php7.2 加密,在php 7.2中解密pbkdf2加密的会话密钥

正如rob napier所说,pbkdf2是系统用来散列传递到加密过程中的密码。该站点实际上使用的是aes-256-cbc加密。加密过程可以包括密码。

在信息被加密后,该有效负载用hmac密钥签名。

您可以使用OpenSSL库在PHP 7和更高版本中执行所有这些操作。下面是一些创建类以处理加密/解密的示例代码,例如:

$crypto = new AesCryptoClass('YOUR_PASSPHRASE_HERE',

'YOUR_HMAC_KEY_HERE',

'YOUR_SALT_HERE');

class AesCryptoClass {

// These should not change

private $hmacLength = 32;

private $iterations = 1000;

private $keyLength = 32;

private $blockSize = 16;

private $cipher = 'aes-256-cbc';

function __construct($password,$hmacKey,$salt)

{

$this->password = $password;

$this->hmacKey = $hmacKey;

$this->salt = $salt;

}

function encrypt($plainText)

{

$iv = openssl_random_pseudo_bytes(16);

$encryptedBytes = $this->encryptInner($iv, $plainText);

$encryptedMessage = $iv . $encryptedBytes;

$mac = $this->hashMessage($encryptedMessage);

$secureMessage = $mac . $encryptedMessage;

$encryptedText = base64_encode($secureMessage);

return $encryptedText;

}

function decrypt($encryptedText)

{

$secureMessage = base64_decode($encryptedText);

$mac = substr($secureMessage, 0, $this->hmacLength);

$encryptedMessage = substr($secureMessage, $this->hmacLength);

$newMac = $this->hashMessage($encryptedMessage);

if (strcmp($mac, $newMac) !== 0) {

return "";

}

$iv = substr($encryptedMessage,0, $this->blockSize);

$encryptedBytes = substr($encryptedMessage, $this->blockSize);

$plainText = $this->decryptInner($iv, $encryptedBytes);

return $plainText;

}

function encryptInner($iv, $plainText)

{

$encryptionKey = openssl_pbkdf2($this->password, $this->salt, $this->keyLength, $this->iterations);

return openssl_encrypt($plainText, $this->cipher, $encryptionKey, OPENSSL_RAW_DATA, $iv);

}

function decryptInner($iv, $encryptedBytes)

{

$encryptionKey = openssl_pbkdf2($this->password, $this->salt, $this->keyLength, $this->iterations);

return openssl_decrypt($encryptedBytes, $this->cipher, $encryptionKey, OPENSSL_RAW_DATA, $iv);

}

function hashMessage($encryptedMessage)

{

return pack("H*", hash_hmac("sha256", $encryptedMessage, $this->hmacKey));

}

}