The application scenarios are: the unique identification of the user (the article encryption id prevents crawlers), the generation of regular code, and the encryption of the login password
Conversion encryption between character string and hexadecimal (generate regular code)
/**
* 字符串转十六进制
* @param $string
* @return string
*/
public function str_encode($string)
{
$hex="";
for($i=0;$i<strlen($string);$i++){
$hex.=dechex(ord($string[$i]));
}
$hex=strtolower($hex);
return $hex;
}
/**
* 十六进制转字符串
* @param $hex
* @return string
*/
public function str_decode($hex){
$string="";
for($i=0;$i<strlen($hex)-1;$i+=2){
$string.=chr(hexdec($hex[$i].$hex[$i+1]));
}
return $string;
}
When the user logs in, the account password is transmitted in clear text, as shown in the figure:
So change it to an encrypted password, which is safer
Simple openssl_encrypt encryption
public function encrypt($string)
{
// openssl_encrypt 加密不同Mcrypt,对秘钥长度要求,超出16加密结果不变
$method = 'DES-ECB';//加密方法
$passwd = '12344321';//加密密钥
$data = openssl_encrypt($string, $method, $passwd);
return $data;
}
public function decrypt($string)
{
$method = 'DES-ECB';//加密方法
$passwd = '12344321';//加密密钥
$decrypted = openssl_decrypt($string, $method, $passwd);
return $decrypted;
}
Encryption of login password
/**
* 生成key和iv的地址:https://asecuritysite.com/encryption/keygen
* https://asecuritysite.com/encryption/PBKDF2z
*/
/**
* @param string $string 需要加密的字符串
* @return string
*/
public function encrypt($string)
{
// openssl_encrypt 加密不同Mcrypt,对秘钥长度要求,超出16加密结果不变
$data = openssl_encrypt($string, 'AES-192-CBC',pack('H*', env('ENCRYPT_KEY')), OPENSSL_RAW_DATA,pack('H*', env('ENCRYPT_IV')));
$data = base64_encode($data);
return $data;
}
/**
* @param string $string 需要解密的字符串
* @return string
*/
public function decrypt($string)
{
$decrypted = openssl_decrypt(base64_decode($string), 'AES-192-CBC', pack('H*', env('ENCRYPT_KEY')), OPENSSL_RAW_DATA,pack('H*', env('ENCRYPT_IV')));
return $decrypted;
}
ENCRYPT_KEY=ENCRYPT_KEY
ENCRYPT_IV=ENCRYPT_IV
The above uses AES-192-CBC encryption method
AES:
aes is a data block-based encryption method, that is, each processed data is one block (16 bytes), and it is filled when the data is not a multiple of 16 bytes. This is the so-called block cipher (different from the bit-based Stream cipher), 16 bytes is the packet length
Several modes of packet encryption:
ECB: It is a basic encryption method. The ciphertext is divided into blocks of equal length (not enough to fill), and then encrypted one by one, and output one by one to form the ciphertext.
CBC: It is a cyclic mode. The ciphertext of the previous group and the plaintext of the current group are XORed and then encrypted. The purpose of this is to increase the difficulty of cracking.
CFB/OFB: In fact, it is a feedback mode, the purpose is also to increase the difficulty of cracking.
The encryption results of FCB and CBC are different, the modes of the two are different, and CBC will add an initialization vector when the first cipher block is operated.
Continually updated