ciphersweet - decryptRow:尝试解密行时出现错误
2021-03-24
581
我需要一些有关使用函数 decryptRow() 的帮助。
<?php
use ParagonIE\CipherSweet\Backend\FIPSCrypto;
use ParagonIE\CipherSweet\KeyProvider\StringProvider;
use ParagonIE\CipherSweet\CipherSweet;
use ParagonIE\CipherSweet\BlindIndex;
use ParagonIE\CipherSweet\EncryptedField;
use ParagonIE\CipherSweet\EncryptedRow;
/*************************************************************************************************************************
* GETTING ACCESS TO ENCRYPTED TABLE DATA ROW & ENCRYPT DATA -> encrypted data will be stored via separate SQL-Select
* EncryptedRow -> for simple encryption of multiple table fields with Blind Indexing, but without Authentication
* Encryption method -> FIPS 140-2 algorithms
* KeyProvider -> StringProvider
* @param $sKey //You can pass a raw binary string, hex-encoded string, or base64url-encoded string to the StringProvider constructor, provided the decoded key is 256 bits
* @param $table //Table identifier
* @param $fieldName01 //Field identifier -> will hold ciphertext
* @param $fieldName02 //Field identifier -> will hold ciphertext
* @param $fieldName03 //Field identifier -> will hold ciphertext
* @param $fieldName04 //Field identifier -> will hold ciphertext
* @param $fieldName05 //Field identifier -> will hold ciphertext
* @param $fieldName01_bidx //Field identifier -> will hold the blind index cipher
* @param $fieldName01Value //Field value -> that will be encrypted into $ciphertext
* @param $fieldName02Value //Field value -> that will be encrypted into $ciphertext
* @param $fieldName03Value //Field value -> that will be encrypted into $ciphertext
* @param $fieldName04Value //Field value -> that will be encrypted into $ciphertext
* @param $fieldName05Value //Field value -> that will be encrypted into $ciphertext
* @param $prepared //Holds the encrypted field value & blind index
* @return int
*/
function encryptDataTableRow($sKey, $table, $fieldName01, $fieldName02, $fieldName03, $fieldName04, $fieldName05, $fieldName01_bidx, $fieldName01Value, $fieldName02Value, $fieldName03Value, $fieldName04Value, $fieldName05Value, &$prepared): int
{
try {
// Use only FIPS 140-2 algorithms
$fips = new FIPSCrypto();
// Define Key Provider
$provider = new StringProvider(
// Example key, chosen randomly, hex-encoded:
$sKey
);
// Start Engine
$engine = new CipherSweet($provider, $fips);
// Define fields which will be encrypted
$row = (new EncryptedRow($engine, $table))
->addTextField($fieldName01)
->addTextField($fieldName02)
->addTextField($fieldName03)
->addTextField($fieldName04)
->addTextField($fieldName05);
// Add a normal Blind Index on one field:
$row->addBlindIndex(
$fieldName01,
new BlindIndex(
$fieldName01_bidx,
[],
32
)
);
// Set Cipher
$prepared = $row->prepareRowForStorage([
$fieldName01=>$fieldName01Value,
$fieldName02=>$fieldName02Value,
$fieldName03=>$fieldName03Value,
$fieldName04=>$fieldName04Value,
$fieldName05=>$fieldName05Value
]);
return 0; //function processed without errors
} catch (Exception $ex) {
echo "Error: " . $ex->getMessage();
return -1; //function processed with errors
}
}
/************************************************************************************************************************
* GETTING ACCESS TO ENCRYPTED TABLE DATA ROW -> decryption will be processed after fetching via separate SQL-Select
* EncryptedRow -> for simple encryption of multiple table fields with Blind Indexing, but without Authentication
* Encryption method -> FIPS 140-2 algorithms
* KeyProvider -> StringProvider
* @param $sKey //You can pass a raw binary string, hex-encoded string, or base64url-encoded string to the StringProvider constructor, provided the decoded key is 256 bits
* @param $table //Table identifier
* @param $fieldName01 //Field identifier -> will hold ciphertext
* @param $fieldName02 //Field identifier -> will hold ciphertext
* @param $fieldName03 //Field identifier -> will hold ciphertext
* @param $fieldName04 //Field identifier -> will hold ciphertext
* @param $fieldName05 //Field identifier -> will hold ciphertext
* @param $fieldName01_bidx //Field identifier -> will hold the blind index cipher
* @param $fieldName01Value //Field value -> that will be encrypted into $ciphertext
* @param $row //Holds access to decryption model
* @param $indexes //Holds the encrypted blind index for sql statement
* @return int
*/
function getEncryptDataTableRow($sKey, $table, $fieldName01, $fieldName02, $fieldName03, $fieldName04, $fieldName05, $fieldName01_bidx, $fieldName01Value, &$row, &$indexes): int
{
try {
// Use only FIPS 140-2 algorithms
$fips = new FIPSCrypto();
// Define Key Provider
$provider = new StringProvider(
