openssl aes padding命令解密_php7.* 加密解密 openssl_encrypt 替代mcrypt

1 .概况

php7.1发布后新特性吸引了不少PHPer，大家都在讨论新特性带来的好处与便利。但是从php7.0 升级到 php7.1 废弃了一个在过去普遍应用的扩展(mcrypt扩展)。官方提供了相应的解决提示，却没有提供更详细的解决办法。于是坑来了….

2 .解决

php手册目前缺少“ openssl_encrypt ”和“ openssl_decrypt ”功能的文档，所以花了我一段时间来完成我需要做的工作，以使这些功能可以替代mcrypt

2.1 首先，您将需要生成一个用作256位加密密钥的伪随机字节串，请求的长度将为32(32位= 256位)。

$encryption_key_256bit = base64_encode(openssl_random_pseudo_bytes(32));

2.2 现在我们有了关键，我们将创建加密功能。我们将把要编码的数据和我们的密钥传递给该函数。除了我们的密钥，还有一个二次随机字符串，我们将创建和使用称为 初始化向量 (IV)，有助于加强加密。

function my_encrypt($data, $key) {    // Remove the base64 encoding from our key    $encryption_key = base64_decode($key);    // Generate an initialization vector    $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));    // Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector.    $encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);    // The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)    return base64_encode($encrypted . '::' . $iv);}

2.3 现在为解密功能：

function my_decrypt($data, $key) {      // Remove the base64 encoding from our key      $encryption_key = base64_decode($key);      // To decrypt, split the encrypted data from our IV - our unique separator used was "::"      list($encrypted_data, $iv) = explode('::', base64_decode($data), 2);      return openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);}

2.4 放在一起测试

//$key is our base64 encoded 256bit key that we created earlier. You will probably store and define this     key in a config file.$key = 'bRuD5WYw5wd0rdHR9yLlM6wt2vteuiniQBqE70nAuhU=';function my_encrypt($data, $key) {    // Remove the base64 encoding from our key    $encryption_key = base64_decode($key);    // Generate an initialization vector    $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));    // Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector.    $encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);    // The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)    return base64_encode($encrypted . '::' . $iv);}function my_decrypt($data, $key) {    // Remove the base64 encoding from our key    $encryption_key = base64_decode($key);    // To decrypt, split the encrypted data from our IV - our unique separator used was "::"    list($encrypted_data, $iv) = explode('::', base64_decode($data), 2);    return openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);}//our data to be encoded$password_plain = 'abc123';echo $password_plain . "
";//our data being encrypted. This encrypted data will probably be going into a database//since it's base64 encoded, it can go straight into a varchar or text database field without corruption worry$password_encrypted = my_encrypt($password_plain, $key);echo $password_encrypted . "
";//now we turn our encrypted data back to plain text$password_decrypted = my_decrypt($password_encrypted, $key);echo $password_decrypted . "
";

2.5 上面的代码将输出以下内容。请注意，由于我们的初始化向量，每次运行代码时，中间的加密字符串将会更改：

abc123K3gzWkxySUd6VkgvQTNJUUtZMjV2UT09Ojpia3sh1zglO3DYodw84855abc123

我是这样使用的：