问题
I'm developing a HTTP API that requires encryption. I have tried to use AES to get compatibility between Java, PHP and Javascript, but so far I have managed to get Java<->PHP and then Java<->Javascript, but not both PHP and Javascript at the same time.
Has anyone had any experience with achieving interoperability between these languages and more?
Any advice would be much appreciated.
Thanks
回答1:
To get AES to work across different systems, you have to make sure that everything is the same on all systems. That means not relying on system defaults for anything - defaults can differ between systems. You need to explicitly specify everything.
- specify the mode; use CBC or CTR.
- specify the IV. You can prepend it to the cyphertext.
- specify the padding; for AES use PKCS7.
- if your key is a text string then specify the character encoding used to convert it to bytes.
- if your plaintext is a text string then specify the character encoding used to convert it to bytes.
回答2:
AES is a standard (defined here). No matter which programming language you use, the result has to be the same.
Check some test vectors either from the official definition or - if you've already implemented a block mode of operation - from here.
If your implementation has different result, it might work, but it won't be AES...
来源:https://stackoverflow.com/questions/7687096/aes-interoperability-between-php-java-javascript