. You may not want to use this algorithm to encrypt a large volume of data.
依照他的办法,一切都OK了。可是有下面几点须要说明下面:(本人摸索的)
1.利用CBC模式加密的字符串的key必须是16位,否则PHP无法解密!
2.明文字符串的必须把key作为前缀加进去
3.上面文章中没有把unpack函数写出来,本人查阅了一些资料,补充了,否则aeslua无法正常解密了!
util.lua中的以下这个函数改为例如以下:
function public.unpadByteString(data)
local padLength = tonum((string.byte(data, #data)));
return string.sub(data,1, #data-padLength) --unpack
end
相关文章
- 大型仓库进销存管理系统php源代码,多仓版进销存管理系统PHP源码ERP仓库管理系统php网络版进销存源码…
- PHP 浏览器缓存_php缓存引擎
- 【笔记php】如何使用PHP从JSON提取数据?
- 重新编译Linux下的PHP(linux重新编译php)
- 探索Linux下查看PHP扩展的奥秘(linux查看php扩展)
- 环境快速搭建Linux上的PHP开发环境(Linux装php)
- 数据快速学习:使用 PHP 读取 MySQL 数据(php读取mysql)
- PHP 存储数据到 MySQL 数据库(php写入mysql)
- PHP实现从MySQL数据库中读取信息(php读取mysql数据)
- PHP扩展开发:实现Redis读写数据(php扩展redis)
- 数据深入了解:PHP查询MySQL数据库(php显示mysql)
- PHP 操作 Redis:实现强大的数据存储 (php操作redis)
- 从MySQL到PHP:展示表格数据(php显示mysql表)
- 数据PHP实现MySQL数据导出的实现方法(php导出mysql)
- PHP操纵Redis实例:快速高效存储数据(php操作redis实例)
- 轻松实现高效数据调用:PHP如何与Redis集成(php调用redis)
- PHP实现Object Oriented Stye封装MySQL类(php封装mysql类)
- Android实现PHP连接MySQL进行数据交互(android通过php连接mysql)
- 数据从MySQL中用PHP取得数据(php 获取 mysql)
- 从PHP到MSSQL:实现高效转换(php转换mssql)
- PHP与MSSQL的良好配合,助力数据应用升级(php_mssql)
- PHP与MSSQL联动——更自由的数据空间(php mssql 空间)
- PHP与MSSQL搭配实现高效多用户并发访问(php mssql并发)
- 微盾PHP脚本加密专家php解密算法
- php算开始时间到过期时间的相隔的天数
- php导出word格式数据的代码实例