Detailed explanation of php encryption and decryption

I don’t know how much you know about PHP encryption and decryption. This article mainly shares with you the knowledge about PHP encryption and decryption. I hope it can help you.

A symmetric encryption

1. Symmetric encryption of mycyrpt:

/** 
* @param $key  //数据加密密钥 由自己定义,长度有限制 string 
* @param $string  //需要进行加解密的字符串 string 
* @param $decrypt //加密还是解密 (最简单的,0代表加密,1代表解密) 
* @return string */
function encryptDecrypt($key, $string, $decrypt)
{   
 if(!$decrypt){        
 //加密        
 $encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));        
 return $encrypted;    
 }else{       
 //解密        
 $decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($string), MCRYPT_MODE_CBC, md5(md5($key))), "12");        
 return $decrypted;    
 }

}//使用方法:echo encryptDecrypt('passwordgg', 'Hello欢迎您',0);  
//加密  
ZbKOQy8uarg6nsIrpjZnJvaIDMuAAIBH3sjhBEqYujM=echo encryptDecrypt('passwordgg', 'ZbKOQy8uarg6nsIrpjZnJvaIDMuAAIBH3sjhBEqYujM=',1);  
//解密  
Hello欢迎您

Note: This method has been abandoned since php7.1, and openssl_encrypt and openssl_decrypt are used. The official recommendation is to use the openssl family for encryption and decryption

2. Symmetric encryption in the OpenSSL extension

/** 
* @param string $data 需要加解密的数据字符串 string
* @param int $yes 加密还是解密(1表示加密,0表示解密) 
* @param string $key 数据加密密钥 
* @param string $iv 初始化向量 //注:这里为了显示效果,暂时将iv存储到session中, 
* @param string $iv 实际应用中,应该将iv和加密后的字符串都存储在数据库 
* @param string $encryptMethod  
数据加密方式 100余种,可通过openssl_get_cipher_methods()函数获取, 
* @param string $encryptMethod  选择其中一种(如果选择cbc结尾的加密算法,
需要初始化向量iv,如本例) 
* @return string 
*/
function openssl_crypt($data='',$yes=1,$key='secret',$iv='',$encryptMethod='aes-256-cbc'){    
if($yes)
{        
$ivLength = openssl_cipher_iv_length($encryptMethod); //获取该加密算法iv应该具有的长度        
$iv = openssl_random_pseudo_bytes($ivLength, $isStrong); //生成iv(初始化向量)       
 if (false === $iv && false === $isStrong) 
 {            
 die('IV generate failed');        
 }        
//加密        
$encrypted = openssl_encrypt($data, $encryptMethod, $key, 0, $iv);        
$_SESSION['iv']=$iv; //将iv存到session中        
return $encrypted;    
}else{       
 //解密        
 $decrypted = openssl_decrypt($data, $encryptMethod, $key, 0, $iv);        
 return $decrypted;    
 }
}//使用方法
echo $a=openssl_crypt('我爱北京天安门 /我爱祖国',1,'passG506'); //加密 
LMcwSGlTFijXRdcPaccYoc08xgr7NydtZ+Wrhdv/145gF3/ayKQCJvRLmvhs5ec8echo "<br>";
echo openssl_crypt($a,0,&#39;passG506&#39;,$_SESSION[&#39;iv&#39;]); //解密 我爱北京天安门 /我爱祖国

Note: 1. Why should iv be generated and what is the role of iv

[

Looking back at the encryption algorithm list returned by openssl_get_cipher_methods(), there are many names with the word "CBC" in the middle. These encryption algorithms use the same encryption mode, which is Cipher Block Chaining.

In the CBC mode encryption algorithm, the plaintext will be divided into several groups and encrypted in groups. The encryption process of each group depends on the data of the previous group: it needs to be XORed with the data of the previous group to generate the ciphertext of this group. So who does the first group rely on? It depends on the IV, so this is why the IV is called the initialization vector. IV is the abbreviation of initialization vector

IV should be randomly generated, so the code uses openssl_random_pseudo_bytes() to generate IV. This function receives an int, representing the length of the IV that needs to be generated.
IV length varies with encryption algorithms. Most people cannot remember the IV lengths required by so many algorithms. So use the openssl_cipher_iv_length() function directly. This function returns an int, indicating the IV length required by the encryption algorithm:

echo openssl_cipher_iv_length('AES-256-CBC'); // 16
echo openssl_cipher_iv_length('BC-CBC'); // 8
echo openssl_cipher_iv_length('AES-128-ECB'); // 0

For example, AES-256-CBC requires a 16-bit IV, and BC-CBC requires 8 bits. IV, and AES-128-ECB does not require IV, so 0 is returned.

】

2. Issues that need to be paid attention to during use

When performing encryption and decryption, except for the first parameter of the two functions, the remaining parameters must be guaranteed Only if they are the same can decryption be successful. Finally, when using an encryption algorithm that requires an IV, you need to pay attention:
The $iv parameter must be passed, otherwise PHP will throw a Warning
IV should be randomly generated (for example, using openssl_random_pseudo_bytes()), You cannot set it manually
The IV should be regenerated for each encryption. Do not be lazy and use the same IV for multiple encryptions
The IV must be saved together with the ciphertext (otherwise it will not be able to decrypt). It can be directly attached to the ciphertext. After the text string, you can also save it separately

If you don’t understand, you can refer to symmetric encryption

二Asymmetric encryption

The commonly used asymmetric encryption is the RSA algorithm , Asymmetric encryption and decryption use different keys, one of which is public as the public key, and the other is only owned by the private owner as the private key.

The information encrypted with the private key can only be decrypted by the public key, or conversely, the information encrypted with the public key can only be decrypted by the private key.

Before RSA encryption and decryption, you need to generate a pair of public and private keys. You can use the RSA key generation tool openssl that comes with Linux to obtain a pair of public and private keys. You can also use the PHP openssl extension function to generate a pair of public and private keys.

See: RSA Asymmetric Encryption

Note: The disadvantage of asymmetric encryption is that confidentiality and decryption take a long time and are slow, and are only suitable for encrypting a small amount of data.

If you want to have fast encryption speed but also want to ensure that the data is more secure than symmetric encryption, you can use hybrid encryption. (That is, perform symmetric encryption on the data and asymmetric encryption on the key)

When decrypting, first use asymmetric encryption to obtain the key, and then use the key to decrypt the ciphertext to obtain the plaintext.

Related recommendations:

How PHP uses custom keys to encrypt and decrypt data

mysql functions about encryption and decryption

php string encryption and decryption implementation process sharing

The above is the detailed content of Detailed explanation of php encryption and decryption. For more information, please follow other related articles on the PHP Chinese website!