New features in PHP 8: Added verification and signing

PHP 8 is the latest version of PHP, bringing more convenience and functionality to programmers. This version has a special focus on security and performance, and one of the noteworthy new features is the addition of verification and signing capabilities. In this article, we'll take a closer look at these new features and their uses.

Verification and signature are very important security concepts in computer science. They are often used to ensure that the data transmitted is complete and authentic. Verification and signatures become especially important when dealing with online transactions and sensitive information, because if someone is able to tamper with the data, it could cause unpredictable harm to the company and customers.

In PHP 8, there are two new extensions for handling verification and signing: sodium and openssl. These extensions make it easier to use modern cryptography and security protocols in PHP.

sodium extension

Sodium is a modern cryptography library that provides API access to many cryptographic algorithms and security functions. It has become the library of choice for developers working with secure cryptography because it is based on state-of-the-art cryptography standards such as Curve25519 and Chacha20.

In PHP 7.2, the Sodium extension was added to the PHP standard library and became an optional extension in PHP 7.2. In PHP 8, it has become the default extension.

Use the sodium extension for verification

The sodium extension provides a function called sodium_crypto_sign_detached(), which can be used to sign data. The signature generates a specific string that can be used to verify whether the data has been tampered with.

The following is an example of signing and verifying using the sodium_crypto_sign_detached() function:

<?php
$data = "hello world";
$keys = sodium_crypto_sign_keypair();

$signature = sodium_crypto_sign_detached($data, $keys['secret']);

if (sodium_crypto_sign_verify_detached($signature, $data, $keys['public'])) {
   echo "签名有效";
} else {
   echo "签名无效";
}

In this example, we first generate a pair of public and private keys. Then use the $sodium_crypto_sign_detached() function to sign the string and store the signature result in the $signature variable. Finally, use the $sodium_crypto_sign_verify_detached() function to verify that the signature is valid.

If the signature is valid, then "Signature is valid" will be printed to the screen, otherwise "Signature is invalid" will be printed.

Authentication using openssl extension

OpenSSL is a popular encryption and security library that provides many encryption algorithms and security features. OpenSSL extensions have been built into PHP, making it more convenient to use OpenSSL in PHP.

The OpenSSL extension provides another function called openssl_sign() that can sign data. Likewise, the extension also provides the function openssl_verify() for verifying signatures.

The following is an example of signing and verifying using openssl_sign() and openssl_verify() functions:

<?php
$data = "hello world";
$key = openssl_pkey_new(['digest_alg' => 'sha512']);

openssl_sign($data, $signature, $key);

if (openssl_verify($data, $signature, $key)) {
   echo "签名有效";
} else {
   echo "签名无效";
}

In this example, we first use the openssl_pkey_new() function to generate a pair of public and private keys key. The string is then signed using the openssl_sign() function and the signature result is stored in the $signature variable. Finally, use the openssl_verify() function to verify that the signature is valid.

If the signature is valid, then "Signature is valid" will be printed to the screen, otherwise "Signature is invalid" will be printed.

in conclusion

Verification and signature are important methods to ensure data security. In PHP 8, the sodium and openssl extensions will make verification and signing easier. Developers can take advantage of these new features to provide more secure services to companies and customers. If you are a PHP developer, we recommend you take a deep dive into the sodium and openssl extensions to maximize security and protect your users.

The above is the detailed content of New features in PHP 8: Added verification and signing. For more information, please follow other related articles on the PHP Chinese website!