openssl_decrypt

(PHP 5 >= 5.3.0)

openssl_decrypt — Decrypts data

说明

string openssl_decrypt ( string $data , string $method , string $password [, int $options = 0 [, string $iv = "" ]] )

Takes a raw or base64 encoded string and decrypts it using a given method and key.

Warning

本函数还未编写文档，仅有参数列表。

参数

data: The data.
method: The cipher method.
password: The password.
options: options can be one of OPENSSL_RAW_DATA, OPENSSL_ZERO_PADDING.
iv: A non-NULL Initialization Vector.

返回值

The decrypted string on success 或者在失败时返回 FALSE.

错误／异常

Emits an E_WARNING level error if an unknown cipher algorithm is passed via the method parameter.

Emits an E_WARNING level error if an empty value is passed in via the iv parameter.

更新日志

版本	说明
5.3.3	The `iv` parameter was added.
5.4.0	The `raw_output` was changed to `options`.

参见

openssl_encrypt() - Encrypts data

用户评论:

ittasks at gmail dot com (2013-04-03 00:02:55)

in case that hosting do not provide openssl_encrypt decrypt functions - it could be mimiced via commad prompt executions this functions will check is if openssl is installed and try to use it by default function sslPrm() { return array("your_password","IV (optional)","aes-128-cbc"); } function sslEnc($msg) { list ($pass, $iv, $method)=sslPrm(); if(function_exists('openssl_encrypt')) return urlencode(openssl_encrypt(urlencode($msg), $method, $pass, false, $iv)); else return urlencode(exec("echo \"".urlencode($msg)."\" | openssl enc -".urlencode($method)." -base64 -nosalt -K ".bin2hex($pass)." -iv ".bin2hex($iv))); } function sslDec($msg) { list ($pass, $iv, $method)=sslPrm(); if(function_exists('openssl_decrypt')) return trim(urldecode(openssl_decrypt(urldecode($msg), $method, $pass, false, $iv))); else return trim(urldecode(exec("echo \"".urldecode($msg)."\" | openssl enc -".$method." -d -base64 -nosalt -K ".bin2hex($pass)." -iv ".bin2hex($iv)))); } //example of usage: $r= sslEnc("This is encryption/decryption test!"); echo "<br>\n".$r.":".sslDec($r);

nbari at dalmp dot com (2012-01-15 15:52:06)

There are cases where you need to send data in a secure way within an 'un-secure' connection, a typically scenario of this, is a site with out SSL (no https). For this cases you can use the GibberishAES javascript library, this library will encrypt your data before it is submitted using CBC AES encryption mode, and it is fully compatible with a standar like OpenSSL. Example: When displaying a form, you can set a hidden field containing a token, the one is stored on the server via sessions and is going to be used as the 'password' for encrypting the data on the user side, in help with the GibberishAES library. In Javascript (user side): // GibberishAES.enc(string, password) // Defaults to 256 bit encryption GibberishAES.enc("Made with Gibberish\n", "password"); // Outputs: "U2FsdGVkX1+21O5RB08bavFTq7Yq/gChmXrO3f00tvJaT55A5pPvqw0zFVnHSW1o" Later when the user submits the data, you will need to decrypt the data, for that you could use the class below and use it like this: <?php sqAES::decrypt('password', 'U2FsdGVkX1+21O5RB08bavFTq7Yq/gChmXrO3f00tvJaT55A5pPvqw0zFVnHSW1o'); ?> That will return the same result, that openssl would return from this command line : echo "U2FsdGVkX1+21O5RB08bavFTq7Yq/gChmXrO3f00tvJaT55A5pPvqw0zFVnHSW1o" | openssl enc -d -aes-256-cbc -a -k password This class currently only encrypts/decrypts AES256 but can be easily modified to feed your needs, right now it is fully compatible withe the GibberishAES library, so you could decrypt all your users data and also send encrypted data back to the user in a secure way, all this thanks to the openssl-decrypt/openssl-encrypt functions. <?php class sqAES { /** * decrypt AES 256 * * @param string $password * @param data $edata * @return dencrypted data */ public static function decrypt($password, $edata) { $data = base64_decode($edata); $salt = substr($data, 8, 8); $ct = substr($data, 16); /** * From https://github.com/mdp/gibberish-aes * * Number of rounds depends on the size of the AES in use * 3 rounds for 256 * 2 rounds for the key, 1 for the IV * 2 rounds for 128 * 1 round for the key, 1 round for the IV * 3 rounds for 192 since it's not evenly divided by 128 bits */ $rounds = 3; $data00 = $password.$salt; $md5_hash = array(); $md5_hash[0] = md5($data00, true); $result = $md5_hash[0]; for ($i = 1; $i < $rounds; $i++) { $md5_hash[$i] = md5($md5_hash[$i - 1].$data00, true); $result .= $md5_hash[$i]; } $key = substr($result, 0, 32); $iv = substr($result, 32,16); return openssl_decrypt($ct, 'aes-256-cbc', $key, true, $iv); } /** * crypt AES 256 * * @param string $password * @param data $data * @return base64 encrypted data */ public static function crypt($password, $data) { // Set a random salt $salt = openssl_random_pseudo_bytes(8); $salted = ''; $dx = ''; // Salt the key(32) and iv(16) = 48 while (strlen($salted) < 48) { $dx = md5($dx.$password.$salt, true); $salted .= $dx; } $key = substr($salted, 0, 32); $iv = substr($salted, 32,16); $encrypted_data = openssl_encrypt($data, 'aes-256-cbc', $key, true, $iv); return base64_encode('Salted__' . $salt . $encrypted_data); } } ?>