正确的PHP mcrypt加密方法? [英] proper PHP mcrypt encryption methods?
问题描述
好吧,我尝试使用PHP mcrypt
创建自己的加密/解密方法,当我将它们发布一段时间后,有人将其称为垃圾箱".他们提到的是有关初始化向量"的内容.基本上,如何使这些加密方法更好:
Ok, I have tried to create my own encryption/decryption methods using PHP mcrypt
, and when I posted them a while back some called them "trash". They were mentioning things about "Initialization Vectors" and such. Basically, how can I make these cryptography methods better:
function encrypt($key, $data){
$encrypted_data = mcrypt_cbc(MCRYPT_RIJNDAEL_192, $key, $data, MCRYPT_ENCRYPT);
return base64_encode($encrypted_data);
}
function decrypt($key, $encryptedData){
$dec = base64_decode($encryptedData);
$decrypt = mcrypt_cbc(MCRYPT_RIJNDAEL_192, $key, $dec, MCRYPT_DECRYPT);
return trim($decrypt);
}
我希望这些人尽其所能,除了在mcrypt
上我是一个崭新的世界中的鸭子,欢迎提出任何建议,谢谢!
I want these to work the best they can except I am a duck in a brand new world when it comes to mcrypt
, any suggestions are welcome, thanks!
推荐答案
以下是我使用的mcrypt函数的摘要.它们使用mcrypt_generic
和mdecrypt_generic
,应根据 PHP手册使用.
Here is a snippet of the mcrypt functions I use. They use mcrypt_generic
and mdecrypt_generic
, which should be used according to the PHP manual.
function encrypt($key, $data){
$b = mcrypt_get_block_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$enc = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($enc), MCRYPT_DEV_URANDOM);
mcrypt_generic_init($enc, md5($key), $iv);
// PKCS7 Padding from: https://gist.github.com/1077723
$dataPad = $b-(strlen($data)%$b);
$data .= str_repeat(chr($dataPad), $dataPad);
$encrypted_data = mcrypt_generic($enc, $data);
mcrypt_generic_deinit($enc);
mcrypt_module_close($enc);
return array(
'data' => base64_encode($encrypted_data),
'iv' => base64_encode($iv)
);
}
function decrypt($key, $iv, $encryptedData){
$iv = base64_decode($iv);
$enc = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init($enc, md5($key), $iv);
$encryptedData = base64_decode($encryptedData);
$data = mdecrypt_generic($enc, $encryptedData);
mcrypt_generic_deinit($enc);
mcrypt_module_close($enc);
// PKCS7 Padding from: https://gist.github.com/1077723
$dataPad = ord($data[strlen($data)-1]);
return substr($data, 0, -$dataPad);
}
我对mcrypt
也不太了解,所以我只是将它们一起砍掉了.我md5
密钥,所以它总是32个字符(最大密钥长度),然后随机计算一个初始化向量".
I don't know much about mcrypt
either, so I just kinda hacked these together. I md5
the key so it's always 32 characters (the max key length), and I randomly calculate an "Initialization Vector".
使用 PKCS7填充更好,因为您可以使用结尾的字符串在空格中(如trim
会删除该字符串),当字符串一定长度时,加密也会更有效.
Using PKCS7 Padding is better because you can have strings that end in white space (as trim
would remove that), also the encryption is more efficient when the string is a certain length.
我在这里使用AES 256(MCRYPT_RIJNDAEL_256),但是AES 192(MCRYPT_RIJNDAEL_192)也可以工作.
I'm using AES 256 (MCRYPT_RIJNDAEL_256) here, but AES 192 (MCRYPT_RIJNDAEL_192) would work too.
这篇关于正确的PHP mcrypt加密方法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!