Introduction
The history of the Internet, security has always been a considerable concern of developers a topic, in order to achieve data transmission security, we need to ensure that: data sources (not fake requests), data integrity (no modification), data privacy (ciphertext, can not read directly) and so on. Although there is already an HTTPS protocol implemented by the SSL/TLS protocol, but because the client relies on the correct implementation of the browser, and the efficiency is very low, so the general sensitive data (such as transaction payment information, etc.) still need us to use encryption method to manually encrypt.
While for a typical web developer, there is no need to delve into some of the underlying security-related technologies, but it is essential to learn the basics of cryptography and to use existing encryption-related tools. Because of the work needs, I read some encryption related articles, combined with their own experience to complete this article.
Encryption Basics
Before learning how to use encryption, we need to understand some of the basics of cryptography.
There are two kinds of encryption algorithms: Symmetric encryption algorithm and asymmetric encryption algorithm.
Symmetric encryption
Symmetric encryption algorithm is the message sender and receiver use the same key, the sender uses the key to encrypt the file, the receiver uses the same key decryption, access to information. The common symmetric encryption algorithms are: Des/aes/3des.
Symmetric encryption Algorithm features: Fast, encrypted file size changes before and after the small, but the security key is a big problem, because the message sender and the receiver either side of the key loss, will cause information transmission becomes unsafe.
Asymmetric encryption
Symmetric encryption is the opposite of asymmetric encryption, the core idea of asymmetric encryption is to use a pair of relative keys, divided into public and private keys, private key to save their own security, and the public key public. The public key and the private key are a pair, if the data is encrypted with the public key, only the corresponding private key can be decrypted, if the data is encrypted with the private key, then only the corresponding public key can be decrypted. Just use the receiver's public key to encrypt the data before sending it. The common asymmetric encryption algorithms are RSA/DSA:
Asymmetric encryption, although there is no key to save the problem, but its computation is large, encryption speed is very slow, sometimes we also need to block the chunk of data encryption.
Digital signatures
In order to ensure the integrity of the data, a hash function is also computed to obtain a hashed value called a digital signature. Its characteristics are:
• No matter how large the original data is, the result is of the same length;
• Output is the same as input;
• Small changes in input will result in significant changes to the results;
• The encryption process is irreversible and cannot be hashed out to the original data;
The common digital Signature algorithm has MD5,HASH1 algorithm.
OpenSSL extension of PHP
The OpenSSL extension uses the OpenSSL encryption expansion pack to encapsulate several PHP functions for encrypting and decrypting, greatly facilitating the encryption and decryption of the data. The common functions are:
Symmetric encryption Related:
String Openssl_encrypt (String $data, String $method, String $password)
Where $data is to encrypt the data, $method is to use the encryption method, $password is to use the key, the function returns the encrypted data;
Where the $method list can be obtained using openssl_get_cipher_methods (), we select one of the uses, $method list as follows:
Array ( 0 => AES-128-CBC, //AES Encryption 1 => DES-ECB, //des encryption 2 => des-ede3, //3DES encryption ... )
Its decryption function is String Openssl_encrypt (string $data, String $method, String $password)
Asymmetric encryption Related:
Openssl_get_publickey (); Openssl_pkey_get_public () ; Export a public key from a certificate; Openssl_get_privatekey (); openssl_pkey_get_private ( ); Export the private key from the certificate;
They all require only incoming certificate files (typically. pem files);
Openssl_public_encrypt (String $data, String & $crypted, mixed $key [, int $padding = openssl\_pkcs1\_padding])
Using a public key to encrypt data, where the $data is the data to be encrypted; $crypted is a reference variable, the encrypted data is placed in the variable, $key is the public key data to be passed in; Because the encrypted data is grouped, it may not exactly be the integer multiple of the bit of the encryption bit, so it takes $ Padding (fill up), $padding options have openssl_pkcs1_padding, openssl_no_padding, respectively, PKCS1 fill, or do not use fill;
Also relative to this method (incoming parameters are consistent):
Openssl_private_encrypt ();//use private key encryption; Openssl_private_decrypt ()///Use private key to decrypt; openssl_private_decrypt ();// Using a public key to decrypt;
Also has the signature and the verification function:
BOOL Openssl_sign (String $data, String & $signature, mixed $priv _key_id [, mixed $signature _alg = OPENSSL_ALGO_SHA1 ] int openssl_verify (string $data, String $signature, mixed $pub _key_id [, mixed $signature _alg = Openssl_algo_ SHA1])
The signature function: $data The data to be signed, a reference variable $signature the result of the signature, $priv the private key used by the signature, and the algorithm list that is used by the $signature _alg for the signature, in the form of _key_id openssl_get_md_methods () :
Array ( 0 => MD5, 1 => SHA1, 2 => SHA256, ... )
Check function: With the signature function, but it is to pass the public key corresponding to the private key, the result of the signature verification results, 1 for success, 0 for failure, 1 for error;
Encrypting instances
The following is a small example of an asymmetric encryption use:
Get public spoon
$pub _key = Openssl_get_publickey (' Test.pem ');
$encrypted = ';
Block the data for
($offset = 0, $length = strlen ($raw _msg); $offset < $length; $offset = = $key = _size) {
$encrypted block = ';
$data = substr ($raw _msg, $offset, $key _size)
if (!openssl_public_encrypt ($data, $encryptedBlock, $pub _key, openssl_pkcs1_padding)) {return
';
} else {
$encrypted. = $encryptedBlock;
}
return $encrypted;
Symmetric encryption is very simple, directly using the Ssl_encrypt () function can be;
Of course, some interfaces may require different encryption methods, such as different padding, encryption block size, etc., which requires the user to adjust their own.
Because we are processed on the HTTP protocol data, so data encryption is complete, you can send directly, no longer consider the underlying transmission, using the curl or SOAP extension methods, you can directly request the interface.
Conclusion
Cryptography is a very advanced discipline, it is a very difficult theory, a wide range of concepts, as a web developer, although we do not need to study its underlying implementation, but learn to use the encapsulation of a good method is very conducive to our development. Even understand its basic implementation, can also be analogy, the algorithm, etc. have a new understanding.
The above PHP OpenSSL encryption Extension use summary (recommended) is small series to share all the content, hope to give you a reference, but also hope that we support cloud habitat community.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