// Example key, chosen randomly, hex-encoded:
$sKey
);
// Start Engine
$engine = new CipherSweet($provider, $fips);
// Define fields which will be decrypted
$row = (new EncryptedRow($engine, $table))
->addTextField($fieldName01)
->addTextField($fieldName02)
->addTextField($fieldName03)
->addTextField($fieldName04)
->addTextField($fieldName05);
// Add a normal Blind Index on one field:
$row->addBlindIndex(
$fieldName01,
new BlindIndex(
$fieldName01_bidx,
[],
32
)
);
// Use these values in search queries:
$indexes = $row->getAllBlindIndexes([$fieldName01 => $fieldName01Value]);
return 0; //function processed without errors
} catch (Exception $ex) {
echo "Error: " . $ex->getMessage();
return -1; //function processed with errors
}
}
// EncryptedRow without Authentication -> encrypt & store
function testEncryptDataTableRow() {
$sKey = '4e1c44f87b4cdf21808762970b356891db180a9dd9850e7baf2a79ff3ab8a2fc';
$table = 'test_multi_field_encryption';
$fieldName01 = 'customer_name';
$fieldName02 = 'customer_street';
$fieldName03 = 'customer_post_code';
$fieldName04 = 'customer_city';
$fieldName05 = 'customer_country';
$fieldName01_bidx = 'customer_bidx';
$fieldName01Value = 'XXXX AG';
$fieldName02Value = 'Maylacher 7';
$fieldName03Value = '70131';
$fieldName04Value = 'Karlsruhe';
$fieldName05Value = 'Deutschland';
$customer_id = 1003;
$ret = encryptDataTableRow($sKey, $table, $fieldName01, $fieldName02, $fieldName03, $fieldName04, $fieldName05, $fieldName01_bidx, $fieldName01Value, $fieldName02Value, $fieldName03Value, $fieldName04Value, $fieldName05Value, $prepared);
try {
$blindindex = $prepared[1][customer_bidx][value];
$value01 = $prepared[0][customer_name];
$value02 = $prepared[0][customer_street];
$value03 = $prepared[0][customer_post_code];
$value04 = $prepared[0][customer_city];
$value05 = $prepared[0][customer_country];
$db = new MySQLi(...);
$sql = "INSERT INTO `test_multi_field_encryption`(`customer_id`, `customer_name`, `customer_street`, `customer_post_code`, `customer_city`, `customer_country`, `customer_bidx`) VALUES ('" . $customer_id . "','" . $value01 . "','" . $value02 . "','" . $value03 . "','" . $value04 . "','" . $value05 . "','" . $blindindex . "')";
$result = $db->query($sql);
$db->close();
} catch (Exception $ex) {
echo "Fehler: " . $ex->getMessage();
$db->close();
$ret = -2; // no db connection
}
}
// EncryptedRow without Authentication -> select & decrypt
function testDecryptDataTableRow() {
$sKey = '4e1c44f87b4cdf21808762970b356891db180a9dd9850e7baf2a79ff3ab8a2fc';
$table = 'test_multi_field_encryption';
$fieldName01 = 'customer_name';
$fieldName02 = 'customer_street';
$fieldName03 = 'customer_post_code';
$fieldName04 = 'customer_city';
$fieldName05 = 'customer_country';
$fieldName01_bidx = 'customer_bidx';
$fieldName01Value = 'XXXX AG';
$ret = getEncryptDataTableRow($sKey, $table, $fieldName01, $fieldName02, $fieldName03, $fieldName04, $fieldName05, $fieldName01_bidx, $fieldName01Value, $rowP, $indexes);
try {
$blindindex = $indexes[customer_bidx][value];
$db = new MySQLi(...);
$sql = "SELECT * FROM `test_multi_field_encryption` WHERE customer_bidx = '" . $blindindex . "'";
$result = $db->query($sql);
$row = $result->fetch_row();
$encyptedRow = $rowP->decryptRow($row);
$db->close();
} catch (Exception $ex) {
echo "Fehler: " . $ex->getMessage();
$db->close();
}
}
?>
我的问题是代码行“$encyptedRow = $rowP->decryptRow($row);”。
我将收到类似这样的错误消息:
'Uncaught TypeError:传递给 ParagonIE\ConstantTime\Binary::safeSubstr() 的参数 1 必须是字符串类型,给定为 null,在 C:\Users...\vendor\paragonie\ciphersweet\src\Backend\FIPSCrypto.php 的第 95 行调用,并在 C:\Users...\vendor\paragonie\constant_time_encoding\src\Binary.php:67 中定义
堆栈跟踪:
#0 C:\Users...\vendor\paragonie\ciphersweet\src\Backend\FIPSCrypto.php(95): ParagonIE\ConstantTime\Binary::safeSubstr(NULL, 0, 5)
#1 C:\Users...\vendor\paragonie\ciphersweet\src\EncryptedRow.php(334): ParagonIE\CipherSweet\Backend\FIPSCrypto->decrypt(NULL, Object(ParagonIE\CipherSweet\Backend\Key\SymmetricKey))
#2 C:\Users...\partials\cipherTEST.php(94): ParagonIE\CipherSweet\EncryptedRow->decryptRow(Array)
#3 C:\Users...'
也许有人可以帮我。
提前谢谢。
2个回答
我明白了。我的错误是通过
$row = $result->fetch_row();
但是函数 decryptRow 需要一个带有字段名的关联数组。因此代码必须像这样
$row = $result->fetch_assoc();
现在函数 decryptRow 将获取用于处理代码行的字段名
$plaintext = $backend->decrypt($row[$field], $key);
最后它运行得很好。
Count Dracul
2021-03-26
出现此异常的原因是
null
被传递给此处的
decrypt()
:
https://github.com/paragonie/ciphersweet/blob/f73aaea31f743dad8145f344d93503c4d9f950a8/src/EncryptedRow.php#L334
。
$row[$field]
包含 null,或者
$row
中没有这样的元素。
使用调试器检查它,或者在
catch
中添加一些调试语句(例如
var_dump($rowP, $row)
),然后检查
$row
中包含的数据是否符合您的预期。还值得检查
$rowP->fieldsToEncrypt
中的字段列表。
weirdan
2021-03-24