Mcrypt
- 简介
- 安装/配置
- 需求
- 安装
- 运行时配置
- 资源类型
- 预定义常量
- Mcrypt 密码
- 范例
- Mcrypt 函数
- mcrypt_cbc — 以 CBC 模式加解密数据
- mcrypt_cfb — 以 CFB 模式加解密数据
- mcrypt_create_iv — 从随机源创建初始向量
- mcrypt_decrypt — 使用给定参数解密密文
- mcrypt_ecb — 已废弃:使用 ECB 模式加解密数据
- mcrypt_enc_get_algorithms_name — 返回打开的算法名称
- mcrypt_enc_get_block_size — 返回打开的算法的分组大小
- mcrypt_enc_get_iv_size — 返回打开的算法的初始向量大小
- mcrypt_enc_get_key_size — 返回打开的模式所能支持的最长密钥
- mcrypt_enc_get_modes_name — 返回打开的模式的名称
- mcrypt_enc_get_supported_key_sizes — 以数组方式返回打开的算法所支持的密钥长度
- mcrypt_enc_is_block_algorithm_mode — 检测打开的模式是否支持分组加密
- mcrypt_enc_is_block_algorithm — 检测打开模式的算法是否为分组算法
- mcrypt_enc_is_block_mode — 检测打开的模式是否以分组方式输出
- mcrypt_enc_self_test — 在打开的模块上进行自检
- mcrypt_encrypt — 使用给定参数加密明文
- mcrypt_generic_deinit — 对加密模块进行清理工作
- mcrypt_generic_end — 终止加密
- mcrypt_generic_init — 初始化加密所需的缓冲区
- mcrypt_generic — 加密数据
- mcrypt_get_block_size — 获得加密算法的分组大小
- mcrypt_get_cipher_name — 获取加密算法名称
- mcrypt_get_iv_size — 返回指定算法/模式组合的初始向量大小
- mcrypt_get_key_size — 获取指定加密算法的密钥大小
- mcrypt_list_algorithms — 获取支持的加密算法
- mcrypt_list_modes — 获取所支持的模式
- mcrypt_module_close — 关闭加密模块
- mcrypt_module_get_algo_block_size — 返回指定算法的分组大小
- mcrypt_module_get_algo_key_size — 获取打开模式所支持的最大密钥大小
- mcrypt_module_get_supported_key_sizes — 以数组形式返回打开的算法所支持的密钥大小
- mcrypt_module_is_block_algorithm_mode — 返回指定模块是否是分组加密模式
- mcrypt_module_is_block_algorithm — 检测指定算法是否为分组加密算法
- mcrypt_module_is_block_mode — 检测指定模式是否以分组方式输出
- mcrypt_module_open — 打开算法和模式对应的模块
- mcrypt_module_self_test — 在指定模块上执行自检
- mcrypt_ofb — 使用 OFB 模式加密/解密数据
- mdecrypt_generic — 解密数据
用户评论:
[#1] userp at example dot com [2015-10-07 06:25:45]
pkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkklllllllllllllllllllllllllllllllllll
[#2] simonhf at gmail dot com [2015-06-23 23:54:42]
Note that there are severe performance problems with PHP mcrypt on many CentOS versions. Please see this CentOS bug:
http://bugs.centos.org/view.php?id=8954
[#3] Anonymous [2012-02-12 22:35:15]
These are two simple functions I built for 256-bit encryption/decryption with mcrypt. I've decided to use MCRYPT_RIJNDAEL_128 because it's AES-compliant, and MCRYPT_MODE_CBC. (ECB mode is inadequate for many purposes because it does not use an IV.)
This function stores a hash of the data to verify that the data was decrypted successfully, but this could be easily removed if necessary.
<?php
function encrypt($decrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
$key = hash('SHA256', $salt . $password, true);
// Build $iv and $iv_base64. We use a block size of 128 bits (AES compliant) and CBC mode. (Note: ECB mode is inadequate as IV is not used.)
srand(); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
if (strlen($iv_base64 = rtrim(base64_encode($iv), '=')) != 22) return false;
// Encrypt $decrypted and an MD5 of $decrypted using $key. MD5 is fine to use here because it's just to verify successful decryption.
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $decrypted . md5($decrypted), MCRYPT_MODE_CBC, $iv));
// We're done!
return $iv_base64 . $encrypted;
}
function decrypt($encrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
// Build a 256-bit $key which is a SHA256 hash of $salt and $password.
$key = hash('SHA256', $salt . $password, true);
// Retrieve $iv which is the first 22 characters plus ==, base64_decoded.
$iv = base64_decode(substr($encrypted, 0, 22) . '==');
// Remove $iv from $encrypted.
$encrypted = substr($encrypted, 22);
// Decrypt the data. rtrim won't corrupt the data because the last 32 characters are the md5 hash; thus any \0 character has to be padding.
