encryption - 使用 AES-256-CBC 的加密文本长度

Question

使用 openssl_encrypt() 时PHP 中的函数以 AES-256-CBC 作为加密方法对字符串进行加密:

$encrypted = openssl_encrypt($data, "AES-256-CBC", $key, 0, $iv);

我为 $data 尝试了不同的字符串长度，以及由此产生的长度 $encrypted当 $data时会增加达到 16 字节的倍数。但似乎增长并不稳定。
是否有关于 $data的长度的通用公式？和 $encrypted ?

Answer 1

让我引自 https://stackoverflow.com/a/3717552/2393787

With CBC mode, the input data must have a length multiple of the block length, so it is customary to add PKCS#5 padding: if the block length is n, then at least 1 byte is added, at most n, such that the total size is a multiple of n, and the last added bytes (possibly all of them) have numerical value k where k is the number of added bytes. Upon decryption, it suffices to look at the last decrypted byte to recover k and thus know how many padding bytes must be ultimately removed.

Hence, with CBC mode and AES, assuming PKCS#5 padding, if the input data has length d then the encrypted length is (d + 16) & ~15. I am using C-like notation here; in plain words, the length is between d+1 and d+16, and multiple of 16.

这表明，无法使用 CBC 预测加密数据的长度。您应该考虑转向另一种模式。