我们如何在PHP中使用GCM模式加密？ [英] How Can We Use GCM Mode Encryption in PHP?

问题描述

我一直在阅读很多关于 GCM 的知识，以及如何真棒，而且我想知道如何使用 PHP使用 AES-GCM 身份验证加密即可。是否支持 mcrypt（）？我在Codeigniter框架文档中找到了一些对 GCM 的引用，这使我相信可以在 Codeigniter 。

I have been reading a lot about GCM and how awesome it is and I would like to know how could I use AES-GCM authenticated encryption using PHP. Is it supported in mcrypt()? I found some references to GCM in the Codeigniter framework documentation which leads me to believe it is possible to use in Codeigniter.

而且，我还在文档中遇到了一些关于 Zend 的内容。我不想使用一个 Codeigniter 驱动程序，尽管我不使用任何框架，也不打算为我目前的项目。然而，在我看来，如果Codeigniter 能够做到这一点，那么我们应该能够没有框架。

And I also came across something in a doc about Zend. I'm not looking to use a Codeigniter driver though as I don't use any framework and don't intend to for my current projects. It seems to me however that if Codeigniter is able to do it then so should we be able to without the framework.

看起来好像 GCM 是安全性能和性能方面（我看到非常令人印象深刻的性能数字）。我的感觉是我们需要这个，但我找不到任何例子。有人必须了解如何实现这一点。我知道它支持 OpenSSL 。

It seems as though GCM is the way to go for security as well as performance (I saw very impressive performance figures). My feeling is we need this but I can't find any examples. Someone must have an idea of how to accomplish this. I know it is supported by OpenSSL.

任何帮助将不胜感激。

推荐答案

你在这里提出几个问题，所以我要分别解决上述问题：

You ask several questions here, so I'm going to address them separately as stated above:

是否支持mcrypt（）？

Is it supported in mcrypt()?

不，mcrypt本身不支持AES加密。然而，它支持Rijndael（发音为rain-doll），这是AES的基本算法。 AES被定义为Rijndael的一组特定参数，因此您可以使用适当的参数来匹配AES，但GCM模式不可用。

No, mcrypt does not support AES encryption per se. It does, however, support Rijndael (pronounced like 'rain-doll'), which is the base algorithm for AES. AES is defined as a specific set of parameters for Rijndael, so you can use the appropriate parameters to match AES, but GCM mode is not available.

似乎GCM是安全性以及
性能的方式（我看到非常令人印象深刻的性能数字）。我的感觉是
我们需要这个，但我找不到任何例子。

It seems as though GCM is the way to go for security as well as performance (I saw very impressive performance figures). My feeling is we need this but I can't find any examples.

不幸的是，这是错误的方法去选择一个安全模型或实现。不同的算法和密码模式有不同的用途和应用错误的模式，例如，即使您使用像AES这样明显强大的密码，也可能使应用程序容易受到攻击。 GCM是非常好的，因为这种模式一次提供加密和身份验证。并不是所有的应用程序都需要同时使用，也可能使用它们，从而削弱其设计的强度。您将需要做功课，以确保这是您的应用程序使用的正确模式，以及目前使用的最低参数是什么。

Unfortunately, this is the wrong way to go about choosing a security model or implementation. Different algorithms and cipher modes have different uses and applying the wrong mode, for example, can leave your application vulnerable to attacks even if you are using an apparently strong cipher like AES. GCM is very well spoken off because this mode offers encryption and authentication in one shot. Not all applications need both or may use them in such a way that weakens their designed strength. You will need to do your homework to ensure this is the correct mode to use for your application and what are the current minimum parameters to use.

除非您是安全专家你使用一个经过验证的框架好多了。实施自己的加密或安全管理从来不是一个好主意，因为很容易犯错误，可以让您对简单的攻击开放。最好的选择是找到一个开源，经过验证和验证的框架，完成您想要完成的工作，并仔细配置以满足您的需求。之后，保持框架修补和更新是关键。

Unless you are a security expert, you are much better off using a proven framework. It's never a good idea to implement your own encryption or security management because it is very easy to make mistakes that can leave you wide open to simple attacks. The best option is to find an open source, proven and tested, framework that does what you want to accomplish and carefully configure it to suit your needs. After that, it is key to keep the framework patched and up to date.

由于您提及AES-GCM的性能统计信息，是的，它在现代表现非常好CPU（i7和更新版本）具有专门设计的硬件支持，以加速所需的操作。如果您的服务器或客户端没有硬件加速，则 AES-GCM将会慢一点。除了实际的硬件支持之外，您使用的软件库是关键，因为它需要调用所需的硬件才能利用增加的速度。

Since you mention performance statistics for AES-GCM, yes, it does perform very well on modern CPUs (i7 and newer), which have hardware support specifically designed to accelerate the operations needed. If your server or clients do not have hardware acceleration, AES-GCM will be much slower. In addition to actual hardware support, the software library you use is key, because it will need to invoke the needed hardware in order to take advantage of the increased speed.

我知道它是由OpenSSL支持的。

I know it is supported by OpenSSL.

OpenSSL是实现AES-GCM的这种库之一如果AES-NI（硬件加速技术）可用，确实会有好处。

OpenSSL is one of such libraries that implement AES-GCM and it does take advantage if AES-NI (the hardware acceleration technology) when available.

坏消息是，今天（2015年2月初）的PHP扩展程序不支持实现AES-GCM的特定库。急于使用GCM源于最近在SSL协议中发现的漏洞，这些漏洞最终迫使每个人都迁移到TLS并通过身份验证进入加密模式。即使安全专家多年来一直在推动这样的行动，但服务器和浏览器制造商一直在拖曳彼此，等待彼此走向认证加密的第一步。我们终于开始看到正确的方向运动。

The bad news is that the PHP extensions available today (early February 2015) do not support the specific library that implements AES-GCM. The rush to use GCM stems from the recent vulnerabilities found in the SSL protocol, which are finally forcing everyone to migrate to TLS and to an encryption mode with authentication. Even though security experts had been pushing for such a move for years, both server and browser makers had been dragging their feet waiting for each other to take the first steps toward Authenticated Encryption. We are finally starting to see movement in the right direction.

我相信今年晚些时候我们终将在PHP中使用AES-GCM，但现在不能免费使用

I believe later this year we will finally have AES-GCM in PHP, but for now it is not freely available.

有些信息来源：
http://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption 显示EVP库。利用AES-NI的AES-GCM的高级实施

Some info sources: http://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption Which shows the EVP library. A high-level implementation of AES-GCM that takes advantage of AES-NI

http://phpaes.com PHP的AES实现。我不知道他们是否被正确测试，或者是否使用硬件加速。他们不提供GCM，但它可能是一个很好的学习工具。

http://phpaes.com An AES implementation for PHP. I do not know if they have been properly tested, or if they use hardware acceleration. They do not offer GCM, but it may be a good learning tool.

这篇关于我们如何在PHP中使用GCM模式加密？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！