PHP openssl encryption extension usage Summary (recommended), openssl Summary

Source: Internet
Author: User

PHP openssl encryption extension usage Summary (recommended), openssl Summary

Introduction

In the history of Internet development, security has always been a topic that developers pay great attention to. To ensure data transmission security, we need to ensure that data sources (non-counterfeit requests), data integrity (not modified), Data Privacy (ciphertext, cannot be directly read), etc. Although the SSL/TLS protocol is already available for HTTPS, the client relies on the correct implementation of the browser, and the efficiency is very low, therefore, we still need to use encryption to manually Encrypt Sensitive data (such as transaction and payment information.

Although for general WEB developers, it is not necessary to have a deep understanding of some underlying security-related technologies, but to learn the basic knowledge of encryption, it is necessary to use existing encryption-related tools. Due to work requirements, I read some encryption-related articles and completed this article based on my usage experience.

Encryption Basics

Before learning how to use encryption, we need to know some basic knowledge about encryption.

Encryption algorithms are generally divided into symmetric encryption algorithms and asymmetric encryption algorithms.

Symmetric encryption

The symmetric encryption algorithm uses the same key as the message sender and receiver. The sender uses the same key to encrypt the file, and the receiver uses the same key to decrypt and obtain information. Common symmetric encryption algorithms include des/aes/3des.

Symmetric encryption algorithms have the following features: fast speed and the file size changes little before and after encryption, but the storage of keys is a big problem because the keys of the message sender and receiver are lost, information Transmission becomes insecure.

Asymmetric encryption

Symmetric encryption is opposite to symmetric encryption. The core idea of asymmetric encryption is to use a pair of relative keys, which can be divided into public keys and private keys. The private keys are saved securely and published. The public key is a pair of private keys. If the public key is used to encrypt the data, only the corresponding private key can be used to decrypt the data. If the private key is used to encrypt the data, only the corresponding public key can be used for decryption. You only need to use the public key of the recipient to encrypt the data before sending it. Common asymmetric encryption algorithms include RSA/DSA:

Although asymmetric encryption does not have the key storage problem, it requires a large amount of computing and a slow encryption speed. Sometimes we still need to encrypt large data blocks.

Digital Signature

To ensure data integrity, you also need to use the hash function to obtain a hash value, which is called a digital signature. Its features include:

• No matter how big the original data is, the results are of the same length;
• The input and output are the same;
• Slight changes to the input will greatly change the results;
• The encryption process is irreversible and the original data cannot be hashed;

Common digital signature algorithms include md5 and hash1.

Openssl extension of PHP

Openssl extension uses the openssl encryption extension package to encapsulate multiple PHP functions for encryption and decryption, which greatly facilitates data encryption and decryption. Common functions include:

Symmetric encryption:

String openssl_encrypt (string $ data, string $ method, string $ password)

$ Data indicates the data to be encrypted. $ method indicates the encryption method and $ password indicates the key to be used. The function returns the encrypted data;

The $ method list can be obtained using openssl_get_cipher_methods (). We select one of them for use. The $ method list is shown in the following figure:

Array (0 => aes-128-cbc, // aes encryption 1 => des-ecb, // des encryption 2 => des-ede3, // 3des encryption ...)

The decryption function is string openssl_encrypt (string $ data, string $ method, string $ password)

Asymmetric encryption:

Openssl_get_publickey (); openssl_pkey_get_public (); // export the public key from the certificate; openssl_get_privatekey (); openssl_pkey_get_private (); // export the private key from the certificate;

All of them only need to pass in the certificate file (usually the. pem file );

openssl_public_encrypt(string $data , string &$crypted , mixed $key [, int $padding = OPENSSL\_PKCS1\_PADDING ] )

Encrypt data with a public key. $ data is the data to be encrypted; $ crypted is a reference variable, and encrypted data is put into this variable; $ key is the public key data to be passed in. Because the encrypted data group may not be exactly an integer multiple of the encrypted bit, $ padding is required ), $ padding options include OPENSSL_PKCS1_PADDING and OPENSSL_NO_PADDING, which are respectively filled with PKCS1 or not used;

This method is also relative to (the input parameter is the same ):

Openssl_private_encrypt (); // use private keys for encryption; openssl_private_decrypt (); // use private keys for decryption; openssl_private_decrypt (); // use public keys for decryption;

There are also signature and signature functions:

bool openssl_sign ( string $data , string &$signature , mixed $priv_key_id [, mixed $signature_alg = OPENSSL_ALGO_SHA1 ] )int openssl_verify ( string $data , string $signature , mixed $pub_key_id [, mixed $signature_alg = OPENSSL_ALGO_SHA1 ] )

Signature function: $ data indicates the data to be signed, $ signature indicates the reference variable of the signature result, $ priv_key_id indicates the private key used by the signature, and $ signature_alg indicates the algorithm used for signature, its algorithm list can be usedopenssl_get_md_methods ()The result is as follows:

array(  0 => MD5,  1 => SHA1,  2 => SHA256,  ...)

Signature verification function: it is opposite to the signature function, but it must pass in the public key corresponding to the private key. The result is the signature verification result, 1 is successful, 0 is failed, -1 indicates an error;

Encrypted instance

Here is a small example of asymmetric encryption:

// Obtain the Public Key $ pub_key = openssl_get_publickey ('test. pem'); $ encrypted = ''; // encrypt data blocks for ($ offset = 0, $ length = strlen ($ raw_msg); $ offset <$ length; $ offset + = $ key_size) {$ encryptedBlock = ''; $ data = substr ($ raw_msg, $ offset, $ key_size) if (! Openssl_public_encrypt ($ data, $ encryptedBlock, $ pub_key, OPENSSL_PKCS1_PADDING) {return '';} else {$ encrypted. = $ encryptedBlock;} return $ encrypted;

Symmetric encryption is very simple. You can directly use the ssl_encrypt () function;

Of course, some interfaces may have different requirements on encryption methods, such as different padding and encryption block size, which need to be adjusted by the user.

Because we process data over the HTTP protocol, after the data is encrypted, it can be directly sent without considering the underlying transmission and using cURL or SOAP extension methods, you can directly request the interface.

Conclusion

Cryptography is a very advanced discipline with profound theories and a wide range of concepts. As a WEB developer, although we do not need to study its underlying implementation, however, learning to use encapsulated methods is very helpful for our development. You can even understand its basic implementation, and have a new understanding of algorithms.

The above PHP openssl encryption extension usage Summary (recommended) is all the content shared by the editor. I hope to give you a reference, and I hope you can provide more support for the customer's house.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.