aes-128-cbc和aes-128加密有什么区别吗?
I want to know if there is any difference between these two encryption methods? I never used these before. My client asked me to use AES-128 encryption but when I google it, it show me "aes-128-cbc", "aes-128-ctr", "aes-256-cbc", or "aes-256-ctr" so I want to know which one I should use that will be like AES-128?
reference link : this is where I have to send encryption method
我想知道这两种加密方法之间是否有任何区别? 我之前从未使用过这些。 我的客户要求我使用AES-128加密,但当我谷歌时,它会显示“aes-128-cbc”,“aes-128-ctr”,“aes-256-cbc”或“aes-256-ctr” “所以我想知道我应该使用哪一个像AES-128? p>
参考链接:这是我必须发送加密方法的地方 p> div>
3 things:
- AES: Advanced Encryption Standard. This is the name of the encryption algorithm (symmetric encryption). Other symmetric encryption algorithms are: DES, 3-DES etc.
- 128: This probably refers to the key size. AES encryption uses 3 key sizes (128bit, 192bit and 256bit). Block size in AES is also 128 bits.
- CBC: This is the mode of encryption that you want. There are number of modes of encryption, which depends on how fast you want your algorithm to work, parallelism and level of security. A few modes are CBC(Cipher Block Chaining), ECB(Electronic Code Book), CFB(Cipher Feed Back), CTR (Counter) etc.
Now, your client asked you to encrypt using AES-128. So, you should be using AES encryption with 128 bit key size. Any mode you can use will be of your preference. I'd prefer CBC.
Looking at the link you included, it says it will accept a number of different modes, including CBC. Unless you have a specific reason not to use it, then use AES-128-CBC. CBC mode is a good general-purpose mode. You will also need to understand the use of padding (use PKCS#5 or PKCS#7, whatever one your system allows) and an Initialisation Vector, IV, in order for CBC mode to work correctly.
Do not use ECB mode, since it is insecure and leaks information.
Just a quick note on CBC vs ECB. When you encrypt using ECB, every 128 bit (depending on the block size) of data gets encrypted with the same key. If there is any pattern in the plaintext, the resulting encrypted text will also be predictable, no matter how good the encryption algorithm is.
ECB:
Plain text: aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa
---------------- ---------------- ----------------
Encrypted: bdefjakjapqeiowp bdefjakjapqeiowp bdefjakjapqeiowp
If you use CBC, the first block gets XOR'd with the IV (initialization vector) and encrypted with the key and the second block gets XOR'd with the first block and then encrypted with the key, the third with the second. The resulting cipher is then less vulnerable to frequency analysis.
This image is taken from Wikimedia Commons, the free media repository
The disadvantage is that you cannot parallelize the encryption/decryption since you need the result of the previous block, so it may be slower. But in practice, it makes no real difference.
Here aes-128-cbc and aes-128. aes stands for advanced encryption service, 128 is the bit rate, and CBC is the mode of encryption.
However, this is recited and used only in OPEN SSL Formats. Prior to Open SSL, PHP used mcrypt_encrypt which was not properly designed (older versions of PHP).
aes-128 can also be reffered to as rijndael while using mcrypt.