creating encrypted passwords in openfire MySQL via

2019-01-18 16:48发布

站内问答 / PHP
1178 3 4

Openfire stores encrypted passwords in a database using blowfish encryption.

http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/java/org/jivesoftware/util/Blowfish.java is the java implementation for how encrypt / decrypt functions work in openfire.

My goal is to create new user entries in the database via PHP and MySQLI. All of the variations I've tried have yielded results that don't match what already exists in the database. For example:

d3f499857b40ac45c41828ccaa5ee1f90b19ca4e0560d1e2dcf4a305f219a4a2342aa7364e9950db is one of the encrypted passwords. clear text, this is stackoverflow

I've tried a few variations:

echo mcrypt_cbc(MCRYPT_BLOWFISH, '1uY40SR771HkdDG', 'stackoverflow', MCRYPT_ENCRYPT, '12345678');
// result:  áë*sY¶nŸÉX_33ô

Another based on mcrypt blowfish php slightly different results when compared to java and .net

 $key = '1uY40SR771HkdDG';
 $pass = 'stackoverflow';
 $blocksize = mcrypt_get_block_size('blowfish', 'cbc'); // get block size
 $pkcs = $blocksize - (strlen($data) % $blocksize); // get pkcs5 pad length
 $data.= str_repeat(chr($pkcs), $pkcs); // append pkcs5 padding to the data

 // encrypt and encode
 $res = base64_encode(mcrypt_cbc(MCRYPT_BLOWFISH,$key, $pass, MCRYPT_ENCRYPT));
 echo $res;
 // result:  3WXKASjk35sI1+XJ7htOGw==

Any clever ideas, or any glaring problems? I simply want to implement Blowfish.encryptString() as referenced in the first link in this question.

3条回答
▲ chillily
2楼-- · 2019-01-18 17:07

There is nothing wrong with your code, however to generate the same code as Openfire, you will need to add in two other items before the encrypted text.

  • length of ciphertext
  • CBCIV (initialization variable)

Read "public String decryptString(String sCipherText)" in java code, it's all there. Also check the docs on how to use CBCIV in PHP.

查看更多
0人赞 添加讨论(0) 举报
三岁会撩人
3楼-- · 2019-01-18 17:08

Here's a class I made, it encrypts and decrypts properly.

Note, you need to save / [pre/app]end the IV in order to reproduce results.

Some test vectors for the java code would be nice.

<?php

/**
 * Emulate OpenFire Blowfish Class
 */
class OpenFireBlowfish
{
    private $key;
    private $cipher;

    function __construct($pass)
    {
        $this->cipher = mcrypt_module_open('blowfish','','cbc','');
        $this->key = pack('H*',sha1($pass));
    }

    function encryptString($plaintext, $iv = '')
    {
        if ($iv == '') {
            $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($this->cipher));
        }
        else {
            $iv = pack("H*", $iv);
        }
        mcrypt_generic_init($this->cipher, $this->key, $iv);
        $bs = mcrypt_enc_get_block_size($this->cipher); // get block size
        $plaintext = mb_convert_encoding($plaintext,'UTF-16BE'); // set to 2 byte, network order
        $pkcs = $bs - (strlen($plaintext) % $bs); // get pkcs5 pad length
        $pkcs = str_repeat(chr($pkcs), $pkcs); // create padding string
        $plaintext = $plaintext.$pkcs; // append pkcs5 padding to the data
        $result = mcrypt_generic($this->cipher, $plaintext);
        mcrypt_generic_deinit($this->cipher);
        return $iv.$result;
    }

    function decryptString($ciphertext)
    {
        $bs = mcrypt_enc_get_block_size($this->cipher); // get block size
        $iv_size = mcrypt_enc_get_iv_size($this->cipher);
        if ((strlen($ciphertext) % $bs) != 0) { // check string is proper size
            return false;
        }
        $iv = substr($ciphertext, 0, $iv_size); // retrieve IV
        $ciphertext = substr($ciphertext, $iv_size);
        mcrypt_generic_init($this->cipher, $this->key, $iv);
        $result = mdecrypt_generic($this->cipher, $ciphertext); // decrypt
        $padding = ord(substr($result,-1)); // retrieve padding
        $result = substr($result,0,$padding * -1); // and remove it
        mcrypt_generic_deinit($this->cipher);
        return $result;
    }

    function __destruct()
    {
        mcrypt_module_close($this->cipher);
    }
}

$enckey = "1uY40SR771HkdDG";
$enciv = 'd3f499857b40ac45';
$javastring = 'd3f499857b40ac45c41828ccaa5ee1f90b19ca4e0560d1e2dcf4a305f219a4a2342aa7364e9950db';

$a = new OpenFireBlowfish($enckey);
$encstring = bin2hex($a->encryptString('stackoverflow',$enciv));
echo $encstring . "\n";
echo $a->decryptString(pack("H*", $encstring)) . "\n";

$b = new OpenFireBlowfish($enckey);
echo $b->decryptString(pack("H*", $javastring)) . "\n";
查看更多
0人赞 添加讨论(0) 举报
劫难
4楼-- · 2019-01-18 17:19

Openfire's code prepends the CBCIV passed with the output string. It also using Unicode as the character set. These together may be the problem area.

I don't know enough about Blowfish's internals to help more, sorry.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)