Use of Initialization Vector in openssl_encrypt

leokim / / 未分类

引用地址:http://stackoverflow.com/questions/11821195/use-of-initialization-vector-in-openssl-encrypt

 

直接贴答案

 

An IV is generally a random number that guarantees the encrypted text is unique.

To explain why it's needed, let's pretend we have a database of people's names encrypted with the key 'secret' and no IV.

1 John dsfa9p8y098hasdf
2 Paul po43pokdfgpo3k4y
3 John dsfa9p8y098hasdf

If John 1 knows his cipher text (dsfa9p8y098hasdf) and has access to the other cipher texts, he can easily find other people named John.

Now in actuality, an encryption mode that requires an IV will always use one. If you don't specify an IV, it's automatically set to a bunch of null bytes. Imagine the first example but with a constant IV (00000000).

1 John dsfa9p8y098hasdf 00000000
2 Paul po43pokdfgpo3k4y 00000000
3 John dsfa9p8y098hasdf 00000000

To prevent repeated cipher texts, we can encrypt the names using the same 'secret' key and random IV's:

1 John sdf875n90mh28458 45gh3546
2 Paul fg9087n5b60987nf 56897ngq
3 John gjhn0m89456vnler 8907345f

As you can see, the two 'John' cipher texts are now different. Each IV is unique and has influenced the encryption process making the end result unique as well. John 1 now has no idea what user 3's name is.

Decryption requires the use of the same IV the text was encrypted with of course, which is why it must be stored in the database. The IV is of no use without the key so transmitting or storing it with the encrypted text is of no concern.

This is an overly simplistic example, but the truth is, not using IV's has serious security ramifications.

Now your code appears to be setting the IV (1234567812345678) but not using it on decryption. That's certain to fail.

You also may want to utilize some of PHP's IV generation functions. I think this should work for you:

$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$encryptedMessage = openssl_encrypt($textToEncrypt, $encryptionMethod, $secretHash, 0, $iv);
$decryptedMessage = openssl_decrypt($encryptedMessage, $encryptionMethod, $secretHash, 0, $iv);

For storage/transmission, you can simply concatenate the IV and cipher text like so:

$data = $iv.$encryptedMessage;

Then on retrieval, pull the IV out for decryption:

$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$iv = substr($data, 0, $iv_size);
$decryptedMessage = openssl_decrypt(substr($data, $iv_size), $encryptionMethod, $secretHash, 0, $iv);

For more info, check out PHP's Mcrypt library. It's quite full featured and has tons of examples, many of which can help you out with openssh encryption implementations.http://php.net/manual/en/function.mcrypt-encrypt.php

openssl 使用

leokim / / 未分类

关于nets的传输加密,尼玛坑爹啊,什么东西都不给。

<?php
 $fp = fsockopen("203.116.93.163", 80, $errno, $errstr, 30);
 if (!$fp)
 {
  echo 'Could not open connection.';
 }
 else
 {
  $time    = time();
  $mid     = '116';
  $mKey    = 'wFmLP5OF5xUZivXCXqgnL0Rl4C78vVkn';
  $ref     = $mid.$time;
  $card_number = '0004500100000000014';

  //generate random
  $initial_random = bin2hex(openssl_random_pseudo_bytes(8));
  echo 'Initial Random : '.$initial_random.'<br>';
  //======================================================================
  //Encrypted
  //======================================================================
  
  //encrypt by merchant's private key
  $fp=fopen("D:/wamp/www/key/icol_priv_key.pem","r"); 
  $priv_key=fread($fp,8192); 
  fclose($fp);
  $res = openssl_get_privatekey($priv_key,'icolumn1014'); 

  //private encrypt
  openssl_private_encrypt($initial_random,$crypttext_ico_priv,$res);

  $cry_len = strlen($crypttext_ico_priv);
  $num = ceil($cry_len/100);

