encryption algorithms and functions used php

Others 2020-03-19 04:53:56 views: null

Keywords:
Irreversible:
MD5 (); computing the MD5 hash of the string returned by default irreversibly 32 hexadecimal
crypt (); a one-way hash of the string can confuse the salt value irreversible
sha1 (); calculated string sha1 the default value is a hash value returned a 40-character hexadecimal digits in length. Irreversible
hash () hash ($ ago, $ data); $ ago is encrypted using the hash algorithm, for example: "md5", "sha256" , "haval160,4" and the like. $ data is the data to be encrypted irreversible
password_hash () - encrypted password $ hash = password_hash ($ passwod, PASSWORD_DEFAULT);. PHP is now officially recommend this way to encrypt user passwords, many popular frameworks such as Laravel is this encryption mode use.

Reversible:
the URL encoded encryption urlencode () urldecode () url string used to protect a specific transmission STR = $ " http://guojiadong.com?name= " .urlencode ( '& guojiadong 123'); reversible
Base64 encoded encryption base64_encode () base64_decode ( ) said that the essence is to base64 encryption data into ASCLL code, which will be more conducive to transfer files, of course, the role of the base64 transfer files with reversible

The extensions PHP openssl
openssl openssl encryption extensions extended use, for packaging a plurality of encryption and decryption functions related PHP, greatly facilitates the decryption of the encrypted data. Commonly used functions are:
symmetric encryption related:
the AES symmetric encryption
https://blog.csdn.net/fangkang7/article/details/94607123
String openssl_encrypt (Data String $, $ Method String, String $ password)
String openssl_decrypt ($ ENCRYPTED, 'aes-128-ecb', base64_decode ($ key), OPENSSL_RAW_DATA);

RSA asymmetric public and private key encryption one pair
https://www.cnblogs.com/makalochen/p/10845033.html

openssl_pkey_get_public () public key extracted from the certificate
openssl_pkey_get_private () to extract the private key from the certificate
openssl_public_encrypt () public key encryption
openssl_private_decrypt () private key to decrypt
openssl_private_encrypt () private key encryption
openssl_public_decrypt () public key to decrypt
the base64_encode () re-using the data base64 coding
base64_decode () data base64 decoding

https://blog.csdn.net/qq_38483191/article/details/80513448
https://www.jianshu.com/p/c15233d99fa8
https://www.jb51.net/article/170082.htm
HTTPS: // the WWW .jb51.net / Article This article was / 128149.htm
/ *
encryption algorithm is generally divided into two types: symmetric encryption algorithms and asymmetric encryption algorithm.
Symmetric encryption
symmetric encryption algorithm is a message sender and receiver use the same key, the sender uses the encryption key file,
the receiver uses the same key to decrypt the information acquired. Common symmetric encryption algorithms: des / aes / 3des.
Features symmetric encryption algorithms are: speed, the file size changes little before and after encryption, but the storage key is a big problem
, because either the message sender and recipient key loss, can lead to transmission of information to become unsafe.
Asymmetric encryption
asymmetric encryption and symmetric encryption contrast, asymmetric encryption core idea is to use a pair of opposing key
into the public key and private key, private key save their own security, public key and the public. Public and private key are a pair, if the data is encrypted with the public key,
only with the corresponding private key can decrypt; just before then only decrypted with the corresponding public key can send If you encrypt data with the private key, data using the recipient's public key encryption on the line.
Common asymmetric encryption algorithm RSA / DSA: Although there is no asymmetric encryption key preservation, but its computing capacity, encryption is very slow, sometimes we need to carry out large blocks of data block encryption.
digital signature
To ensure data integrity, a need to calculate a hash value by a hash function, the hash value is referred to as a digital signature. Its characteristics are:
whether the original data is much the same as the length of the result;
the same input and output are the same;
to small changes in input will result great changes;
the encryption process is irreversible and can not be worth to the original by hashing data;
common digital signature algorithms md5, hash1 algorithms.
The extensions PHP openssl
openssl openssl encryption extensions extended use, for packaging a plurality of encryption and decryption functions related PHP, greatly facilitates the decryption of the encrypted data. Commonly used functions are:
Symmetric encryption Related:
String openssl_encrypt (String $ data, $ Method String, String $ password)
where $ data for data to be encrypted, $ method is a method of encryption to use, $ password is a secret to be used key, the function returns the encrypted data;
wherein the list $ method may be used openssl_get_cipher_methods () to get the
decrypt function string openssl_encrypt (string $ data, string $ method, string $ password)
asymmetric encryption-related:
they only need to pass certificate file (usually .pem file);
using the public key to encrypt data, wherein $ data is the data to be encrypted; the crypted $ is a reference variable, the encrypted data will be placed in this variable; $ Key to the incoming the public key data;
The encrypted data packet is due, there may not be exactly an integral multiple of bit encrypted bits, it is necessary $ padding (fill filled),
$ padding options may have OPENSSL_PKCS1_PADDING, OPENSSL_NO_PADDING, PKCS1 are filled, or without using a filler ;
signature function: $ data as the data to be signed; $ signature of signature data reference variable; private key $ priv_key_id the signature used; $ signature_alg the signature algorithm to be used
, which algorithm list can openssl_get_md_methods () obtained
test check function: the signature function of the relative, but it is passed to the private key corresponding to the public key; as a result, the signature verification result, a success, failure is 0, -1 indicates an error;

