我该如何动态更改Laravel在Crypt中使用的密钥? [英] How can I dynamically change the keys that Crypt uses in Laravel?

问题描述

我一直在研究如何使用 Laravel加密，因为建造宅基地加密平台已成问题正确地如此.

I have been researching how to use Laravel Encryption as building a homestead encryption platform is frowned upon and rightfully so.

Illuminate\Support\Facades\Crypt::encryptString('This is a secret message from user 1 to user 2');

以上面的示例为例，这是使用我的APP_KEY，它是从我的.env文件派生的，该文件先前是php artisan key:generate生成的.问题是用户1永远不会发出两组密钥以仅与用户2进行通信.用户3、4等仍可以使用Illuminate\Support\Facades\Crypt::decryptString方法读取此消息.

Take the above example, this is using my APP_KEY which derives from my .env file, generation previously by php artisan key:generate. The issue is that user 1 is never issued two sets of keys to communicate only to user 2. User 3, 4 and so on could still read this message using the Illuminate\Support\Facades\Crypt::decryptString method.

当前，我的数据库已设置为具有聊天标头.其中包含有关正在通讯的信息.所有参与者都将使用这些密钥进行加密和解密-因此任何外部用户都无法解密邮件.

Currently, my database is set up to have a chat header. This contains information about what is communicating. All participants will use these keys for encryption and decryption - thus any outside users not being able to decrypt the messages.

public function up()
{
    Schema::create('chat_headers', function(Blueprint $table) {
        $table->increments('id');

        $table->timestamp('created_at')->default(DB::raw('CURRENT_TIMESTAMP'));
        $table->timestamp('updated_at')->default(DB::raw('CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP'));

        $table->string('private_key')->unique();
        $table->string('public_key')->unique();
    });
}

我还有一个聊天参与者，其中包含有关正在与谁进行交流的信息:

I also have a chat participants, this contains information about who is communicating:

public function up()
{
    Schema::create('chat_participants', function(Blueprint $table) {
        $table->increments('id');

        $table->timestamp('created_at')->default(DB::raw('CURRENT_TIMESTAMP'));
        $table->timestamp('updated_at')->default(DB::raw('CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP'));

        $table->integer('user_id')->unsigned();

        # TODO: Build RBAC

        $table->index(['user_id']);
        $table->foreign('user_id')->references('id')->on('users')->onDelete('cascade');
    });
}

最后，我有一个用于消息日志的表.其中包含加密的消息，以及与之关联的聊天室.

Finally, I have a table for message logs. This contains the encrypted message followed by what chat room they're associating with.

public function up()
{
    Schema::create('chat_messages', function(Blueprint $table) {
        $table->increments('id');

        $table->timestamp('created_at')->default(DB::raw('CURRENT_TIMESTAMP'));
        $table->timestamp('updated_at')->default(DB::raw('CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP'));

        $table->integer('chat_id')->unsigned();
        $table->string('message');

        $table->index(['chat_id']);
        $table->foreign('chat_id')->references('id')->on('chat_headers')->onDelete('cascade');
    });
}

如何动态地为Illuminate\Support\Facades\Crypt分配新密钥以用于在聊天方之间加密消息?

How can I dynamically assign new keys to the Illuminate\Support\Facades\Crypt to use in order to encrypt messages between a chat party?

如果这不可能，那么如何使用这两个键来确保聊天中参与者之间的消息安全?我觉得使用Crypt这样做是为了加密"，实际上并没有在用户之间隐藏任何​​内容.

If this is not possible, how can I secure the messages between the participants within a chat using these two keys? I feel like using Crypt for this is 'encrypting for the sake of it' and not actually hiding the content of anything between users.

推荐答案

我建议不要直接使用Crypt门面，而建议使用Laravel Illuminate \ Encryption \ Encrypter，它是用于Crypt门面的类(我使用Laravel 5.6).

I would recommend against using the Crypt facade directly and would instead recommend using the Laravel Illuminate\Encryption\Encrypter which is the class that is used for the Crypt facade (I'm on Laravel 5.6).

这里有一个小代码段，希望对您有所帮助:

Here is a little code snippet that I hope will help:

use Illuminate\Encryption\Encrypter;

//Keys and cipher used by encrypter(s)
$fromKey = base64_decode("from_key_as_a_base_64_encoded_string");
$toKey = base64_decode("to_key_as_a_base_64_encoded_string");
$cipher = "AES-256-CBC"; //or AES-128-CBC if you prefer

//Create two encrypters using different keys for each
$encrypterFrom = new Encrypter($fromKey, $cipher);
$encrypterTo = new Encrypter($toKey, $cipher);

//Decrypt a string that was encrypted using the "from" key
$decryptedFromString = $encrypterFrom->decryptString("gobbledygook=that=is=a=from=key=encrypted=string==");

//Now encrypt the decrypted string using the "to" key
$encryptedToString = $encrypterTo->encryptString($decryptedFromString);

如果您想查看外观的加载代码，则位于vendor \ laravel \ framework \ src \ Illuminate \ Encryption \ EncryptionServiceProvider中.

If you would like to see the facade loading code it is in vendor\laravel\framework\src\Illuminate\Encryption\EncryptionServiceProvider.

这篇关于我该如何动态更改Laravel在Crypt中使用的密钥?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！