  //Block encrypted
  $fp=fopen("D:/wamp/www/key/icol_public.cert","r");
  $pub_key=fread($fp,8192); 
  fclose($fp);

  openssl_get_publickey($pub_key); 
  $encrypt_val = '';
  $new_encrypt_val = '';

  for($i=0; $i<$num; $i++)
  {
   $encrypt_val = substr($crypttext_ico_priv, $i*100, 100 );
   openssl_public_encrypt($encrypt_val, $pub_encrypt, $pub_key);
   $new_encrypt_val.=$pub_encrypt;
  }

  $full_enctypt_str = $new_encrypt_val;

  //======================================================================
  //Decrypted
  //======================================================================
  $len = strlen($full_enctypt_str);
  $f_num = ceil($len/256);

  $full_pri_decrypt = '';
  for($j=0; $j<$f_num; $j++)
  {
   $block = substr($full_enctypt_str, $j*256, 256 );
   openssl_private_decrypt($block,$block_decrypt,$res);

   $full_pri_decrypt .= $block_decrypt;
  }

  openssl_public_decrypt($full_pri_decrypt,$original_data,$pub_key);
  echo 'Original Data &nbsp;: '.$original_data;
 }
?>

gwp 修改campaign

leokim / / 未分类

gwp issue之后的voucher 如果要修改campany还需要修改voucher_request_approve里的campaign_id 和voucher_campaign_issue_request里的request_remarks

 

select d.voucher_id , a.request_id, b.campaign_id, e.campaign_id 
from voucher_request_approve a, voucher_campaign_issue_request b, voucher_batch_no_section c, voucher d, voucher_campaign_issue e
where a.request_id = b.request_id 
and a.batch_id = c.batch_id
and d.prefix = c.prefix 
and c.start_no = d.voucher_no 
and c.end_no = d.voucher_no
and d.voucher_id = e.voucher_id
and b.campaign_id != e.campaign_id

UPDATE voucher_campaign_issue_request set campaign_id = 26 
where request_id in (6843, 7191, 7754, 8264)
select * from voucher_request_approve where request_id in (6843, 7191, 7754, 8264)
select * from voucher_campaign where campaign_id = 26

Python version 2.7 required, which was not found in the registry

leokim / / 未分类

安装setuptools的时候,不能再注册表中识别出来python2.7

在网上找了方法,仅作笔记,供下次使用

 

方法:

 

新建一个register.py 文件,把一下代码贴进去,保存(G盘)

#
# script to register Python 2.0 or later for use with win32all
# and other extensions that require Python registry settings
#
# written by Joakim Loew for Secret Labs AB / PythonWare
#
# source:
# http://www.pythonware.com/products/works/articles/regpy20.htm
#
# modified by Valentine Gogichashvili as described in http://www.mail-archive.com/distutils-sig@python.org/msg10512.html
 
import sys
 
from _winreg import *
 
# tweak as necessary
version = sys.version[:3]
installpath = sys.prefix
 
regpath = "SOFTWARE\\Python\\Pythoncore\\%s\\" % (version)
installkey = "InstallPath"
pythonkey = "PythonPath"
pythonpath = "%s;%s\\Lib\\;%s\\DLLs\\" % (
    installpath, installpath, installpath
)
 
def RegisterPy():
    try:
        reg = OpenKey(HKEY_CURRENT_USER, regpath)
    except EnvironmentError as e:
        try:
            reg = CreateKey(HKEY_CURRENT_USER, regpath)
            SetValue(reg, installkey, REG_SZ, installpath)
            SetValue(reg, pythonkey, REG_SZ, pythonpath)
            CloseKey(reg)
        except:
            print "*** Unable to register!"
            return
        print "--- Python", version, "is now registered!"
        return
    if (QueryValue(reg, installkey) == installpath and
        QueryValue(reg, pythonkey) == pythonpath):
        CloseKey(reg)
        print "=== Python", version, "is already registered!"
        return
    CloseKey(reg)
    print "*** Unable to register!"
    print "*** You probably have another Python installation!"
 
if __name__ == "__main__":
    RegisterPy()

 

显示“python 2.7 is already registered”