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($encrypted), MCRYPT_MODE_CBC, $iv), "\0\4");
// Retrieve $hash which is the last 32 characters of $decrypted.
$hash = substr($decrypted, -32);
// Remove the last 32 characters from $decrypted.
$decrypted = substr($decrypted, 0, -32);
// Integrity check. If this fails, either the data is corrupted, or the password/salt was incorrect.
if (md5($decrypted) != $hash) return false;
// Yay!
return $decrypted;
}
?>
[#4] ysfbauchi at yahoo dot com [2011-02-19 22:25:37]
//This is a des, 3des, aes and gost encryption program i wrote using php for my assignment
<?php
if (isset($_REQUEST['select'])) {
$choice = $_POST['select'];
$mykey = $_POST['mykey'];
$msg = $_POST['plain'];
} else {
die("algorithm not selected");
}
if ($msg == ''){
die("Please enter a text to encrypt! ");
}
if ($mykey == ''){
die("Please enter a key! ");
}
function algorithmdetails($cipher)
{
$chiphername = mcrypt_enc_get_algorithms_name($cipher);
$blocksize = mcrypt_enc_get_block_size($cipher);
$mykeysize = mcrypt_enc_get_supported_key_sizes($cipher);
echo "<p><b>Cipher Name :</b> $chiphername";
echo "<p><b>Block size :</b> $blocksize bytes";
echo "<p><b>Key size :</b> ";
foreach ($mykeysize as $value)
{
echo "$value bytes ";
}unset($value);
}
function encryptnow($thecipher, $thekey, $themsg)
{
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($thecipher), MCRYPT_DEV_RANDOM);
mcrypt_generic_init($thecipher, $thekey, $iv);
$encrypted_text = mcrypt_generic($thecipher, $themsg);
echo "<html><hr size='2' ></html>";
echo "<P><P><b>Plain Text : </b>";
echo($themsg);
echo "<p><b>Cipher Text : </b> ";
echo "$encrypted_text";
mcrypt_generic_deinit($thecipher);
mcrypt_module_close($thecipher);
die();
}
if ($choice == '1'){
$cipher = mcrypt_module_open (MCRYPT_DES, '', 'ecb', '');
algorithmdetails($cipher);
encryptnow($cipher, $mykey, $msg);
}elseif ($choice == '2'){
$cipher = mcrypt_module_open (MCRYPT_3DES, '', 'ecb', '');
algorithmdetails($cipher);
encryptnow($cipher, $mykey, $msg);
}elseif ($choice == '3'){
$cipher = mcrypt_module_open (MCRYPT_RIJNDAEL_128, '', 'ecb', '');
algorithmdetails($cipher);
encryptnow($cipher, $mykey, $msg);
}elseif ($choice == '4'){
$cipher = mcrypt_module_open (MCRYPT_GOST, '', 'ecb', '');
algorithmdetails($cipher);
encryptnow($cipher, $mykey, $msg);
}else {
die("Please choose an algorithm!");
}
?>
[#5] ghoffman at salientdigital dot com [2010-11-23 13:23:41]
If you want a quick way to see what ciphers, modes, key, block and iv sizes are supported on your server, try something like the following.
Note: I used this simple bash: `locate libmcrypt` from terminal on Mac OS X to determine the install paths to the algorithms and modes directories. Lots of function calls generate warnings for certain ciphers, hence the use of error suppression.
<?php
$modes = mcrypt_list_modes();
$algorithms = mcrypt_list_algorithms();
foreach($algorithms as $cipher)
{
echo "<h1 style=\"border-top:1px solid black;\">".$cipher."</h1>\n";
foreach($modes as $mode)
{
echo "<h3>".$mode."</h3>\n";
@$td = mcrypt_module_open(
$cipher,
'/usr/local/libmcrypt-2.5.8/modules/algorithms/',
$mode,
'/usr/local/libmcrypt-2.5.8/modules/modes/');
@$key_size = mcrypt_enc_get_key_size($td);
@$block_size = mcrypt_get_block_size($cipher,$mode);
@$iv_size = mcrypt_get_iv_size($cipher, $mode);
@mcrypt_module_close($td);
echo "
<pre>
key_size: ". ($key_size?$key_size:'n/a')
." block_size: ". ($block_size?$block_size:'n/a')
." iv_size: ". ($iv_size?$iv_size:'n/a')
." </pre>\n";
$td=NULL;
$key_size=NULL;
$block_size=NULL;
$iv_size=NULL;
}
}
?>
[#6] Maarten Malaise [2010-04-11 05:38:36]
people using phpmyadmin are redirected to this manual if they don't have mcrypt installed. If you want to install mcrypt on debian, first check your php version:
yourserver# php --version
Then install the appropriate version of mcrypt (php5-mcrypt if your php version is 5.x)
yourserver# apt-get install php4-mcrypt
...or...
yourserver# apt-get install php5-mcrypt