Php mcrypt-based encryption and decryption instances and mcrypt-based encryption and decryption instances

Php mcrypt-based encryption and decryption instances and mcrypt-based encryption and decryption instances

This example describes how to implement encryption and decryption Based on mcrypt in php. Share it with you for your reference. The specific implementation method is as follows:

PHP comes with a lot of encryption methods. Here we will look at the use of mcrypt extensions. It is also necessary to encrypt the user's Cookie value at work. I carefully studied this aspect.

1. Introduction

Mcrypt is an extension of PHP and encapsulates common encryption algorithms. In fact, the extension is the encapsulation of mcrypt standard class library, mcrypt completed a lot of common encryption algorithms, such as DES, TripleDES, Blowfish (default), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2 and GOST encryption algorithms, and provides four block encryption models: CBC, OFB, CFB, and ECB.

2. Installation and Use

To use this extension, you must first install the mcrypt standard class library, which can be downloaded in the http://mcrypt.sourceforge.net. The compilation and installation method of this extension is the same as that of the conventional php extension, which is not described in detail.

3. Four block encryption Models

Mcrypt supports four block encryption models, which are described as follows:

①. MCRYPT_MODE_ECB (electronic codebook) is suitable for encrypting a small amount of random data, such as encrypting users' logon passwords.

②. MCRYPT_MODE_CBC (cipher block chaining) is suitable for important file types with high encryption security levels.

③. MCRYPT_MODE_CFB (cipher feedback) is suitable for the scenario where every byte of the data stream needs to be encrypted.

④. MCRYPT_MODE_OFB (output feedback, in 8bit) is compatible with CFB mode, but is safer than CFB mode. The CFB mode will cause the spread of encryption errors. If a byte fails, all subsequent bytes will go wrong. OFB mode does not have this problem. However, this mode is not highly secure and is not recommended.

⑤. MCRYPT_MODE_NOFB (output feedback, in nbit) is compatible with OFB. Because of the block operation algorithm, the security is higher.

6. MCRYPT_MODE_STREAM is an extra model provided for stream encryption algorithms such as WAKE and RC4.

NOFB and STREAM are valid only when the version number of mycrypt is greater than or equal to the libmcrypt-2.4.x. (Now it is basically later than this version, and libmcrypt's latest main version has reached 4)

4. view supported algorithms and Models

①. Mcrypt_list_modes () lists models supported by the current environment

②. Mcrypt_list_algorithms () lists the algorithms supported by the current environment

For example, execute the following command line:

Copy codeThe Code is as follows: php-r "var_dump (mcrypt_list_modes (); var_dump (mcrypt_list_algorithms ());"
All results are listed.

5. How to Use

Example 1:

Copy codeThe Code is as follows: <? Php
$ Key = "this is a secret key ";
$ Input = "Let us meet at 9 o 'clock at the secret place .";
$ Encrypted_data = mcrypt_ecb (MCRYPT_3DES, $ key, $ input, MCRYPT_ENCRYPT );
?>

The simplest method is shown in Example 1. This method indicates that $ input is encrypted using the 3DES algorithm, and the encryption key is $ key. however, the method directly called in this method is no longer officially recommended. We also recommend that you do not use this method during development. This method may not be available any day. When using this method in php5, you can see a warning message, prompting "PHP Warning: attempt to use an empty IV, which is NOT recommend ".

Officially recommended usage is shown in example 2.

Example 2:

Copy codeThe Code is as follows: <? Php
$ Key = "this is a secret key ";
$ Input = "Let us meet at 9 o 'clock at the secret place .";
// Open mcrypt or mcrypt resource object. This object uses ecb mode and 3des as the encryption algorithm.
$ Td = mcrypt_module_open ('tripledes ', '', 'ecb ','');
// Create iv (initialization vector)
$ Iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($ td), MCRYPT_RAND );
// Initialize $ td based on the key and iv to complete initialization such as memory allocation
Mcrypt_generic_init ($ td, $ key, $ iv );
// Encrypt
$ Encrypted_data = mcrypt_generic ($ td, $ input );
// Uninitialize $ td to release resources
Mcrypt_generic_deinit ($ td );
// Close the resource object and exit
Mcrypt_module_close ($ td );
?>
The above process completes the data encryption process. First, select the encryption algorithm and encryption mode to create the mcrypt resource object and IV, then initialize the buffer (memory) required for encryption, encrypt it, then release the buffer, and finally close the resource object.

