PHP,Java,Go 通用的AES加解密方法

核心思路就是加密时先随机生成16位向量iv,再将iv和密文拼接后base64encode后输出解密时前16位是向量iv，剩下是密文。

PHP:

<?php
class Aes
{
    protected static $method = 'AES-256-CBC';

    public static function encrypt($data, $key)
    {
        $ivLen = openssl_cipher_iv_length(static::$method);
        $iv = openssl_random_pseudo_bytes($ivLen);
        $text = openssl_encrypt($data, static::$method, $key, OPENSSL_RAW_DATA, $iv);
        return self::safetyBase64Encode($iv . $text);
    }

    public static function decrypt($text, $key)
    {
        $cipherText = self::safetyBase64Decode($text);
        $ivLen = openssl_cipher_iv_length(static::$method);
        $iv = substr($cipherText, 0, $ivLen);
        $cipherText = substr($cipherText, $ivLen);
        $data = openssl_decrypt($cipherText, static::$method, $key, OPENSSL_RAW_DATA, $iv);
        return $data;
    }

    public static function safetyBase64Encode($text)
    {
        $text = base64_encode($text);
        $text = str_replace(['+','/'],['-','_'],$text);
        return $text;
    }

	  public static function safetyBase64Decode($text)
    {
        $text = str_replace(['-','_'],['+','/'],$text);
        $text = base64_decode($text);
        return $text;
    }
}

Java:

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;
import java.net.URLDecoder;


class Aes {
    public static String encrypt(String key, String initVector, String value) {
        try {
            IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
            SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");

            Cipher cipher = Cipher.getInstance("AES_256/CBC/PKCS5PADDING");
            cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);

            byte[] encrypted = cipher.doFinal(value.getBytes());
            System.out.println("encrypted string: "
                    + Base64.getEncoder().encode(encrypted));

            return new String(Base64.getEncoder().encode(encrypted), "UTF-8");
        } catch (Exception ex) {
            ex.printStackTrace();
        }

        return null;
    }

    public static String decrypt(String key, byte[] initVector, byte[] encrypted) {
        try {
            IvParameterSpec iv = new IvParameterSpec(initVector);
            SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");

            Cipher cipher = Cipher.getInstance("AES_256/CBC/PKCS5PADDING");
            cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);

            byte[] original = cipher.doFinal(encrypted);

            return new String(original, "UTF-8");
        } catch (Exception ex) {
            ex.printStackTrace();
        }

        return null;
    }

    public static void main(String[] args) {
        String encryptString = args[0];
        String key = "abcdabcdabcdabcdabcdabcdabcdabcd"; // 128 bit key

        try {
            encryptString = URLDecoder.decode(encryptString, "utf-8");
            encryptString = encryptString.replace("-", "+").replace("_", "/");

            byte[] encryptBytes = Base64.getDecoder().decode(encryptString);
            byte[] ivBytes = new byte[16];
            byte[] cipherBytes = new byte[encryptBytes.length - 16];

            System.arraycopy(encryptBytes, 0, ivBytes, 0, 16);
            System.arraycopy(encryptBytes, 16, cipherBytes, 0, encryptBytes.length - 16);

            String raw = decrypt(key, ivBytes, cipherBytes);
            System.out.println(raw);
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }
}

Go:

package main

import (
	"bytes"
	"crypto/aes"
	"crypto/cipher"
	"crypto/rand"
	"encoding/base64"
	"errors"
	"fmt"
	"io"
)

//填充
func pad(src []byte) []byte {
	padding := aes.BlockSize - len(src)%aes.BlockSize
	padtext := bytes.Repeat([]byte{byte(padding)}, padding)
	return append(src, padtext...)
}

func unpad(src []byte) ([]byte, error) {
	length := len(src)
	unpadding := int(src[length-1])

	if unpadding > length {
		return nil, errors.New("unpad error. This could happen when incorrect encryption key is used")
	}

	return src[:(length - unpadding)], nil
}

func encrypt(key []byte, text string) (string, error) {
	block, err := aes.NewCipher(key)
	if err != nil {
		return "", err
	}

	msg := pad([]byte(text))
	ciphertext := make([]byte, aes.BlockSize+len(msg))

	//随机生成向量
	iv := ciphertext[:aes.BlockSize]
	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
		return "", err
	}

	mode := cipher.NewCBCEncrypter(block, iv)
	mode.CryptBlocks(ciphertext[aes.BlockSize:], msg)
	
	finalMsg := (base64.StdEncoding.EncodeToString(ciphertext))

	return finalMsg, nil
}

func decrypt(key []byte, text string) (string, error) {
	block, err := aes.NewCipher(key)
	if err != nil {
		return "", err
	}

	decodedMsg, err := base64.StdEncoding.DecodeString((text))

	if err != nil {
		return "", err
	}

	if (len(decodedMsg) % aes.BlockSize) != 0 {
		return "", errors.New("blocksize must be multipe of decoded message length")
	}

	iv := decodedMsg[:aes.BlockSize]
	msg := decodedMsg[aes.BlockSize:]

	mode := cipher.NewCBCDecrypter(block, iv)
	mode.CryptBlocks(msg, msg)

	unpadMsg, err := unpad(msg)
	if err != nil {
		return "", err
	}

	return string(unpadMsg), nil
}

func main() {
	key := []byte("abcdabcdabcdabcdabcdabcdabcdabcd")
	encryptText, _ := encrypt(key, "hello")

	fmt.Printf("encrypt text is %s \n", encryptText)

	rawText, err := decrypt(key, encryptText)
	if err != nil {
		fmt.Println(err)
		return
	}

	fmt.Printf("raw text is %s \n", rawText)
}