[TOC] ## openssl_get_cipher_methods 查看哪些加密可用 ``` print_r(openssl_get_cipher_methods()); /* Array ( [0] => AES-128-CBC [1] => AES-128-CBC-HMAC-SHA1 [2] => AES-128-CFB [3] => AES-128-CFB1 ... )*/ ``` ## openssl_encrypt / openssl_decrypt 加密/解密 ``` openssl_encrypt($data, $method, $key, $options = 0, $iv = "", &$tag = NULL, $aad = "", $tag_length = 16)} $data 待加密的值 $method 密码学方式。openssl_get_cipher_methods() 可获取有效密码方式列表 $key 盐 可用 uniqid();生成 $options OPENSSL_RAW_DATA(推荐) 、 OPENSSL_ZERO_PADDING(会填充 0,和进行 base64加密)。 $iv 8位的向量 如: "12345678" ``` ### method 可选值 不用方法 $vi长度不同 ,可通过 `openssl_cipher_iv_length($methods)`获得长度 `openssl_cipher_iv_length('AES-128-CBC'); //16` ``` Array ( [0] => AES-128-CBC [1] => AES-128-CFB [2] => AES-128-CFB1 [3] => AES-128-CFB8 [5] => AES-128-OFB [6] => AES-192-CBC [7] => AES-192-CFB [8] => AES-192-CFB1 [9] => AES-192-CFB8 [11] => AES-192-OFB [12] => AES-256-CBC [13] => AES-256-CFB [14] => AES-256-CFB1 [15] => AES-256-CFB8 [17] => AES-256-OFB [18] => BF-CBC [19] => BF-CFB [21] => BF-OFB [22] => CAST5-CBC [23] => CAST5-CFB [25] => CAST5-OFB [41] => IDEA-CBC [42] => IDEA-CFB [44] => IDEA-OFB [53] => aes-128-cbc [54] => aes-128-cfb [55] => aes-128-cfb1 [56] => aes-128-cfb8 [58] => aes-128-ofb [59] => aes-192-cbc [60] => aes-192-cfb [61] => aes-192-cfb1 [62] => aes-192-cfb8 [64] => aes-192-ofb [65] => aes-256-cbc [66] => aes-256-cfb [67] => aes-256-cfb1 [68] => aes-256-cfb8 [70] => aes-256-ofb [71] => bf-cbc [72] => bf-cfb [74] => bf-ofb [75] => cast5-cbc [76] => cast5-cfb [78] => cast5-ofb [94] => idea-cbc [95] => idea-cfb [97] => idea-ofb ) ``` ## 常用算法 ### DES 算法 ``` $data = "thsi si a hello woard"; $methods = "DES-CBC"; $key = uniqid(); echo $key."<br/>"; $content = openssl_encrypt($data,$methods,$key,OPENSSL_RAW_DATA,"12345678"); var_dump($content); var_dump(openssl_decrypt($content,$methods,$key,OPENSSL_RAW_DATA,"12345678")); ``` ### AES 算法 ``` $data = "thsi si a hello woard"; $methods = "AES-128-CBC"; $key = uniqid(); echo $key."<br/>"; $content = openssl_encrypt($data,$methods,$key,OPENSSL_RAW_DATA,"1234567812345678"); //向量需要 18 位 var_dump($content); var_dump(openssl_decrypt($content,$methods,$key,OPENSSL_RAW_DATA,"1234567812345678")); ``` 优化key 与向量 ``` $data = "thsi si a hello woard"; $methods = "AES-128-CBC"; $id = uniqid(); $key = md5($id); $vi = substr($key, 0, 16); $content = openssl_encrypt($data,$methods,$key,OPENSSL_RAW_DATA, $vi); //向量需要 18 位 var_dump($content); var_dump(openssl_decrypt($content,$methods,$key,OPENSSL_RAW_DATA,$vi)); ``` ### RSA 算法 ASE优,但性能差 不适合长字符的加密 在线生成秘钥对 [http://web.chacuo.net/netrsakeypair](http://web.chacuo.net/netrsakeypair) 秘钥位数越多越安全,密钥格式推荐使用`PKCS#8` ,`PKCS#1`支持老的密码 ``` openssl_private_decrypt — 使用私钥解密数据 openssl_private_encrypt — 使用私钥加密数据 openssl_public_decrypt — 使用公钥解密数据 openssl_public_encrypt — 使用公钥加密数据 ``` #### 公钥加密,私钥解密 ``` $public='-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2dBfs3VaQtbSrCTLWhgDrq4C8 KuLKJWotrnTTpdwwS9HV7t7hmAXA7d2WRzN4iiCPuDGOe711rQJo7mE2Vs7thPw3 aJ7YrmFKjvs+IfVhV6bWO1puGmoa5MOYHcdIpW1yTTunHqmho/E331oU5uZaYZ1P m+AyyEoVAJRZgj49VwIDAQAB -----END PUBLIC KEY-----'; $private='-----BEGIN PRIVATE KEY----- MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALZ0F+zdVpC1tKsJ MtaGAOurgLwq4solai2udNOl3DBL0dXu3uGYBcDt3ZZHM3iKII+4MY57vXWtAmju YTZWzu2E/DdontiuYUqO+z4h9WFXptY7Wm4aahrkw5gdx0ilbXJNO6ceqaGj8Tff WhTm5lphnU+b4DLIShUAlFmCPj1XAgMBAAECgYEAsrhdh0P4u5+B7dgA2GpDFJbW b3uC04h6zWyKO5fIa/aZAPoPkOOdHzLhT4dHP9fttVo0EOHc4BwstCRtTRETd6bJ 4K0oyvx54w8Ex0WU4T2hCk9CM7msH4pq5eLO/Os1vMs0xqId/fUDjJksWMWjVVHr a+pcGCQ5zgn67MeVIyECQQDbytSZSAVY807NaLfL0dNuUmFuwzUVQp4QWmF8VdNZ p7bWCKqOBiIHjA1UhuKlz8tED9JdJJRnniBYbBa1tS61AkEA1IKYbPJVK8cWoVXy +GjJep6tXFs8CRAZME/RZdihnY8t6U6zzN4idc2n3honvAoGjXqcmRBv2MrDp+Hb hW73WwJBALg3U2M5owm/u++b8liJgA16TKF6SXaNRE/ugMCmaqM9V5gi4VhyOXlb 4BxVhYd2Fybvn+BjdWM3fGLADXS06/UCQDXJyGLrA3vNLIExjAosG7MZrq+NuChj Fr0PtuScbGvA7dH7xa65GufOYgrpe90wfHAa9MAZVPX+fH9lv3aKm7kCQD4uKMh1 PZKnCOJU6Pw9z1Pvp7JMvrpOLwwh/5rO1/ErEsu1ODxR/L+28jW7HkZhhLyCS6mx /8GEL3TrSAoe+aQ= -----END PRIVATE KEY-----'; $content = "this is a hello word"; var_dump(openssl_public_encrypt($content, $res, $public)); //bool var_dump($res);//加密后的值 var_dump(openssl_private_decrypt($res, $res, $private)); var_dump($res); ``` ## 使用 appkey 与 secretKey 参数验证 新建 `demo.php` 执行 `php -S 127.0.0.1:8081` ``` /*======= 加密 start =========*/ $appkey ="w12baqefaaoc"; $secretKey = "asjdKHKJHasjdIAHSdkASkdbaksjbdkjas"; $url ="http://127.0.0.1:8081/demo.php?"; $params['appkey'] = $appkey; $params['order_id']=1; $params['name']="idcpj"; $params['pwd']="123456"; $params['time']=time(); $params['sign'] = getSign($params,$secretKey); echo $url.http_build_query($params); function getSign($query,$secretKey){ ksort($query); $str = http_build_query($query); return md5($str.$secretKey); } /*======= 加密 end =========*/ /*======= 解密 start =========*/ $conf['w12baqefaaoc']="asjdKHKJHasjdIAHSdkASkdbaksjbdkjas"; $getParams = $_GET; if (abs(time() - $getParams['time'])>=3){//使用 abs 更加安全 die("<br/> time out"); } if (valiSign($getParams,$conf)){ die("<br/>succ"); }else{ die("<br/>error"); } function valiSign($params,$conf){ $paramsSign = $params['sign']; unset($params['sign']); ksort($params); $str = http_build_query($params); $cSign = md5($str.$conf[$params['appkey']]); return $paramsSign==$cSign; } /*======= 解密 end =========*/ ```