Digital Signature: Hash The data and the private key to get a message digest, along with the message itself, to the Client. The data signature emphasizes that the data received by the client is from a specific server, and the server has non-repudiation of the Data. The client determines whether the received message is from a specific server by confirming the correctness of the Signature.
Data encryption: Encrypt the data, there are two kinds of symmetric and asymmetric Encryption. Data is often decrypted using mcrypt and OpenSSL extensions in php. MCrypt is commonly used in symmetric encryption, and OpenSSL is often used in asymmetric encryption. In addition, in the programming often use a single hash encryption algorithm, such as md5,hash,sha1,password_hash, such as the data (usually the user Password) encryption, This encryption is not decrypted (theoretically no non-decryption algorithm, It is said that the decrypted machine takes longer to be decrypted. In general, can still use the brute force dictionary to crack and find the rainbow table way to crack, hash one-way encryption will generally have a salt value.
In a Real-world scenario, there are only data signatures that transmit the data in plaintext (which is the most), and there are data signatures and encrypted data that are used for transmission, and half of the data is rarely encrypted without data signing. 、
MCrypt encryption
First identify these concepts
algorithm name: the password algorithm supported by the MCrypt extension, the detailed list can be found in the PHP source mcrypt.php file. The algorithm supported by Mcypt is shown at the end of this article.
algorithm Mode: One of the Mcrypt_mode_modename constants, or one of the following strings: "ecb", "cbc", "cfb", "ofb", "nofb" and "stream".
algorithm Module : A module that uses Mcrypt_module_open () to open the specified algorithm and schema, which is a resource type
initial vector: a parameter to be used when encrypting, using Mcrypt_create_iv () to create from a random source
initial vector size: refers to the initial vector size of the specified Algorithm/pattern combination returned by Mcrypt_get_iv_size (). Mcrypt_create_iv () creates an initial vector based on the initial vector size.
MCrypt encryption decryption requires the following steps
Encryption:
1 Use Mcrypt_module_open () to open the corresponding module for the specified algorithm and Mode.
2 mcrypt_get_iv_size () Gets the module initial vector length, mcrypt_enc_get_iv_size ($td)
3 Create initial vector Mcrypt_create_iv () based on initial vector length
4 buffer required for initialization of encryption Mcrypt_generic_init ()
5 Encrypting Data Mcrypt_generic ()
6 End encryption, Perform cleanup work Mcrypt_generic_deinit ()
Decryption requires the following several steps
1 Initial dissolve secret module Mcrypt_generic_init ()
2 Decryption Data Mcrypt_decrypt ()
3 End decryption, Perform cleanup work Mcrypt_generic_deinit ()
4 Closing the module open at Start mcrypt_module_close
The entire decryption process is similar to the process of creating a picture, first creating a canvas resource, creating a color, filling, and finally Image_destroy.
Then take a look at the usage of several of the functions mentioned above
1.mcrypt_module_open-open the module corresponding to the algorithm and mode
Resource Mcrypt_module_open (string $algorithm, string $algorithm _directory, string $mode, string $mode _directory)
Return resource type
The parameter description is shown in table 1-1
Table 1-1
parameters |
|
algorithm |
mcrypt_ciphername a constant, or the algorithm name of a string Value. See end of text |
algorithm_directory |
algorithm The _directory parameter indicates the location of the cryptographic module. If you provide this parameter, the value you specify is Used. If you set this parameter to an empty string (""), the Mcrypt.algorithms_dir in php.ini is Used. If you do not specify this parameter, the compilation path of Libmcrypt (usually/usr/local/lib/libmcrypt) is Used. |
mode |
mcrypt_mode_modename constants , or one of the following strings: "ecb", "cbc", "cfb", "ofb", "nofb" and "stream". |
mode_directory |
algorithm_directo The RY parameter indicates the location of the encryption Mode. If you provide this parameter, the value you specify is Used. If you set this parameter to an empty string (""), the Mcrypt.modes_dir in php.ini is Used. If you do not specify this parameter, the compilation path of Libmcrypt (usually/usr/local/lib/libmcrypt) is Used. |
2.mcrypt_get_iv_size-returns the initial vector size for the specified algorithm/pattern combination
int mcrypt_get_iv_size (string $cipher, string $mode)
Returns the initial vector size
You can use Mcrypt_enc_get_iv_size ($td) instead, $TD can be a resource returned by Mcrypt_module_open () as a parameter.
