lua 与 php 经过AES数据加密进行通讯-php教程-PHP中文網

首頁

後端開發

php教程

lua 与 php 经过AES数据加密进行通讯

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 pm 12:03 PM

datanbsppaddingthe

lua 与 php 通过AES数据加密进行通讯

最近公司有款《围住神经猫》的微信小游戏火爆的不行！公司又决定开发一系列的神经猫的小游戏，于是，我被拉过来了。

后来使用cocos-2dx 开发一款小游戏，客户端用的是lua脚本，为了服务器与客户端交互的安全性，我们决定对API接口

传输的JSON数据进行加密、解密。一般情况就是客户端加密，服务器段进行解密：

lua客户端使用的是一个纯lua写的库：aeslua，下载地址：http://luaforge.net/projects/aeslua/

但是该库是有问题的：用该库加密解密是没有问题的，但是跟PHP通讯就存在问题了，因为该库加密后base64之后的

字符串PHP是无法解密的！为了这个问题，我查阅了好多资料，终于找到某个国外大神的解决办法：

http://chainans.blogspot.com/2012/09/working-with-lua-encryption.html（可能有些同学无法FQ，故把原文贴出来如下：）

Working with Lua encryption

Recently working with Corona SDK, I start to need some standard encryption/decryption algorithm in Lua. To start with, actually, it has rather small number of developers comparing to the Objective-C which I have been working with. Meaning that there are fewer 3rd party librarys you can rely upon. Luckily, I found one called AESLua which has some code to start. From there, my objective is to make a way to securely passing data between my client and server. (php on server-side) In fact, from what I'd read, my method is not very secure but it is better than nothing. Just for my reference, here are the list of issues along the way

Edited: Tested with iPhone 4... Input cipher text of 1280 characters. Take around 25 seconds. Unacceptable speed for general uses.

1) It requires Lua 5.2 feature which does not seem to be in Corona

Solution: Download LuaBit v0.4 and integrate it... You will need to make a mapping to allow API call to the proper place

2) Next you need to get Base64 library -- grab it here https://gist.github.com/2563975 -- It initially made to allow passing it over the URL (using '-' and '_' instead of '+' and '/') So, I change them to the latter one.

3) For AESLua, by default, it uses AES-128, CBC, some kind of random padding

http://www.unsw.adfa.edu.au/~lpb/src/AEScalc/AEScalc.html

http://www.tools4noobs.com/online_tools/decrypt/

Here are the things to do

3.1) In pwInKey function, comment the line out

password = ciphermode.encryptString(pwBytes, password, ciphermode.encryptCBC);

3.2) In util.padByteString function, change it to

local paddingLength = math.ceil(#data/16)*16 - #data;

local padding = "";

local paddingValue = string.char ( paddingLength ) -- PKCS7 padding

for i=1,paddingLength do

padding = padding .. paddingValue;-- PKCS7 padding

end

return data .. padding;

4) Set up web server for testing, you will need php / mcrypt mod to test.

5) Creating a php for testing... here is a code

Now, my plain text below is "1234567890123456ss@#%de".

$data = 'dXzNDNxckOrb7uz2ON0AAJp4BXgkYewblTNWBSAQSEw=';

$key128 = '1234567890123456';

$iv = '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0';

echo mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key128, base64_decode($data), MCRYPT_MODE_CBC, $iv)

?>

That's it. The encryption backward to client machine should be a piece of cake. =)

*** By using these library, the user should be aware of the fact that Lua's performance is still far from native code. You may not want to use this algorithm to encrypt a large volume of data.

