mcrypt cbc php7,php7.1加密解密 openssl_encrypt 替代mcrypt

1 概况

php7.1发布后新特性吸引了不少PHPer，大家都在讨论新特性带来的好处与便利。但是从php7.0 升级到 php7.1 废弃了一个在过去普遍应用的扩展(mcrypt扩展)。官方提供了相应的解决提示，却没有提供更详细的解决办法。于是坑来了….

2 解决

php手册目前缺少“ openssl_encrypt ”和“ openssl_decrypt ”功能的文档，所以花了我一段时间来完成我需要做的工作，以使这些功能可以替代mcrypt

2.1 首先，您将需要生成一个用作256位加密密钥的伪随机字节串，请求的长度将为32(32位= 256位)。

$encryption_key_256bit = base64_encode(openssl_random_pseudo_bytes(32));

2.2 现在我们有了关键，我们将创建加密功能。我们将把要编码的数据和我们的密钥传递给该函数。除了我们的密钥，还有一个二次随机字符串，我们将创建和使用称为 初始化向量 (IV)，有助于加强加密。

function my_encrypt($data, $key) {

// Remove the base64 encoding from our key

$encryption_key = base64_decode($key);

// Generate an initialization vector

$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));

// Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector.

$encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);

// The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)

return base64_encode($encrypted . '::' . $iv);

}

2.3 现在为解密功能：

function my_decrypt($data, $key) {

// Remove the base64 encoding from our key

$encryption_key = base64_decode($key);

// To decrypt, split the encrypted data from our IV - our unique separator used was "::"

list($encrypted_data, $iv) = explode('::', base64_decode($data), 2);

return openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);

}

2.4 放在一起测试

//$key is our base64 encoded 256bit key that we created earlier. You will probably store and define this key in a config file.

$key = 'bRuD5WYw5wd0rdHR9yLlM6wt2vteuiniQBqE70nAuhU=';

function my_encrypt($data, $key) {

// Remove the base64 encoding from our key

$encryption_key = base64_decode($key);

// Generate an initialization vector

$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));

// Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector.

$encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);

// The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)

return base64_encode($encrypted . '::' . $iv);

}

function my_decrypt($data, $key) {

// Remove the base64 encoding from our key

$encryption_key = base64_decode($key);

// To decrypt, split the encrypted data from our IV - our unique separator used was "::"

list($encrypted_data, $iv) = explode('::', base64_decode($data), 2);

return openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);

}

//our data to be encoded

$password_plain = 'abc123';

echo $password_plain . "
";

//our data being encrypted. This encrypted data will probably be going into a database

//since it's base64 encoded, it can go straight into a varchar or text database field without corruption worry

$password_encrypted = my_encrypt($password_plain, $key);

echo $password_encrypted . "
";

//now we turn our encrypted data back to plain text

$password_decrypted = my_decrypt($password_encrypted, $key);

echo $password_decrypted . "
";

2.5 上面的代码将输出以下内容。请注意，由于我们的初始化向量，每次运行代码时，中间的加密字符串将会更改：

abc123

K3gzWkxySUd6VkgvQTNJUUtZMjV2UT09Ojpia3sh1zglO3DYodw84855

abc123