使用Mcrypt加密/解密文件

下面的加密功能似乎起作用,因为它似乎可以加密文件并将其放置在预期的目录中。我现在正在尝试解密文件,并且它只死于消息“无法完成解密”(在此处进行编码…)。php错误日志中没有任何内容,因此我不确定为什么它会失败,但由于mcrypt对我来说是全新的,所以我更倾向于相信自己在这里做错了…

功能如下:

//ENCRYPT FILE

function encryptFile() {

global $cryptastic;

$pass = PGPPASS;

$salt = PGPSALT;

$key = $cryptastic->pbkdf2($pass, $salt, 1000, 32) or die("Failed to generate secret key.");

if ($handle = opendir(PATH.'/ftpd')) {

while (false !== ($file = readdir($handle))) {

if ($file != "." && $file != "..") {

$newfile = PATH.'/encrypted/'.$file.'.txt';

$msg = file_get_contents(PATH.'/ftpd/'.$file);

$encrypted = $cryptastic->encrypt($msg, $key) or die("Failed to complete encryption.");

$nfile = fopen($newfile, 'w');

fwrite($nfile, $encrypted);

fclose($nfile);

unlink(PATH.'/ftpd/'.$file);

}

}

closedir($handle);

}

//DECRYPT FILE

function inFTP() {

global $cryptastic;

$pass = PGPPASS;

$salt = PGPSALT;

$key = $cryptastic->pbkdf2($pass, $salt, 1000, 32) or die("Failed to generate secret key.");

if ($handle = opendir(PATH.'/encrypted')) {

while (false !== ($file = readdir($handle))) {

if ($file != "." && $file != "..") {

$newfile = PATH.'/decrypted/'.$file;

$msg = PATH.'/encrypted/'.$file;

$decrypted = $cryptastic->decrypt($msg, $key) or die("Failed to complete decryption.");

$nfile = fopen($newfile, 'w');

fwrite($nfile, $decrypted);

fclose($nfile);

//unlink(PATH.'/encrypted/'.$file);

}

}

closedir($handle);

}

//$crypt->decrypt($file);

}

回答:

由于mcrypt是一种废弃软件,不再建议使用,因此这里是使用openssl的示例。

class AES256Encryption

{

public const BLOCK_SIZE = 8;

public const IV_LENGTH = 16;

public const CIPHER = 'AES256';

public static function generateIv(bool $allowLessSecure = false): string

{

$success = false;

$random = openssl_random_pseudo_bytes(openssl_cipher_iv_length(static::CIPHER));

if (!$success) {

if (function_exists('sodium_randombytes_random16')) {

$random = sodium_randombytes_random16();

} else {

try {

$random = random_bytes(static::IV_LENGTH);

}

catch (Exception $e) {

if ($allowLessSecure) {

$permitted_chars = implode(

'',

array_merge(

range('A', 'z'),

range(0, 9),

str_split('~!@#$%&*()-=+{};:"<>,.?/\'')

)

);

$random = '';

for ($i = 0; $i < static::IV_LENGTH; $i++) {

$random .= $permitted_chars[mt_rand(0, (static::IV_LENGTH) - 1)];

}

}

else {

throw new RuntimeException('Unable to generate initialization vector (IV)');

}

}

}

}

return $random;

}

protected static function getPaddedText(string $plainText): string

{

$stringLength = strlen($plainText);

if ($stringLength % static::BLOCK_SIZE) {

$plainText = str_pad($plainText, $stringLength + static::BLOCK_SIZE - $stringLength % static::BLOCK_SIZE, "\0");

}

return $plainText;

}

public static function encrypt(string $plainText, string $key, string $iv): string

{

$plainText = static::getPaddedText($plainText);

return base64_encode(openssl_encrypt($plainText, static::CIPHER, $key, OPENSSL_RAW_DATA, $iv));

}

public static function decrypt(string $encryptedText, string $key, string $iv): string

{

return openssl_decrypt(base64_decode($encryptedText), static::CIPHER, $key, OPENSSL_RAW_DATA, $iv);

}

}

$text = '8SViI0Gz4r-p7A15YxkwjOBFuW*@NTtbm{U]D&E=~6yLM+adX'P;h3$,KJ%/eo>}<Rs:2#gZ.9fqn"Cv_^[(H\c!)?`Ql';

$key = 'secretkey';

$iv = AES256Encryption::generateIv();

$encryptedText = AES256Encryption::encrypt($text, $key, $iv);

$decryptedText = AES256Encryption::decrypt($encryptedText, $key, $iv);

printf('Original Text: %s%s', $text, PHP_EOL);

printf('Encrypted: %s%s', $encryptedText, PHP_EOL);

printf('Decrypted: %s%s', $decryptedText, PHP_EOL);

输出:

// Long string with lots of different characters

Original Text: 8SViI0Gz4r-p7A15YxkwjOBFuW*@NTtbm{U]D&E=~6yLM+adX'P;h3$,KJ%/eo>}<Rs:2#gZ.9fqn"Cv_^[(H\c!)?`Ql

Encrypted : rsiF4PMCMyvAp+CTuJrxJYGoV4BSy8Fy+q+FL8m64+Mt5V3o0HS0elRkWXsy+//hPjzNhjmVktxVvMY55Negt4DyLcf2QpH05wUX+adJDe634J/9fWd+nlEFoDutXuhY+/Kep9zUZFDmLmszJaBHWQ==

Decrypted : 8SViI0Gz4r-p7A15YxkwjOBFuW*@NTtbm{U]D&E=~6yLM+adX'P;h3$,KJ%/eo>}<Rs:2#gZ.9fqn"Cv_^[(H\c!)?`Ql

尝试使用此PHP5类使用mcrypt进行加密。在这种情况下,它使用的是AES加密。您需要为使用它的每个站点更改密钥。如果您至少不使用它,它可能会指导您编写自己的版本。

<?php

class Encryption

{

const CIPHER = MCRYPT_RIJNDAEL_128; // Rijndael-128 is AES

const MODE = MCRYPT_MODE_CBC;

/* Cryptographic key of length 16, 24 or 32. NOT a password! */

private $key;

public function __construct($key) {

$this->key = $key;

}

public function encrypt($plaintext) {

$ivSize = mcrypt_get_iv_size(self::CIPHER, self::MODE);

$iv = mcrypt_create_iv($ivSize, MCRYPT_DEV_URANDOM);

$ciphertext = mcrypt_encrypt(self::CIPHER, $this->key, $plaintext, self::MODE, $iv);

return base64_encode($iv.$ciphertext);

}

public function decrypt($ciphertext) {

$ciphertext = base64_decode($ciphertext);

$ivSize = mcrypt_get_iv_size(self::CIPHER, self::MODE);

if (strlen($ciphertext) < $ivSize) {

throw new Exception('Missing initialization vector');

}

$iv = substr($ciphertext, 0, $ivSize);

$ciphertext = substr($ciphertext, $ivSize);

$plaintext = mcrypt_decrypt(self::CIPHER, $this->key, $ciphertext, self::MODE, $iv);

return rtrim($plaintext, "\0");

}

}

用法:

$key = /* CRYPTOGRAPHIC!!! key */;

$crypt = new Encryption($key);

$encrypted_string = $crypt->encrypt('this is a test');

$decrypted_string = $crypt->decrypt($encrypted_string); // this is a test

笔记:

  • 此类不适用于二进制数据(可能以NUL字节结尾)
  • 此类不提供经过身份验证的加密。

以上是 使用Mcrypt加密/解密文件 的全部内容, 来源链接: utcz.com/qa/403212.html

回到顶部