下面的加密功能似乎起作用,因为它似乎可以加密文件并将其放置在预期的目录中。我现在正在尝试解密文件,并且它只死于消息“无法完成解密”(在此处进行编码…)。php错误日志中没有任何内容,因此我不确定为什么它会失败,但由于mcrypt对我来说是全新的,所以我更倾向于相信自己在这里做错了…
功能如下:
//ENCRYPT FILE function encryptFile() { global $cryptastic; $pass = PGPPASS; $salt = PGPSALT; $key = $cryptastic->pbkdf2($pass, $salt, 1000, 32) or die("Failed to generate secret key."); if ($handle = opendir(PATH.'/ftpd')) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != "..") { $newfile = PATH.'/encrypted/'.$file.'.txt'; $msg = file_get_contents(PATH.'/ftpd/'.$file); $encrypted = $cryptastic->encrypt($msg, $key) or die("Failed to complete encryption."); $nfile = fopen($newfile, 'w'); fwrite($nfile, $encrypted); fclose($nfile); unlink(PATH.'/ftpd/'.$file); } } closedir($handle); } //DECRYPT FILE function inFTP() { global $cryptastic; $pass = PGPPASS; $salt = PGPSALT; $key = $cryptastic->pbkdf2($pass, $salt, 1000, 32) or die("Failed to generate secret key."); if ($handle = opendir(PATH.'/encrypted')) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != "..") { $newfile = PATH.'/decrypted/'.$file; $msg = PATH.'/encrypted/'.$file; $decrypted = $cryptastic->decrypt($msg, $key) or die("Failed to complete decryption."); $nfile = fopen($newfile, 'w'); fwrite($nfile, $decrypted); fclose($nfile); //unlink(PATH.'/encrypted/'.$file); } } closedir($handle); } //$crypt->decrypt($file); }
由于mcrypt是一种废弃软件,不再建议使用,因此这里是使用openssl的示例。
class AES256Encryption { public const BLOCK_SIZE = 8; public const IV_LENGTH = 16; public const CIPHER = 'AES256'; public static function generateIv(bool $allowLessSecure = false): string { $success = false; $random = openssl_random_pseudo_bytes(openssl_cipher_iv_length(static::CIPHER)); if (!$success) { if (function_exists('sodium_randombytes_random16')) { $random = sodium_randombytes_random16(); } else { try { $random = random_bytes(static::IV_LENGTH); } catch (Exception $e) { if ($allowLessSecure) { $permitted_chars = implode( '', array_merge( range('A', 'z'), range(0, 9), str_split('~!@#$%&*()-=+{};:"<>,.?/\'') ) ); $random = ''; for ($i = 0; $i < static::IV_LENGTH; $i++) { $random .= $permitted_chars[mt_rand(0, (static::IV_LENGTH) - 1)]; } } else { throw new RuntimeException('Unable to generate initialization vector (IV)'); } } } } return $random; } protected static function getPaddedText(string $plainText): string { $stringLength = strlen($plainText); if ($stringLength % static::BLOCK_SIZE) { $plainText = str_pad($plainText, $stringLength + static::BLOCK_SIZE - $stringLength % static::BLOCK_SIZE, "\0"); } return $plainText; } public static function encrypt(string $plainText, string $key, string $iv): string { $plainText = static::getPaddedText($plainText); return base64_encode(openssl_encrypt($plainText, static::CIPHER, $key, OPENSSL_RAW_DATA, $iv)); } public static function decrypt(string $encryptedText, string $key, string $iv): string { return openssl_decrypt(base64_decode($encryptedText), static::CIPHER, $key, OPENSSL_RAW_DATA, $iv); } } $text = '8SViI0Gz4r-p7A15YxkwjOBFuW*@NTtbm{U]D&E=~6yLM+adX'P;h3$,KJ%/eo>}<Rs:2#gZ.9fqn"Cv_^[(H\c!)?`Ql'; $key = 'secretkey'; $iv = AES256Encryption::generateIv(); $encryptedText = AES256Encryption::encrypt($text, $key, $iv); $decryptedText = AES256Encryption::decrypt($encryptedText, $key, $iv); printf('Original Text: %s%s', $text, PHP_EOL); printf('Encrypted: %s%s', $encryptedText, PHP_EOL); printf('Decrypted: %s%s', $decryptedText, PHP_EOL);
输出:
// Long string with lots of different characters Original Text: 8SViI0Gz4r-p7A15YxkwjOBFuW*@NTtbm{U]D&E=~6yLM+adX'P;h3$,KJ%/eo>}<Rs:2#gZ.9fqn"Cv_^[(H\c!)?`Ql Encrypted : rsiF4PMCMyvAp+CTuJrxJYGoV4BSy8Fy+q+FL8m64+Mt5V3o0HS0elRkWXsy+//hPjzNhjmVktxVvMY55Negt4DyLcf2QpH05wUX+adJDe634J/9fWd+nlEFoDutXuhY+/Kep9zUZFDmLmszJaBHWQ== Decrypted : 8SViI0Gz4r-p7A15YxkwjOBFuW*@NTtbm{U]D&E=~6yLM+adX'P;h3$,KJ%/eo>}<Rs:2#gZ.9fqn"Cv_^[(H\c!)?`Ql
旧答案
尝试使用此PHP5类使用mcrypt进行加密。在这种情况下,它使用的是AES加密。您需要为使用它的每个站点更改密钥。如果您至少不使用它,它可能会指导您编写自己的版本。
<?php class Encryption { const CIPHER = MCRYPT_RIJNDAEL_128; // Rijndael-128 is AES const MODE = MCRYPT_MODE_CBC; /* Cryptographic key of length 16, 24 or 32. NOT a password! */ private $key; public function __construct($key) { $this->key = $key; } public function encrypt($plaintext) { $ivSize = mcrypt_get_iv_size(self::CIPHER, self::MODE); $iv = mcrypt_create_iv($ivSize, MCRYPT_DEV_URANDOM); $ciphertext = mcrypt_encrypt(self::CIPHER, $this->key, $plaintext, self::MODE, $iv); return base64_encode($iv.$ciphertext); } public function decrypt($ciphertext) { $ciphertext = base64_decode($ciphertext); $ivSize = mcrypt_get_iv_size(self::CIPHER, self::MODE); if (strlen($ciphertext) < $ivSize) { throw new Exception('Missing initialization vector'); } $iv = substr($ciphertext, 0, $ivSize); $ciphertext = substr($ciphertext, $ivSize); $plaintext = mcrypt_decrypt(self::CIPHER, $this->key, $ciphertext, self::MODE, $iv); return rtrim($plaintext, "\0"); } }
用法:
$key = /* CRYPTOGRAPHIC!!! key */; $crypt = new Encryption($key); $encrypted_string = $crypt->encrypt('this is a test'); $decrypted_string = $crypt->decrypt($encrypted_string); // this is a test
笔记:
