加密扩展
在线手册:中文  英文

Mcrypt


加密扩展
在线手册:中文  英文

用户评论:

Anonymous (2012-02-12 22:35:15)

These are two simple functions I built for 256-bit encryption/decryption with mcrypt.  I've decided to use MCRYPT_RIJNDAEL_128 because it's AES-compliant, and MCRYPT_MODE_CBC.  (ECB mode is inadequate for many purposes because it does not use an IV.)

This function stores a hash of the data to verify that the data was decrypted successfully, but this could be easily removed if necessary.

<?php
function encrypt($decrypted$password$salt='!kQm*fF3pXe1Kbm%9') { 
 
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
 
$key hash('SHA256'$salt $passwordtrue);
 
// Build $iv and $iv_base64.  We use a block size of 128 bits (AES compliant) and CBC mode.  (Note: ECB mode is inadequate as IV is not used.)
 
srand(); $iv mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128MCRYPT_MODE_CBC), MCRYPT_RAND);
 if (
strlen($iv_base64 rtrim(base64_encode($iv), '=')) != 22) return false;
 
// Encrypt $decrypted and an MD5 of $decrypted using $key.  MD5 is fine to use here because it's just to verify successful decryption.
 
$encrypted base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128$key$decrypted md5($decrypted), MCRYPT_MODE_CBC$iv));
 
// We're done!
 
return $iv_base64 $encrypted;
 } 

function 
decrypt($encrypted$password$salt='!kQm*fF3pXe1Kbm%9') {
 
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
 
$key hash('SHA256'$salt $passwordtrue);
 
// Retrieve $iv which is the first 22 characters plus ==, base64_decoded.
 
$iv base64_decode(substr($encrypted022) . '==');
 
// Remove $iv from $encrypted.
 
$encrypted substr($encrypted22);
 
// Decrypt the data.  rtrim won't corrupt the data because the last 32 characters are the md5 hash; thus any \0 character has to be padding.
 
$decrypted rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128$keybase64_decode($encrypted), MCRYPT_MODE_CBC$iv), "\0\4");
 
// Retrieve $hash which is the last 32 characters of $decrypted.
 
$hash substr($decrypted, -32);
 
// Remove the last 32 characters from $decrypted.
 
$decrypted substr($decrypted0, -32);
 
// Integrity check.  If this fails, either the data is corrupted, or the password/salt was incorrect.
 
if (md5($decrypted) != $hash) return false;
 
// Yay!
 
return $decrypted;
 }
?>

ysfbauchi at yahoo dot com (2011-02-19 22:25:37)

//This is a des, 3des, aes and gost encryption program i wrote using php for my assignment

<?php
    
if (isset($_REQUEST['select'])) {
    
$choice $_POST['select'];
      
$mykey $_POST['mykey'];
    
$msg $_POST['plain'];
    } else {
    die(
"algorithm not selected");
      }

    if (
$msg == ''){
        die(
"Please enter a text to encrypt! ");
        }
    if (
$mykey == ''){
        die(
"Please enter a key! ");
        }         
    
    function 
algorithmdetails($cipher)
    {
        
$chiphername mcrypt_enc_get_algorithms_name($cipher);
        
$blocksize mcrypt_enc_get_block_size($cipher);
        
$mykeysize mcrypt_enc_get_supported_key_sizes($cipher);
        echo 
"<p><b>Cipher Name :</b> $chiphername";    
        echo 
"<p><b>Block size :</b> $blocksize bytes";
        echo 
"<p><b>Key size :</b> ";    
        foreach (
$mykeysize as $value)
        {
        echo 
"$value bytes ";
        }unset(
$value);
    }
    
    function 
encryptnow($thecipher$thekey$themsg)
    {
        
$iv mcrypt_create_iv (mcrypt_enc_get_iv_size($thecipher), MCRYPT_DEV_RANDOM);
        
mcrypt_generic_init($thecipher$thekey$iv);
        
