使用PHP加密图像以存储在MySQL BLOB中,然后解密并打印 [英] Using PHP to encrypt image for storage in MySQL BLOB then decrypt and print
问题描述
我正在尝试拍摄上载的图像,对图像进行加密,将其存储在MySQL中,然后在授权人员请求查看图像时将其解密以供显示.
I'm trying to take an uploaded image, encrypt the image, store it in MySQL, then decrypt it for display when an authorized person requests to see it.
这是我当前的加密方式:
Here's how I'm currently encrypting:
$image = addslashes(file_get_contents($_FILES['users_image']['tmp_name']));
$enc_image = encrypt($image, "long secret random key");
然后将$enc_image存储在MySQL BLOB字段中.当我尝试解密并打印它时,就像这样:
Then I store the $enc_image in a MySQL BLOB field. When I try to decrypt it and print it goes like so:
$img = decrypt($rec['file'], "long secret random key");
echo '<img src="data:image/jpeg;base64,'.base64_encode($img).'"/>';
我正在使用此Stackoverflow答案中的代码,并且看到解密的base-64文本,在我的输出中,但不会通过HTML显示.以下是尝试恢复的加密图像示例: https://pastebin.com/miDCP3Gz
I'm using this code from this Stackoverflow answer, and I'm seeing the decrypted base-64 text, in my output, but it doesn't display via HTML. Here is a sample encrypted image's attempt at being recovered: https://pastebin.com/miDCP3Gz
注意:我的长秘密随机密钥"包括一个散列的随机唯一盐,但是我确定我要使用相同的字符串进行加密和解密.
NOTE: My "long secret random key" includes a hashed random unique salt, but I am sure I am encrypting and decrypting with the same string.
您知道为什么无法正确显示吗?
Any idea why this wouldn't be displaying correctly?
推荐答案
-
确保图像足够小或存储位置足够大.如果您有超过65kB的东西,则需要一个长blob,而不是blob.超过该大小的任何内容都会被截断并丢失.
Make sure your image is small enough or your storage location is large enough. If you have anything over 65kB you need a longblob not a blob. Anything over that size will be truncated and lost.
在插入数据库之前将加号移动到右边,而不是在加密之前移动.单引号(或双引号,取决于您使用的是哪一个)指定MySQL引擎的字符串的开头和结尾. addlashes函数对这些字符和其他特殊字符进行转义,以防止它们使它们的MySQL引擎混乱.在加密之前,您在执行记录时将记录添加到数据库的事实仅仅是偶然的机会.
Move the addslashes to right before insertion into the DB, NOT before the encryption. Single quotes (or double depending on which you are using) designate the beginning and end of a string to the MySQL engine. The addslashes function escapes these and other special characters to prevent them from confusing they MySQL engine. The fact that it adds the record to the DB with you performing it before the encryption is merely random chance.
您应该知道这些图像已作为临时文件保存在服务器上.除非采取特殊预防措施,否则其中的数据将保留在HDD的空闲空间中.对手可以使用取证或恢复工具轻松地检索到它.
You should know that these images are being saved on the server as temporary files. Unless special precautions are taken, the data in them will remain in the slack space on the HDD. It can easily be retrieved by an adversary using forensics or restoration tools.
标记:
<html>
<head><title>Picture</title></head>
<body>
<form enctype="multipart/form-data" action="file.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="600000" />
<input type="file" name="users_image"/>
<input type="submit" text="Upload">
</form>
<?
if($_SERVER['REQUEST_METHOD'] === 'POST')
{
$image = file_get_contents($_FILES['users_image']['tmp_name']);
//encrypt
$cipher = "aes-128-cbc";
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$key = openssl_random_pseudo_bytes(128);
$ciphertext = openssl_encrypt($image, $cipher, $key, $options=0, $iv);
//add to DB
$mysqli = mysqli_connect("localhost","testu","","test");
$query = "INSERT INTO blobtbl(pics) VALUES (\"" . addslashes($ciphertext) ."\")";
$mysqli->query($query);
$id = mysqli_insert_id($mysqli);
//retrieve from DB
$sql = "SELECT * FROM blobtbl WHERE id = $id";
$res = $mysqli->query($sql);
$row=mysqli_fetch_assoc($res);
$newciphertext = $row['pics'];
//decrpyt and display
$img = openssl_decrypt($newciphertext, $cipher, $key, $options=0, $iv);
echo '<img src="data:image/jpeg;base64,'.base64_encode($img).'"/>';
echo "<br>Did it work?";
}
?>
</body>
</html>
这篇关于使用PHP加密图像以存储在MySQL BLOB中,然后解密并打印的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