再安装setuptools的时候,就能自动识别出来python2.7了。

win7是 64的原因,在安装python(32位)时,如果选择只为当前用户,以上问题是不会出现的,如果选择所有用户,那就用上面的方法解决吧。

evo transfer to event修改

leokim / / 未分类

今天修改一个transfer to event 的voucher的时候又漏掉了一些东西

哎,涉及到的表一多就是比较麻烦,不同地方的显示取不同地方的comment

记录一下设计到的表

1.voucher

2.voucher_action

3.voucher_batch_action

4.voucher_info_transfer

sap 流程

leokim / / 未分类 
public function csm_voucher_issue_actions( $date )
     {
          $table_name = $this->sap_interface_create_table( $date );
         
          $this->csm_voucher_normal_actions_issuance( $date, $table_name );
          //If the issuance transaction is due to voucher replacement, this field (Replaced voucher) will be marked with 'X'.
          $this->csm_voucher_update_is_replaced($date, $table_name);
          $this->csm_voucher_normal_actions_unissue( $date, $table_name );
          $this->tenant_voucher_normal_actions_issuance( $date, $table_name );
          $this->tenant_voucher_normal_actions_unissue( $date, $table_name );
    
         
         
          $rt = $this->sap_interface_get_results($table_name);
         
          $transaction_date = date('Ymd', strtotime($date . ' 00:00:00'));
          $file_name = 'CSM_ISS_' . $transaction_date;
          return $this->_ftp_to_sap($file_name, $rt);
     }



private function _ftp_to_sap( $file_name, $data )
     {
          $file_name = $file_name . '.csv';
          $local_file = $this->_sap_interface_local_file_name($file_name);
          $remote_file = $this->_sap_interface_remote_file_name($file_name);
         
          //made a copy of the file if existed. so we will be able to trace files.
          if( file_exists($local_file) )
          {
               rename($local_file, $local_file . '.time.' . date ("Ymd_His", filemtime($local_file)) );
          }
         
          $this->_export_sap_interface_file($local_file, $data);
         
          return $this->_ftp_upload($local_file, $remote_file);
     }


private function _ftp_upload($local_file, $remote_file)
     {
          //ilog('SAP Interface, uploading local file: ' . $local_file . ' to remote file: ' . $remote_file);
          $this->load->helper('email');
          if(!file_exists($local_file))
          {
               $error_msg = 'SAP Interface ERROR: cannot find local file: ' . $local_file;
               evo_email_admin( $error_msg );
               elog($error_msg);
          }
         
          if($this->_ftp_really_upload)
          {
               $ftp_result = $this->ftp->upload($local_file, $remote_file);
          }
          else
          {
               $ftp_result = TRUE;
          }
         
          if( !$ftp_result )
          {
               $error_msg = 'SAP Interface ERROR: cannot upload local file: ' . $local_file . ' to remote file: ' . $remote_file;
               evo_email_admin( $error_msg );
             elog($error_msg);
          }
         
          return $ftp_result;
     }

notification 流程记录

leokim / / 未分类

刚写完的不小心回退了结果全都没有了 - =。。 坑爹啊

 

1.调用action_trigger_notification 方法

$this->email_notifications->action_trigger_notification( $action_id, $action_info );

从voucher_lkup_action 里获取到trigger_notification的ids,

然后循环用call_user_func调用这些id对应在voucher_lkup_notification表内notification_name对应的notification_function

public function action_trigger_notification( $action_id, $action_info )
 {
  $details = $this->voucher_lkup->get_action_by_id($action_id);
  //ilog('Action Trigger Notification: <br/> Action Details: ');
  //ilog( array_merge($action_info, $details)  );
  if($details['trigger_notification'] == 'Y' && !empty($details['notification_id']))
  {
   $notification_ids = explode(',', $details['notification_id']);
   foreach($notification_ids as $notification_id)
   {
    $notification_details = $this->_notification_get( $notification_id );
    if($notification_details && $notification_details['is_active'] == 'Y' && !empty($notification_details['notification_function']))
    {
     if(method_exists ($this, $notification_details['notification_function']))
     {
      call_user_func( array($this, $notification_details['notification_function']), $notification_details, $action_info );
     }
    }
   }
  }
 }

比如说我们现在做的是replacement 那action对应的notification的function 是action_replacement_notification_report