  • /
    /
  • Baidu cloud API based on the example of
  • Always password encryption using AES 128-bit encryption algorithm, using the first 16 bits as a key SK,
  • Generated encrypted byte stream needs to transfer binary hexadecimal, and a string passed to the server
  • * /
    Function aes128WithFirst16Char (AdminPass $, $ secretAccessKey)
    {
    $ AdminPass = pkcs5Pad ($ AdminPass);
    // The 16-bit key value is taken as
    $ secretAccessKey = substr ($ secretAccessKey, 0, 16);
    // AES encryption
    $ = openssl_encrypt the crypted ($ AdminPass, 'an ECB-the AES-128', $ secretAccessKey, OPENSSL_RAW_DATA);
    // convert string hexadecimal
    return BIN2HEX (substr ($ the crypted, 0, 16));
    }
    // the password filled into 16-bit
    function pkcs5Pad ($ AdminPass)
    {
    $ PAD = 16 - (strlen ($ AdminPass)% 16);
    . return $ AdminPass str_repeat (CHR ($ PAD), $ PAD);
    }
    echo aes128WithFirst16Char ( 'encrypted password ',' key value ');

Foreword

PHP is divided into individual hashed encryption, symmetric encryption, asymmetric encryption these categories. Like usual MD5, hash, crypt, sha1 This is the single hash encryption, hashing individual encryption is irreversible. Like URL encoding, base64 encoding that is symmetric encryption, is reversible, that are used in the same encryption and decryption keys. There is also the addition of asymmetric encryption, encryption and decryption keys are not the same, from the security, the encrypted information If you think back again to decrypt, asymmetric encryption is undoubtedly the most secure way.

MD5 encryption

md5 encryption algorithm is the most common encryption algorithm in PHP, this algorithm is not reversible, typically used to encrypt the user's password and other information to ensure that users of information security. From RFC 1321 explains - MD5 message digest algorithm: MD5 message digest algorithm arbitrary length information as an input value, and converted it into a 128-bit "fingerprint" or "message digest" value to represent the input value, and is converted value as a result. MD5 algorithm primarily for digital signature applications designed; digital signature in this application, large files will be encrypted (by encryption process here is in a cryptographic system: a public key [such as the RSA] in set the private key and completed) in a secure manner before compression. Well, to give an example

<?php

//这里是一个字符串

$str="this is zifuchuan";

//通过MD5加密函数加密

$res=md5($str);//在PHP中,MD5()函数还有第二个参数,为bool类型,当为TRUE是返回的加密是16字符原始//二进制格式字符串,当为FALSE是返回32位的16进制,默认为false,一般都默认//返回二进制

$res=md5($str,true);

?>

Crypt () encryption algorithm

crypt () encryption algorithm, encryption algorithm is not reversible, he has two parameters, a character string is to be encrypted, the other is a salt value (or string causes interference), if the second parameter is not specified so their It generates a string of random interference and is MD5 encrypted manner. Also this function forms on different operating systems is not the same, it will automatically detect. for example.

<?php

//需要加密的字符串

$str="this is string";

//使用crypt加密,不指定盐值

$res=crypt($str);//指定盐值,但是盐值只能写两位,如果超过了则只会取前两位,在某些系统中会直接返回FALSE

$res=crypt($str,'jm');

?>

sha1 encryption algorithms

sha1 encryption algorithm and MD5 algorithm as irreversible, there are two parameters, a character string is to be encrypted, the second is a bool value, specify if the second parameter is TRUE, the string is returned in binary format, if instead of default is FALSE, it returns the string of 40 hexadecimal format, for example

<?php

//需要加密的字符串

$str="this is string";

//通过sha1进行加密

$res=sha1($str);

//通过指定第二个参数加密

$res=sha1($str,true);

?>

URL encoding encryption

For our website, the user is directly exposed to the mass participation of the address bar, for this part are plaintext, so we can simply encrypt it, pay attention to the use of basic encryption algorithm, in this way encryption is reversible, that is, He said encrypted ciphertext we can see that after decryption, so if you really want to achieve encryption, the encryption algorithm is not recommended.

In PHP URL for encryption and decryption functions used two urlencode and urldecode.

http://www.guojiadong.com?name=guojiadong&amp;amp;phone=112

We can encrypt this address

<?php

//需要加密的网址

$str = "http://www.guojiadong.com?name=guojiadong&phone=112";

//使用urlencode加密

$res = urlencode($str);

//使用urldecode解密

$result = urldecode($res);

?>

Since then decrypt the encrypted this way and encryption is also not much difference, we need what is his purpose? We want to want to break this string of encrypted string can easily break, in fact, these two functions has his special role, that role in addition to encryption, of course, this is beside the point, because this is the main theme of encryption, but as an extension still say it.

