Detailed analysis of php encryption and decryption function authcode usage

The authcode function can be said to have made significant contributions to the PHP field in China. Including kangsheng's own products, and most Chinese companies that use PHP use this function for encryption. authcode uses the exclusive or operation for encryption and

The authcode function can be said to have made significant contributions to the PHP field in China. Including kangsheng's own products, and most Chinese companies that use PHP use this function for encryption. authcode uses the exclusive or operation for encryption and

Core tips: kangsheng's authcode function can be said to have made significant contributions to the Chinese PHP community. Including kangsheng's own products, and most Chinese companies that use PHP use this function for encryption. authcode uses exclusive or operations for encryption and decryption.

KANG Sheng's authcode function can be said to have made significant contributions to the Chinese PHP community. Including kangsheng's own products, and most Chinese companies that use PHP use this function for encryption. authcode uses exclusive or operations for encryption and decryption.

The principle is as follows:

Encryption

Plaintext: 1010 1001

Key: 1110 0011

Ciphertext: 0100 1010

The ciphertext 0100 1010 is obtained, and the decryption must be different from the key or lower.

Decryption

Ciphertext: 0100 1010

Key: 1110 0011

Plaintext: 1010 1001

There is no advanced algorithm, and the key is very important. The key is how to generate the key.

Let's take a look at how kangsheng's authcode works.

The Code is as follows:

// Parameter description
// $ String: plaintext or ciphertext
// $ Operation: DECODE indicates decryption, and others indicates Encryption
// $ Key: key
// $ Expiry: ciphertext Validity Period
Function authcode ($ string, $ operation = 'decode', $ key = '', $ expiry = 0 ){
// The length of the dynamic key. Different ciphertext values are generated for the same plaintext based on the dynamic key.
$ Ckey_length = 4;

// Key
$ Key = md5 ($ key? $ Key: $ GLOBALS ['discuz _ auth_key ']);

// Key a is used for encryption and decryption.
$ Keya = md5 (substr ($ key, 0, 16 ));
// Key B is used for data integrity verification.
$ Keyb = md5 (substr ($ key, 16, 16 ));
// Key c is used to change the generated ciphertext
$ Keyc = $ ckey_length? ($ Operation = 'decode '? Substr ($ string, 0, $ ckey_length ):
Substr (md5 (microtime (),-$ ckey_length )):'';
// Key used for calculation
$ Cryptkey = $ keya. md5 ($ keya. $ keyc );
$ Key_length = strlen ($ cryptkey );
// Plaintext. The first 10 digits are used to save the timestamp. Data Validity is verified during decryption, and 10 to 26 digits are used to save $ keyb (Key B). Data integrity is verified through this key during decryption.
// If it is decoded, it starts from the $ ckey_length bit, because the $ ckey_length bit before the ciphertext stores the dynamic key to ensure correct decryption.
$ String = $ operation = 'decode '? Base64_decode (substr ($ string, $ ckey_length )):
Sprintf ('% 010d', $ expiry? $ Expiry + time (): 0). substr (md5 ($ string. $ keyb), 0, 16). $ string;
$ String_length = strlen ($ string );
$ Result = '';
$ Box = range (1, 0,255 );
$ Rndkey = array ();
// Generate a key book
For ($ I = 0; $ I <= 255; $ I ++ ){
$ Rndkey [$ I] = ord ($ cryptkey [$ I % $ key_length]);
}
// Use a fixed algorithm to disrupt the key book and increase randomness. It seems complicated. In fact, it does not increase the ciphertext strength.
For ($ j = $ I = 0; I I <256; $ I ++ ){
$ J = ($ j + $ box [$ I] + $ rndkey [$ I]) % 256;
$ Tmp = $ box [$ I];
$ Box [$ I] = $ box [$ j];
$ Box [$ j] = $ tmp;
}
// Core encryption/Decryption part
For ($ a = $ j = $ I = 0; $ I <$ string_length; $ I ++ ){
$ A = ($ a + 1) % 256;
$ J = ($ j + $ box [$ a]) % 256;
$ Tmp = $ box [$ a];
$ Box [$ a] = $ box [$ j];
$ Box [$ j] = $ tmp;
// The keys obtained from the key book are different or converted into characters.
$ Result. = chr (ord ($ string [$ I]) ^ ($ box [($ box [$ a] + $ box [$ j]) % 256]);
}
If ($ operation = 'decode '){
// Substr ($ result, 0, 10) = 0 verify Data Validity
// Substr ($ result, 0, 10)-time ()> 0 to verify data Validity
// Substr ($ result, 10, 16) = substr (md5 (substr ($ result, 26). $ keyb), 0, 16) verify data integrity
// Verify the data validity. See the unencrypted plaintext format.
If (substr ($ result, 0, 10) = 0 | substr ($ result, 0, 10)-time ()> 0 )&&
Substr ($ result, 10, 16) = substr (md5 (substr ($ result, 26). $ keyb), 0, 16 )){
Return substr ($ result, 26 );
} Else {
Return '';
}
} Else {
// Save the dynamic key in the ciphertext, Which is why different ciphertext can be decrypted in the same plain text.
// Because the encrypted ciphertext may be special characters, the copying process may be lost, so it is base64-encoded.
Return $ keyc. str_replace ('=', '', base64_encode ($ result ));
}
}