I am trying to come up with a way to have PHP encrypt a file. I used to just use a PHP system call to run a script that encoded the file:
#!/bin/sh
/usr/bin/openssl aes-256-cbc -a -salt -k $1 -in $2
Argument 1 was the password to use and argument 2 is the data. I then use a second script on a computer to de-crypt the file.
#!/bin/sh
/usr/bin/openssl aes-256-cbc -a -d -salt -k $1 -in $2
This method of encrypting 开发者_Go百科will not work on a production host as the PHP system call is disabled. I also would prefer not the change the decode function if at all possible.
Is there a way to replicate the above encrypt function using only PHP?
Take a look at mcyrpt_encrypt()
:
string mcrypt_encrypt ( string $cipher , string $key , string $data ,
string $mode [, string $iv ] )
Set $cipher
to MCRYPT_RIJNDAEL_128
(AES-128), and $mode
to MCRYPT_MODE_CBC
.
Then use base64_encode()
to generate a base-64 encoded output (ie: what the -a
option
does).
openssl derives the key and IV as follows:
Key = MD5(Password + Salt)
IV = MD5(Key + Password + Salt)
Where Salt
is a 8 byte salt. With this in mind, I created simple encrypt()
and decrypt()
routines:
function ssl_encrypt($pass, $data) {
$salt = substr(md5(mt_rand(), true), 8);
$key = md5($pass . $salt, true);
$iv = md5($key . $pass . $salt, true);
$ct = mcrypt_encrypt (MCRYPT_RIJNDAEL_128, $key, $data,
MCRYPT_MODE_CBC, $iv);
return base64_encode('Salted__' . $salt . $ct);
}
function ssl_decrypt($pass, $data) {
$data = base64_decode($data);
$salt = substr($data, 8, 8);
$ct = substr($data, 16);
$key = md5($pass . $salt, true);
$iv = md5($key . $pass . $salt, true);
$pt = mcrypt_decrypt (MCRYPT_RIJNDAEL_128, $key, $ct,
MCRYPT_MODE_CBC, $iv);
return $pt;
}
The parameter $data
takes the string to be encrypted. If you want to encrypt a file, you'll have to get it via file_get_contents()
or similar and then give that to the function.
Usage:
echo ssl_encrypt('super secret key', 'Hello World');
Generates something like (will change every time because of the random salt):
U2FsdGVkX18uygnq8bZYi6f62FzaeAnyB90U6v+Pyrk=
As stated above in the comments padding is necessary to make this work. The function below will make a file that can be decrypted on the command line like this:
openssl enc -d -aes-256-cbc -a -salt -in test.txt
The test.txt file is created from the output of the ssl_encrypt function below.
function ssl_encrypt($pass, $data)
{
// Set a random salt
$salt = substr(md5(mt_rand(), true), 8);
$block = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$pad = $block - (strlen($data) % $block);
$data = $data . str_repeat(chr($pad), $pad);
// Setup encryption parameters
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, "", MCRYPT_MODE_CBC, "");
$key_len = mcrypt_enc_get_key_size($td);
$iv_len = mcrypt_enc_get_iv_size($td);
$total_len = $key_len + $iv_len;
$salted = '';
$dx = '';
// Salt the key and iv
while (strlen($salted) < $total_len)
{
$dx = md5($dx.$pass.$salt, true);
$salted .= $dx;
}
$key = substr($salted,0,$key_len);
$iv = substr($salted,$key_len,$iv_len);
mcrypt_generic_init($td, $key, $iv);
$encrypted_data = mcrypt_generic($td, $data);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return chunk_split(base64_encode('Salted__' . $salt . $encrypted_data),32,"\r\n");
}
Example Usage:
$plainText = "Secret Message";
$password = "SecretPassword";
$test = ssl_encrypt($password, $plainText);
$file = fopen('test.txt', 'wb');
// Write the Base64 encrypted output to a file.
fwrite($file, $test);
fclose($file);
// Show the output on the screen
echo $test;
References: http://juan.boxfi.com/2010/03/16/write-openssl-files-in-php/
Perhaps PHP's OpenSSL library?
精彩评论