$encrypted_text mcrypt_generic($thecipher$themsg);
        echo 
"<html><hr size='2' ></html>";
        echo 
"<P><P><b>Plain Text : </b>"
        echo(
$themsg); 
        echo 
"<p><b>Cipher Text : </b> "
        echo 
"$encrypted_text";
        
mcrypt_generic_deinit($thecipher);
        
mcrypt_module_close($thecipher);
        die();
    }
    
    if (
$choice == '1'){
        
$cipher mcrypt_module_open (MCRYPT_DES'''ecb''');
        
algorithmdetails($cipher);
        
encryptnow($cipher$mykey$msg);
    
    }elseif (
$choice == '2'){
        
$cipher mcrypt_module_open (MCRYPT_3DES'''ecb''');
        
algorithmdetails($cipher);
        
encryptnow($cipher$mykey$msg);
    
    }elseif (
$choice == '3'){
        
$cipher mcrypt_module_open (MCRYPT_RIJNDAEL_128'''ecb''');
        
algorithmdetails($cipher);
        
encryptnow($cipher$mykey$msg);
    
    }elseif (
$choice == '4'){
        
$cipher mcrypt_module_open (MCRYPT_GOST'''ecb''');
        
algorithmdetails($cipher);
        
encryptnow($cipher$mykey$msg);
        
    }else {
        die(
"Please choose an algorithm!");
    }    
    
?>

ghoffman at salientdigital dot com (2010-11-23 13:23:41)

If you want a quick way to see what ciphers, modes, key, block and iv sizes are supported on your server, try something like the following. 

Note: I used this simple bash: `locate libmcrypt` from terminal on Mac OS X to determine the install paths to the algorithms and modes directories. Lots of function calls generate warnings for certain ciphers, hence the use of error suppression.

<?php

$modes 
mcrypt_list_modes();
$algorithms mcrypt_list_algorithms();
foreach(
$algorithms as $cipher)
{
    echo 
"<h1 style=\"border-top:1px solid black;\">".$cipher."</h1>\n";
    foreach(
$modes as $mode)
    {
        echo 
"<h3>".$mode."</h3>\n";
        @
$td mcrypt_module_open(
            
$cipher,
            
'/usr/local/libmcrypt-2.5.8/modules/algorithms/',
            
$mode,
            
'/usr/local/libmcrypt-2.5.8/modules/modes/');
        @
$key_size mcrypt_enc_get_key_size($td);
        @
$block_size mcrypt_get_block_size($cipher,$mode);
        @
$iv_size mcrypt_get_iv_size($cipher$mode);
        @
mcrypt_module_close($td);
        echo 
"
        <pre>  
            key_size: "
. ($key_size?$key_size:'n/a'
      .
"    block_size: ". ($block_size?$block_size:'n/a'
      .
"    iv_size: ". ($iv_size?$iv_size:'n/a'
      .
"  </pre>\n";
        
$td=NULL;
        
$key_size=NULL;
        
$block_size=NULL;
        
$iv_size=NULL;
    }
}

?>

rainbowarrior (2010-08-28 08:25:00)

for Suse Linux Enterprise 11 I had used this to resolve the issue (as root)
# yast -i php5-mcrypt
# rcapache2 restart
hope this helps

Maarten Malaise (2010-04-11 05:38:36)

people using phpmyadmin are redirected to this manual if they don't have mcrypt installed. If you want to install mcrypt on debian, first check your php version:
yourserver# php --version
Then install the appropriate version of mcrypt (php5-mcrypt if your php version is 5.x)
yourserver# apt-get install php4-mcrypt
...or...
yourserver# apt-get install php5-mcrypt

Anonymous (2009-10-15 20:11:38)

When using 3DES between PHP and C#, it is to be noted that there are subtle differences that if not strictly observed, will result in annoying problem encrypt/decrypt data.
1), When using a 16 bytes key, php and c# generates total different outcome string. it seems that a 24 bytes key is required for php and c# to work alike.
2), php doesnt have a "padding" option, while c# has 3 (?). My work around is to add nulls i.e. chr(0) to the end of the source string to make its size times of 8, while in c#, PaddingMode.Zeros is required.
3) the key size has to be times of 8, in php, to make it work for c#.

易百教程