在这个function 里会有2个主要的function

1.$this->_notification_get_email_content( 'replacement', $action_info );

2.$this->_notification_send( $notification_details, $notification, $action_info );

private function action_replacement_notification_report( $notification_details, $action_info )
 {
  $date = isset($action_info['action_time']) ? date('Y-m-d', strtotime($action_info['action_time'])) : date('Y-m-d');
  
  $reports = site_url("vreports/view/24/$date/$date");
  $action_info['report_url'] = $reports;
  
  $notification = array();
  $notification['email_content'] = $this->_notification_get_email_content( 'replacement', $action_info );
  
  $this->_notification_send( $notification_details, $notification, $action_info );
 }

 

_notification_get_email_content( $notification_content, $content_data ) 这个function就是来获取email的内容,把定义action_trigger_notification时传进来的action_content也传递进来 传到模版里 然后用view加上true返回邮件内容。

private function _notification_get_email_content( $notification_content, $content_data )
 {

  $folder = $this->config->slash_item('template_module_folder');
  $template_view = $folder . 'notification';
  
  $notification_content = 'notifications/' . $notification_content;

  //set user_name into it.
  $this->load->model('acl/acl_aro');

        $content_data['user_id'] = isset($content_data['user_id']) ? $content_data['user_id'] : $this->_user_id;

        $user_details = $this->acl_aro->get_user_info('', $content_data['user_id']);

        $content_data['user_name'] = isset($content_data['user_name']) ? $content_data['user_name'] : $user_details['user_name'];

        if(empty($user_details))
  {
   $user_details['user_name'] = ''; //cso user.
  }




  $this->load->library('wick');
  $data = array('notification_content' => $this->load->view($notification_content, array_merge($content_data, array('page_data'=>$content_data)), TRUE));
  return $this->load->view($template_view, $data, TRUE);
 }

 

这个function 就时发送邮件啦,根据voucher_lkup_notification 里的target,target_cc等信息来进行发送

private function _notification_send( $notification_details, $notification, $action_info )
 {
  $this->load->helper('email');
  
  $notification['target'] = isset($notification['target']) ? $notification['target'] : $this->_notification_get_target( $notification_details, 'target' );
  $notification['target_cc'] = isset($notification['target_cc']) ? $notification['target_cc'] : $this->_notification_get_target( $notification_details, 'target_cc' );
  $notification['target_bcc'] = isset($notification['target_bcc']) ? $notification['target_bcc'] : $this->_notification_get_target( $notification_details, 'target_bcc' );
  $notification['email_subject'] = isset($notification['email_subject']) ? $notification['email_subject'] : $this->_notification_get_email_subject( $notification_details, $action_info );
  
  if(IS_LOCALHOST)
  {
   ilog( $notification );
  }
  else
  {
   if( empty($notification['target']) )
   {
    //evo_email_admin('No target email found for the notification.' . '<BR />Notification Definition: <BR />' .  var_export($notification_details, TRUE) . '<BR />Notification: <BR />' .  var_export($notification, TRUE) );
    //return FALSE;
   }
   
   if( empty($notification['email_content']) )
   {
    evo_email_admin('Notification content is empty. Kindly check. ' . '<BR />Notification Definition: <BR />' .  var_export($notification_details, TRUE) . '<BR />Notification: <BR />' .  var_export($notification, TRUE));
    return FALSE;
   }
   
   $this->load->library('email');
   
   $config['mailtype'] = 'html';
   $this->email->initialize($config);
   
   $this->email->subject( $notification['email_subject'] );
   $this->email->from( $this->notification_from_email, $this->notification_from_name );
   
   
   $this->email->to( $notification['target'] );
   
   if(!empty( $notification['target_cc'] ))
   {
    $this->email->cc( $notification['target_cc'] );
   }
   
   if(!empty( $notification['target_bcc'] ))
   {
    $this->email->bcc( $notification['target_bcc'] );
   }
   
   $this->email->message( $notification['email_content'] );
   $this->email->send();
  }
  
  return TRUE;
 }

 

获取用户组的方法已经在之前记录过了

http://www.jinleistudio.cn/index.php/posts/92