正确的PHP mcrypt加密方法? [英] proper PHP mcrypt encryption methods?

问题描述

好吧，我尝试使用PHP mcrypt创建自己的加密/解密方法，当我将它们发布一段时间后，有人将其称为垃圾箱".他们提到的是有关初始化向量"的内容.基本上，如何使这些加密方法更好:

Ok, I have tried to create my own encryption/decryption methods using PHP mcrypt, and when I posted them a while back some called them "trash". They were mentioning things about "Initialization Vectors" and such. Basically, how can I make these cryptography methods better:

function encrypt($key, $data){
    $encrypted_data = mcrypt_cbc(MCRYPT_RIJNDAEL_192, $key, $data, MCRYPT_ENCRYPT);
    return base64_encode($encrypted_data);
}

function decrypt($key, $encryptedData){
    $dec = base64_decode($encryptedData);
    $decrypt = mcrypt_cbc(MCRYPT_RIJNDAEL_192, $key, $dec, MCRYPT_DECRYPT);
    return trim($decrypt);
}

我希望这些人尽其所能，除了在mcrypt上我是一个崭新的世界中的鸭子，欢迎提出任何建议，谢谢！

I want these to work the best they can except I am a duck in a brand new world when it comes to mcrypt, any suggestions are welcome, thanks!

推荐答案

以下是我使用的mcrypt函数的摘要.它们使用mcrypt_generic和mdecrypt_generic，应根据 PHP手册使用.

Here is a snippet of the mcrypt functions I use. They use mcrypt_generic and mdecrypt_generic, which should be used according to the PHP manual.

function encrypt($key, $data){
    $b = mcrypt_get_block_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
    $enc = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
    $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($enc), MCRYPT_DEV_URANDOM);
    mcrypt_generic_init($enc, md5($key), $iv);

    // PKCS7 Padding from: https://gist.github.com/1077723
    $dataPad = $b-(strlen($data)%$b);
    $data .= str_repeat(chr($dataPad), $dataPad);

    $encrypted_data = mcrypt_generic($enc, $data);

    mcrypt_generic_deinit($enc);
    mcrypt_module_close($enc);

    return array(
        'data' => base64_encode($encrypted_data),
        'iv' => base64_encode($iv)
    );
}

function decrypt($key, $iv, $encryptedData){
    $iv = base64_decode($iv);
    $enc = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
    mcrypt_generic_init($enc, md5($key), $iv);

    $encryptedData = base64_decode($encryptedData);
    $data = mdecrypt_generic($enc, $encryptedData);
    mcrypt_generic_deinit($enc);
    mcrypt_module_close($enc);

    // PKCS7 Padding from: https://gist.github.com/1077723
    $dataPad = ord($data[strlen($data)-1]);

    return substr($data, 0, -$dataPad);
}

我对mcrypt也不太了解，所以我只是将它们一起砍掉了.我md5密钥，所以它总是32个字符(最大密钥长度)，然后随机计算一个初始化向量".

I don't know much about mcrypt either, so I just kinda hacked these together. I md5 the key so it's always 32 characters (the max key length), and I randomly calculate an "Initialization Vector".

使用 PKCS7填充更好，因为您可以使用结尾的字符串在空格中(如trim会删除该字符串)，当字符串一定长度时，加密也会更有效.

Using PKCS7 Padding is better because you can have strings that end in white space (as trim would remove that), also the encryption is more efficient when the string is a certain length.

我在这里使用AES 256(MCRYPT_RIJNDAEL_256)，但是AES 192(MCRYPT_RIJNDAEL_192)也可以工作.

I'm using AES 256 (MCRYPT_RIJNDAEL_256) here, but AES 192 (MCRYPT_RIJNDAEL_192) would work too.

演示: http://ideone.com/WA5Tk

这篇关于正确的PHP mcrypt加密方法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！