<?php

//在HTML传参到后台中的时候如果我们想把&作为参数传到后台,在没有加密之前,浏览器会把他作为

//参数分隔符

//例如:http://guojiadong.com?name=guojiadong&amp;123,

我们想把guojiadong&amp;123作为参数传给

//后台,这个时候直接这样写后台得到的数据却只得到name的值为guojiadong,而123确作为变量

//当然了用一个数字做变量是不合法的,但是浏览器确并不这么智能的区分他

//为了解决这个问题我们就可以对这部分字符编码

$str="http://guojiadong.com?name=".urlencode('guojiadong&123');

//这样我们传过来的值就变成了name = guojiadong&123

?>

Base64 encoding encryption

We note that, although the base64 encryption algorithm written in this section, but he was not used to encrypt the main, but also from most programs, there is almost no one will use him as a means to encrypt data encryption, his main role It is used to do what? This is to say the base64 encryption mechanism.

base64 encryption is essentially says is to convert the data to ASCLL code, such as a picture base64 encoded string will become a pile of code to Ascll connection, which will be more conducive to transfer files, of course, the role of the file in base64 transmission. For example, mobile client to upload files to the server using base64 encoding can easily transfer files.

base64 encryption function

base64_encode($data);

base64 decryption functions

base64_decode($data);

hash encryption

hash encryption is irreversible, because a certain length of the string is returned to an uncertain given string, this is essentially sense to achieve a single hash encryption. Instructions

hash($ago,$data);

$ Ago can specify the hash algorithm used, for example: "md5", "sha256", "haval160,4" and so on.

$ Data is the data to be encrypted

Password Hashing API encryption

Password Hashing API is a new feature only after PHP 5.5, it is mainly to provide the following for us to use several functions:

password_hash() – 对密码加密.

password_verify() – 验证已经加密的密码,检验其hash字串是否一致.

password_needs_rehash() – 给密码重新加密.

password_get_info() – 返回加密算法的名称和一些相关信息.

Although the crypt () function is sufficient in use, but password_hash () can not only make our code more brief, but also gives us a better security guarantee, so now is the official PHP recommend this way to encrypt the user's password, this encryption method many popular frameworks such as Laravel is used.

$hash = password_hash($passwod, PASSWORD_DEFAULT);

Yes, that's so simple, one line of code, All done.

PASSWORD_DEFAULT currently used is Bcrypt, so I would say above recommend this, but because of Password Hashing API to do better, and I think you have to solemnly recommend Password Hashing API. It should be noted that if you are PASSWORD_DEFAULT code uses encryption, then the table in the database, password field you have to set up more than 60 characters in length, you can also use PASSWORD_BCRYPT, this time, is always encrypted string 60 characters in length.

As used herein, password_hash () and you can not provide the consumption value (cost) the salt value (Salt), the latter understood as you can consume one property value, the greater the cost, the more complicated encryption algorithm, memory consumption will greater. Of course, if you need to specify the salt value and the corresponding consumption values, you can write:

$options = [

'salt' => custom_function_for_salt(), //write your own code to generate a suitable salt

'cost' => 12 // the default cost is 10 ];

$hash = password_hash($password, PASSWORD_DEFAULT, $options);

密码加密过后,我们需要对密码进行验证,以此来判断用户输入的密码是否正确:

if (password_verify($password, $hash)) {

// Pass }

else {

// Invalid

}

It is very simple, you can directly use password_verify to our encrypted string before (exist in the database) to verify the.

If, however, sometimes we need to change our way of encryption, such as one day we suddenly want to replace or enhance what about the salt value consumption value, this time we will use to password_needs_rehash () function of:

if (password_needs_rehash($hash, PASSWORD_DEFAULT, ['cost' => 12])) {

// cost change to 12 $hash = password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]);

// don't forget to store the new hash!

}

只有这样,PHP的Password Hashing API才会知道我们重现更换了加密方式,这样的主要目的就是为了后面的密码验证。

Say briefly password_get_info (), this function can generally see the following three messages:

algo – 算法实例

algoName – 算法名字

options – 加密时候的可选参数

Author: Dong Son
Links: https://www.jianshu.com/p/c15233d99fa8
Source: Jane books
are copyrighted by the author. Commercial reprint please contact the author authorized, non-commercial reprint please indicate the source.

Guess you like

Origin www.cnblogs.com/djwhome/p/12521673.html
Recommended
Ranking
PAT Level B 1094 Google's Recruitment (20 points) Python
Old Wei wins the offer to take you to learn --- brush (integer number 31. 1 appears) title series
Bilibili: Barrage Screening: Baijiaxing: Import XML directly
개체 배열 중복 제거
matplotlib—patches.Circle
[Observation] It is also a cordless vacuum cleaner, why does Dyson V10 dare to sell 4990 yuan?
0410
Apache Kafka message delivery reliability analysis
How hotel occupancy records inquiry etj
Essential knowledge for getting started with speculating in spot silver
Daily
More
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)

Code World

© 2018 codetd.com