1 概況
php7.1發(fā)布后新特性吸引了不少PHPer罚斗,大家都在討論新特性帶來的好處與便利壁榕。但是從php7.0 升級(jí)到 php7.1 廢棄了一個(gè)在過去普遍應(yīng)用的擴(kuò)展(mcrypt擴(kuò)展)溢吻。官方提供了相應(yīng)的解決提示展箱,卻沒有提供更詳細(xì)的解決辦法沼溜。于是坑來了….
2 解決
php手冊(cè)目前缺少“ openssl_encrypt ”和“ openssl_decrypt ”功能的文檔漏麦,所以花了我一段時(shí)間來完成我需要做的工作驹沿,以使這些功能可以替代mcrypt
2.1 首先艘策,您將需要生成一個(gè)用作256位加密密鑰的偽隨機(jī)字節(jié)串,請(qǐng)求的長度將為32(32位= 256位)渊季。
$encryption_key_256bit = base64_encode(openssl_random_pseudo_bytes(32));
2.2 現(xiàn)在我們有了關(guān)鍵朋蔫,我們將創(chuàng)建加密功能。我們將把要編碼的數(shù)據(jù)和我們的密鑰傳遞給該函數(shù)却汉。除了我們的密鑰驯妄,還有一個(gè)二次隨機(jī)字符串,我們將創(chuàng)建和使用稱為 初始化向量 (IV)合砂,有助于加強(qiáng)加密青扔。
function my_encrypt($data, $key) {
// Remove the base64 encoding from our key
$encryption_key = base64_decode($key);
// Generate an initialization vector
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
// Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector.
$encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);
// The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)
return base64_encode($encrypted . '::' . $iv);
}
2.3 現(xiàn)在為解密功能:
function my_decrypt($data, $key) {
// Remove the base64 encoding from our key
$encryption_key = base64_decode($key);
// To decrypt, split the encrypted data from our IV - our unique separator used was "::"
list($encrypted_data, $iv) = explode('::', base64_decode($data), 2);
return openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);
}
2.4 放在一起測(cè)試
//$key is our base64 encoded 256bit key that we created earlier. You will probably store and define this key in a config file.
$key = 'bRuD5WYw5wd0rdHR9yLlM6wt2vteuiniQBqE70nAuhU=';
function my_encrypt($data, $key) {
// Remove the base64 encoding from our key
$encryption_key = base64_decode($key);
// Generate an initialization vector
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
// Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector.
$encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);
// The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)
return base64_encode($encrypted . '::' . $iv);
}
function my_decrypt($data, $key) {
// Remove the base64 encoding from our key
$encryption_key = base64_decode($key);
// To decrypt, split the encrypted data from our IV - our unique separator used was "::"
list($encrypted_data, $iv) = explode('::', base64_decode($data), 2);
return openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);
}
//our data to be encoded
$password_plain = 'abc123';
echo $password_plain . "<br>";
//our data being encrypted. This encrypted data will probably be going into a database
//since it's base64 encoded, it can go straight into a varchar or text database field without corruption worry
$password_encrypted = my_encrypt($password_plain, $key);
echo $password_encrypted . "<br>";
//now we turn our encrypted data back to plain text
$password_decrypted = my_decrypt($password_encrypted, $key);
echo $password_decrypted . "<br>";
2.5 上面的代碼將輸出以下內(nèi)容。請(qǐng)注意翩伪,由于我們的初始化向量微猖,每次運(yùn)行代碼時(shí),中間的加密字符串將會(huì)更改:
abc123
K3gzWkxySUd6VkgvQTNJUUtZMjV2UT09Ojpia3sh1zglO3DYodw84855
abc123