The parameter description is shown in table 1-2
Table 1-2
Parameters |
Description |
Cipher |
A mcrypt_ciphername constant, or the algorithm name of a string Value. |
Mode |
One of the Mcrypt_mode_modename constants, or one of the following strings: "ecb", "cbc", "cfb", "ofb", "nofb" and "stream". |
3.mcrypt_create_iv-creating an initial vector from a random source
String Mcrypt_create_iv (int $size [, int $source = Mcrypt_dev_urandom])
Returns the initial vector
Table 1-3
Parameters |
Description |
Size |
The initial vector size. can be obtained by mcrypt_get_iv_size or mcrypt_enc_get_iv_size |
Source |
The initial vector data source. Optional values are: mcrypt_rand (system random number generator), mcrypt_dev_random (reading data from/dev/random file) and mcrypt_dev_urandom (reading data from/dev/urandom file). In versions prior to the Windows platform, PHP 5.3.0, only Mcrypt_rand is Supported. |
4.mcrypt_generic_init-initialize the required buffers for encryption
int mcrypt_generic_init (resource $td, string $key, string $iv)
If an error occurs, a negative number is returned: 3 indicates the key length is incorrect, 4 indicates a memory allocation failure, other values indicate an unknown error, and a corresponding warning message is Displayed. Returns FALSE if the incoming parameter is Incorrect.
Table 1-4
Parameters |
Description |
Td |
The encryption Descriptor. Types of resources obtained by Mcrypt_module_open |
Key |
The maximum length of the key that is obtained by calling the Mcrypt_enc_get_key_size () Function. Values that are less than the maximum length are considered illegal parameters. |
iv |
typically, the vector size equals the packet size of the algorithm, but you should use the Mcrypt_enc_get_iv_size () function to get this Value. In ECB mode, the initial vectors are ignored, and the initial vectors must be provided in CFB,CBC,STREAM,NOFB and OFB Modes. The initial vector requirements are random and unique (no need to be secure). Encryption and decryption must use the same initial Vector. If you don't want to use the initial vector, set it to a full 0 value, but it's not recommended. |
5.mcrypt_generic-encrypting data
String Mcrypt_generic (resource $td, string $data)
Returns the encrypted data
Table 1-5
Parameters |
Description |
Td |
The encryption Descriptor. Types of resources obtained by Mcrypt_module_open |
Data |
The data to encrypt |
6.mdecrypt_generic-decrypting data
String Mdecrypt_generic (resource $td, string $data)
Returns the decrypted string
Note that due to data completion, the length of the returned string may not be equal to the length of the plaintext
Parameter TD Cryptographic Descriptor. The type of resource obtained by mcrypt_module_open, data is a cipher that needs to be decrypted
6.mcrypt_generic_deinit-to clean up the cryptographic modules
BOOL Mcrypt_generic_deinit (resource $td)
Parameter TD Cryptographic Descriptor. Types of resources obtained by Mcrypt_module_open
This function terminates the cryptographic module specified by the cryptographic descriptor (td), which cleans up the buffer, but does not close the Module. To turn off the cryptographic module, you need to call the Mcrypt_module_close () function yourself. (but PHP will close the Open encryption module for you at the end of the Script)
7.mcrypt_module_close-closing the Cryptographic module
BOOL Mcrypt_module_close (resource $td)
Parameter TD Cryptographic Descriptor. Types of resources obtained by Mcrypt_module_open
The following example illustrates the process of adding and decrypting
