正确的 PHP mcrypt 加密方法？

发布于 2024-12-05 09:30:22 字数 560 浏览 0 评论 0原文

好吧，我尝试使用 PHP mcrypt 创建自己的加密/解密方法，当我不久前发布它们时，有些人称它们为“垃圾”。他们提到了“初始化向量”之类的事情。基本上，我怎样才能使这些加密方法变得更好：

function encrypt($key, $data){
    $encrypted_data = mcrypt_cbc(MCRYPT_RIJNDAEL_192, $key, $data, MCRYPT_ENCRYPT);
    return base64_encode($encrypted_data);
}

function decrypt($key, $encryptedData){
    $dec = base64_decode($encryptedData);
    $decrypt = mcrypt_cbc(MCRYPT_RIJNDAEL_192, $key, $dec, MCRYPT_DECRYPT);
    return trim($decrypt);
}

我希望这些方法能发挥最大作用，除非我在 mcrypt 方面处于一个全新的世界，欢迎任何建议，谢谢！

原文

Ok, I have tried to create my own encryption/decryption methods using PHP mcrypt, and when I posted them a while back some called them "trash". They were mentioning things about "Initialization Vectors" and such. Basically, how can I make these cryptography methods better:

function encrypt($key, $data){
    $encrypted_data = mcrypt_cbc(MCRYPT_RIJNDAEL_192, $key, $data, MCRYPT_ENCRYPT);
    return base64_encode($encrypted_data);
}

function decrypt($key, $encryptedData){
    $dec = base64_decode($encryptedData);
    $decrypt = mcrypt_cbc(MCRYPT_RIJNDAEL_192, $key, $dec, MCRYPT_DECRYPT);
    return trim($decrypt);
}

I want these to work the best they can except I am a duck in a brand new world when it comes to mcrypt, any suggestions are welcome, thanks!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

羁客 2024-12-12 09:30:22

这是我使用的 mcrypt 函数的片段。它们使用 mcrypt_generic 和 mdecrypt_generic，应根据 PHP 手册。

function encrypt($key, $data){
    $b = mcrypt_get_block_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
    $enc = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
    $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($enc), MCRYPT_DEV_URANDOM);
    mcrypt_generic_init($enc, md5($key), $iv);

    // PKCS7 Padding from: https://gist.github.com/1077723
    $dataPad = $b-(strlen($data)%$b);
    $data .= str_repeat(chr($dataPad), $dataPad);

    $encrypted_data = mcrypt_generic($enc, $data);

    mcrypt_generic_deinit($enc);
    mcrypt_module_close($enc);

    return array(
        'data' => base64_encode($encrypted_data),
        'iv' => base64_encode($iv)
    );
}

function decrypt($key, $iv, $encryptedData){
    $iv = base64_decode($iv);
    $enc = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
    mcrypt_generic_init($enc, md5($key), $iv);

    $encryptedData = base64_decode($encryptedData);
    $data = mdecrypt_generic($enc, $encryptedData);
    mcrypt_generic_deinit($enc);
    mcrypt_module_close($enc);

    // PKCS7 Padding from: https://gist.github.com/1077723
    $dataPad = ord($data[strlen($data)-1]);

    return substr($data, 0, -$dataPad);
}

我对 mcrypt 也不太了解，所以我只是将它们组合在一起。我对密钥进行 md5 处理，使其始终为 32 个字符（最大密钥长度），然后随机计算“初始化向量”。

使用 PKCS7 填充更好，因为您可以使用以空格结尾的字符串（因为 trim 会删除它），当字符串达到一定长度时，加密也会更有效。

我在这里使用 AES 256 (MCRYPT_RIJNDAEL_256)，但 AES 192 (MCRYPT_RIJNDAEL_192) 也可以。

演示：http://ideone.com/WA5Tk

Here is a snippet of the mcrypt functions I use. They use mcrypt_generic and mdecrypt_generic, which should be used according to the PHP manual.

function encrypt($key, $data){
    $b = mcrypt_get_block_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
    $enc = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
    $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($enc), MCRYPT_DEV_URANDOM);
    mcrypt_generic_init($enc, md5($key), $iv);

    // PKCS7 Padding from: https://gist.github.com/1077723
    $dataPad = $b-(strlen($data)%$b);
    $data .= str_repeat(chr($dataPad), $dataPad);

    $encrypted_data = mcrypt_generic($enc, $data);

    mcrypt_generic_deinit($enc);
    mcrypt_module_close($enc);

    return array(
        'data' => base64_encode($encrypted_data),
        'iv' => base64_encode($iv)
    );
}

function decrypt($key, $iv, $encryptedData){
    $iv = base64_decode($iv);
    $enc = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
    mcrypt_generic_init($enc, md5($key), $iv);

    $encryptedData = base64_decode($encryptedData);
    $data = mdecrypt_generic($enc, $encryptedData);
    mcrypt_generic_deinit($enc);
    mcrypt_module_close($enc);

    // PKCS7 Padding from: https://gist.github.com/1077723
    $dataPad = ord($data[strlen($data)-1]);

    return substr($data, 0, -$dataPad);
}

I don't know much about mcrypt either, so I just kinda hacked these together. I md5 the key so it's always 32 characters (the max key length), and I randomly calculate an "Initialization Vector".

Using PKCS7 Padding is better because you can have strings that end in white space (as trim would remove that), also the encryption is more efficient when the string is a certain length.

I'm using AES 256 (MCRYPT_RIJNDAEL_256) here, but AES 192 (MCRYPT_RIJNDAEL_192) would work too.

Demo: http://ideone.com/WA5Tk

回复收藏 0 原文

噩梦成真你也成魔 2024-12-12 09:30:22

您可以使用 mcrypt_create_iv() 创建一个 iv，并使用适合您的加密模式的大小。

$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_192, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);

然后将其作为可选的第 5 个参数传递给 mcrypt_cbc()。我对原始函数所做的唯一更改是传入 $iv：

function encrypt($key, $data, $iv){
    $encrypted_data = mcrypt_cbc(MCRYPT_RIJNDAEL_192, $key, $data, MCRYPT_ENCRYPT, $iv);
    return base64_encode($encrypted_data);
}

function decrypt($key, $encryptedData, $iv){
    $dec = base64_decode($encryptedData);
    $decrypt = mcrypt_cbc(MCRYPT_RIJNDAEL_192, $key, $dec, MCRYPT_DECRYPT, $iv);
    return trim($decrypt);
}

You can create an iv with mcrypt_create_iv(), using the appropriate size for your encryption mode.

$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_192, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);

Then pass it to mcrypt_cbc() as the optional 5th parameter. The only changes I've made here to your original functions are to pass in $iv:

function encrypt($key, $data, $iv){
    $encrypted_data = mcrypt_cbc(MCRYPT_RIJNDAEL_192, $key, $data, MCRYPT_ENCRYPT, $iv);
    return base64_encode($encrypted_data);
}

function decrypt($key, $encryptedData, $iv){
    $dec = base64_decode($encryptedData);
    $decrypt = mcrypt_cbc(MCRYPT_RIJNDAEL_192, $key, $dec, MCRYPT_DECRYPT, $iv);
    return trim($decrypt);
}

回复收藏 0 原文

~没有更多了~