background
Alipay in the development of small programs, users get the phone number, the phone number needs to AES decrypted plaintext.
The official did not provide examples of PHP decryption, so use PHP to achieve the decryption process of AES algorithm.
Points
- PHP mcrypt implement the AES decryption class, and a method can be used openssl family. mcrypt was abandoned in PHP7.2, it is recommended to use openssl to achieve.
- screct_key That aes_key is obtained from Alipay applet management center background.
Implementation process
openssl implementation
/**
* openssl 解密
* @param unknown $encryptedData
* @return string
*/
protected static function decryptOpenssl($encryptedData, $screct_key) {
$aesKey = base64_decode($screct_key);
$aesIV = null;
$aesCipher = base64_decode($encryptedData);
$result = openssl_decrypt($aesCipher, "AES-128-CBC", $aesKey, 1, $aesIV); //1=OPENSSL_RAW_DATA 模式
// $result = openssl_decrypt($aesCipher, "AES-128-CBC", $aesKey, 2, $aesIV);
return $result;
}options parameter that is important, it is crucial compatible mcrpty algorithm:
options = 0: default mode, automatically plaintext pkcs7 padding, and the data do base64 encoding process.
options = 1: OPENSSL_RAW_DATA, automatically plaintext pkcs7 padding, and the data are not base64 encoding process. It is important here understood
options = 2: OPENSSL_ZERO_PADDING, requires data to be encrypted with the encryption algorithm filled length data block length are aligned, i.e., consistent with the default fill mcrpty manner and do base64 encoded data processed as "0." Note that this mode requires data to be encrypted openssl has been press "0" populated, it does not automatically help you fill data, if the alignment is not populated, it will error.
aop / AopEnctypt.php mcrypt of implementation, reference may decrypt the alipay sdk
class AliBizDataCrypt {
* 解密方法
*
* @param string $encryptedData : 需要解密的报文
* @return string
*/
protected static function decrypt($encryptedData, $screct_key) {
// AES, 128 模式加密数据 CBC
$encryptedDataBase64Decoded = base64_decode($encryptedData);
$screct_key = base64_decode($screct_key);
// 设置全0的IV
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = str_repeat("\0", $iv_size);
$decrypt_str = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $screct_key, $encryptedDataBase64Decoded, MCRYPT_MODE_CBC, $iv);
$decrypt_str = self::stripPKSC7Padding($decrypt_str);
return $decrypt_str;
}
/**
* 移去填充算法
*
* @param string $source
* @return string
*/
protected static function stripPKSC7Padding($source) {
$char = substr($source, - 1);
$num = ord($char);
if( $num == 62 )
return $source;
$source = substr($source, 0, - $num);
return $source;
}
}