按照他的办法，一切都OK了。但是有以下几点需要说明以下：（本人摸索的）

1.利用CBC模式加密的字符串的key必须是16位，否则PHP无法解密！

2.明文字符串的必须把key作为前缀加进去

3.上面文章中没有把unpack函数写出来，本人查阅了一些资料，补充了，否则aeslua无法正常解密了！

util.lua中的下面这个函数改为如下：

function public.unpadByteString(data)
local padLength = tonum((string.byte(data, #data)));
return string.sub(data,1, #data-padLength) --unpack
end

陳述

本文內容由網友自願投稿，版權歸原作者所有。本站不承擔相應的法律責任。如發現涉嫌抄襲或侵權的內容，請聯絡admin@php.cn

unset（）和session_destroy（）有什麼區別？May 04, 2025 am 12:19 AM

Thedifferencebetweenunset()andsession_destroy()isthatunset()clearsspecificsessionvariableswhilekeepingthesessionactive,whereassession_destroy()terminatestheentiresession.1)Useunset()toremovespecificsessionvariableswithoutaffectingthesession'soveralls

在負載平衡的情況下，什麼是粘性會話（會話親和力）？May 04, 2025 am 12:16 AM

stickysessensureuserRequestSarerOutedTothesMeServerForsessionDataConsisterency.1）sessionIdentificeAssificationAssigeaSsignAssignSignSuserServerServerSustersusiseCookiesorUrlModifications.2）一致的ententRoutingDirectSsssssubsequeSssubsequeSubsequestrequestSameSameserver.3）loadBellankingDisteributesNebutesneNewuserEreNevuseRe.3）

PHP中有哪些不同的會話保存處理程序？May 04, 2025 am 12:14 AM

phpoffersvarioussessionsionsavehandlers：1）文件：默認，簡單的ButMayBottLeneckonHigh-trafficsites.2）Memcached：高性能，Idealforsforspeed-Criticalapplications.3）REDIS：redis：similartomemememememcached，withddeddeddedpassistence.4）withddeddedpassistence.4）databases：gelifforcontrati forforcontrati，有用

PHP中的會話是什麼？為什麼使用它們？May 04, 2025 am 12:12 AM

PHP中的session是用於在服務器端保存用戶數據以在多個請求之間保持狀態的機制。具體來說，1)session通過session_start()函數啟動，並通過$_SESSION超級全局數組存儲和讀取數據；2)session數據默認存儲在服務器的臨時文件中，但可通過數據庫或內存存儲優化；3)使用session可以實現用戶登錄狀態跟踪和購物車管理等功能；4)需要注意session的安全傳輸和性能優化，以確保應用的安全性和效率。

說明PHP會話的生命週期。May 04, 2025 am 12:04 AM

PHPsessionsstartwithsession_start(),whichgeneratesauniqueIDandcreatesaserverfile;theypersistacrossrequestsandcanbemanuallyendedwithsession_destroy().1)Sessionsbeginwhensession_start()iscalled,creatingauniqueIDandserverfile.2)Theycontinueasdataisloade

絕對會話超時有什麼區別？May 03, 2025 am 12:21 AM

絕對會話超時從會話創建時開始計時，閒置會話超時則從用戶無操作時開始計時。絕對會話超時適用於需要嚴格控制會話生命週期的場景，如金融應用；閒置會話超時適合希望用戶長時間保持會話活躍的應用，如社交媒體。

如果會話在服務器上不起作用，您將採取什麼步驟？May 03, 2025 am 12:19 AM

服務器會話失效可以通過以下步驟解決：1.檢查服務器配置，確保會話設置正確。 2.驗證客戶端cookies，確認瀏覽器支持並正確發送。 3.檢查會話存儲服務，如Redis，確保其正常運行。 4.審查應用代碼，確保會話邏輯正確。通過這些步驟，可以有效診斷和修復會話問題，提升用戶體驗。

session_start（）函數的意義是什麼？May 03, 2025 am 12:18 AM

session_start（）iscucialinphpformanagingusersessions.1）ItInitiateSanewsessionifnoneexists，2）resumesanexistingsessions，and3）setsasesessionCookieforContinuityActinuityAccontinuityAcconActInityAcconActInityAcconAccRequests，EnablingApplicationsApplicationsLikeUseAppericationLikeUseAthenticationalticationaltication and PersersonalizedContentent。

See all articles