The decryption process is basically the same as the encryption process. You only need to replace mcrypt_generic ($ td, $ input) with mdecrypt_generic ($ td, $ input), and the rest is the same. Of course, for symmetric encryption algorithms such as 3des, keys used for encryption and decryption must be identical.

6. About IV

Not all models require IV. Neither CFB nor OFB must have IV, while CBC and EBC are optional. For the mandatory IV mode, the values of the IV values for encryption and decryption must be the same, and the CBC and EBC do not have this requirement. It can be the same or different. It doesn't matter.

7. A simple function of encryption and decryption class

Copy codeThe Code is as follows: class AMPCrypt {
Private static function getKey (){
Return md5 ('examplekey ');
}
Public static function encrypt ($ value ){
$ Td = mcrypt_module_open ('tripledes ', '', 'ecb ','');
$ Iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($ td), MCRYPT_DEV_RANDOM );
$ Key = substr (self: getKey (), 0, mcrypt_enc_get_key_size ($ td ));
Mcrypt_generic_init ($ td, $ key, $ iv );
$ Ret = base64_encode (mcrypt_generic ($ td, $ value ));
Mcrypt_generic_deinit ($ td );
Mcrypt_module_close ($ td );
Return $ ret;
}
Public static function dencrypt ($ value ){
$ Td = mcrypt_module_open ('tripledes ', '', 'ecb ','');
$ Iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($ td), MCRYPT_DEV_RANDOM );
$ Key = substr (self: getKey (), 0, mcrypt_enc_get_key_size ($ td ));
$ Key = substr (self: getKey (), 0, mcrypt_enc_get_key_size ($ td ));
Mcrypt_generic_init ($ td, $ key, $ iv );
$ Ret = trim (mdecrypt_generic ($ td, base64_decode ($ value )));
Mcrypt_generic_deinit ($ td );
Mcrypt_module_close ($ td );
Return $ ret;
}
}

I hope this article will help you with PHP programming.

Php code decryption

In fact, you can use DES for decryption. One extension in php supports the DES encryption algorithm, which is: extension = php_mcrypt.dll open this extension in the configuration file and cannot use libmcrypt in the PHP folder in windows. copy the dll to the system32 directory of the system. You can view the mcrypt through phpinfo, which indicates that this module can be used properly.
Let me give an example:
Function do_mdecrypt ($ input, $ key)
{
$ Input = str_replace ("" n "," ", $ input );
$ Input = str_replace ("" t "," ", $ input );
$ Input = str_replace ("" r "," ", $ input );

$ Input = trim (chop (base64_decode ($ input )));
$ Td = mcrypt_module_open ('tripledes ', '', 'ecb ','');
$ Key = substr (md5 ($ key), 0, 24 );

$ Iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($ td), MCRYPT_RAND );
Mcrypt_generic_init ($ td, $ key, $ iv );
$ Decrypted_data = mdecrypt_generic ($ td, $ input );
Mcrypt_generic_deinit ($ td );
Mcrypt_module_close ($ td );
Return trim (chop ($ decrypted_data ));

}
Then, you can use this method to decrypt the code!
 
Questions about the php Encryption Algorithm

1. the encryption algorithm is MCRYPT_RIJNDAEL_128. It is hard to say if it is AES. I personally think it should not. After all, the two are not very similar.

2. The code is not broken, but all encryption may be broken, which is time-consuming.
3. IV is used for algorithm initialization. The same must be kept confidential.