class mcryptmodel{ protected $TD = '; protected $iv = '; protected $key = '; private static $instance = null; private function __construct ($cipher, $mode, $key) { $this->cipher = $cipher; $this->mode = $mode; $this->key = $key; } public static function getinstance ($cipher =mcrypt_rijndael_128, $mode =mcrypt_mode_ cbc, $key = ' h5gos1zshkz6wikn ') { if (self:: $instance == null) { self:: $instance &NBSp;= new self ($cipher, $mode, $key); } return self:: $instance; } function encrypt ($str) { $td = mcrypt _module_open ($this->cipher, ', $this->mode, ');//open algorithm module $ this->td = $td; $iv _size = mcrypt_enc_ Get_iv_size ($td);// get vector size $iv = mcrypt_create_ IV ($iv _size,mcrypt_rand);//initialization vector $this->iv = $iv; $num = mcrypt_generic_init ($td, $this->key, $iv);// Initialize the encryption space //var_dump ($num); $encypt = mcrypt_generic ($td, $str);//perform Encryption mcrypt_generic_deinit ($ td); // End encryption, Perform cleanup work return base64_encode ($encypt );//BASE64 encoded into a string for data transfer } function decyrpt ($str) { $str = base64_decode ($str); $TD = $this->td; mcrypt_ Generic_init ($td, $this->key, $this->iv); $decrypt = mdecrypt_generic ($td, $str); mcrypt_generic_deinit ($td); mcrypt_module_close ($td);//close Algorithm Module return $decrypt }} $m = mcryptmodel::getinstance ();echo $s = $m->encrypt (' Hello '); // output 4cnqrVkCjcr5unW0ySUdWg==echo $m->decyrpt ($e); // Output hello
MCrypt encryption is symmetric, the algorithm is public, and its security is from the secrecy of the secret key. The user can choose different algorithm names and algorithm Patterns. Commonly used algorithms are mcrypt_rijndael_128,mcrypt_des,rijndael-256, etc., the commonly used mode is CBC,ECB
The following algorithms are supported in Php:
Mcrypt_3des
Mcrypt_arcfour_iv (available only Libmcrypt > 2.4.x)
Mcrypt_arcfour (available only Libmcrypt > 2.4.x)
Mcrypt_blowfish
mcrypt_cast_128
mcrypt_cast_256
Mcrypt_crypt
Mcrypt_des
Mcrypt_des_compat (only available in Libmcrypt 2.2.x)
Mcrypt_enigma (libmcrypt > 2.4.x only available, mcrypt_crypt aliases)
Mcrypt_gost
Mcrypt_idea (not Free Algorithm)
mcrypt_loki97 (available only Libmcrypt > 2.4.x)
Mcrypt_mars (libmcrypt > 2.4.x only available, not free Algorithm)
Mcrypt_panama (available only Libmcrypt > 2.4.x)
mcrypt_rijndael_128 (available only Libmcrypt > 2.4.x)
mcrypt_rijndael_192 (available only Libmcrypt > 2.4.x)
mcrypt_rijndael_256 (available only Libmcrypt > 2.4.x)
Mcrypt_rc2
MCRYPT_RC4 (only available in Libmcrypt 2.2.x)
MCRYPT_RC6 (available only Libmcrypt > 2.4.x)
mcrypt_rc6_128 (only available in Libmcrypt 2.2.x)
mcrypt_rc6_192 (only available in Libmcrypt 2.2.x)
mcrypt_rc6_256 (only available in Libmcrypt 2.2.x)
Mcrypt_safer64
mcrypt_safer128
Mcrypt_saferplus (available only Libmcrypt > 2.4.x)
Mcrypt_serpent (available only Libmcrypt > 2.4.x)
mcrypt_serpent_128 (only available in Libmcrypt 2.2.x)
mcrypt_serpent_192 (only available in Libmcrypt 2.2.x)
mcrypt_serpent_256 (only available in Libmcrypt 2.2.x)
Mcrypt_skipjack (available only Libmcrypt > 2.4.x)
Mcrypt_tean (only available in Libmcrypt 2.2.x)
Mcrypt_threeway
Mcrypt_tripledes (available only Libmcrypt > 2.4.x)
Mcrypt_twofish (versions prior to MCRYPT 2.x, or versions available after 2.4.x)
mcrypt_twofish128 (twofishxxx available in new 2.x version, but not in 2.4.x Version)
mcrypt_twofish192
mcrypt_twofish256
Mcrypt_wake (available only Libmcrypt > 2.4.x)
Mcrypt_xtea (available only Libmcrypt > 2.4.x)
Encrypt and decrypt using PHP MCrypt