Detailed analysis of the usage of PHP encryption and decryption function authcode_PHP tutorial

Core tip: Kangsheng's authcode function can be said to have made a significant contribution to China's PHP community. Including Kangsheng's own products, as well as most Chinese companies using PHP, use this function for encryption. Authcode uses XOR operations for encryption and decryption.

Kangsheng’s authcode function can be said to have made a significant contribution to the PHP community in China. Including Kangsheng's own products, as well as most Chinese companies using PHP, use this function for encryption. Authcode uses XOR operations for encryption and decryption.

The principle is as follows, if:

Encryption

Clear text: 1010 1001

Key: 1110 0011

Ciphertext: 0100 1010

The ciphertext is 0100 1010. For decryption, just XOR it with the key

Decryption

Ciphertext: 0100 1010

Key: 1110 0011

Plaintext: 1010 1001

There is no sophisticated algorithm , the key is very important, so the key lies in how to generate the key.

Let’s take a look at how Kangsheng’s authcode is done.

Copy the code The code is as follows:

// Parameter explanation
// $string: plain text or cipher text
// $operation: DECODE means decryption, others means encryption
// $key: secret key
// $expiry: ciphertext validity period
function authcode($string, $operation = 'DECODE', $key = '', $expiry = 0) {
// Dynamic key length, the same plaintext will Generating different ciphertexts relies on dynamic keys.

// Key a will participate in encryption and decryption
$keya = md5(substr($key, 0, 16));
// Key b will be used for data integrity verification
$keyb = md5(substr($key, 16, 16));
// Key c is used to change the generated ciphertext
$keyc = $ckey_length ? ($operation == 'DECODE ' ? substr($string, 0, $ckey_length):
substr(md5(microtime()), -$ckey_length)) : '';
// Key involved in the operation
$cryptkey = $keya.md5($keya.$keyc);
$key_length = strlen($cryptkey);
// Plain text, the first 10 digits are used to save the timestamp, and verify the data validity when decrypting, 10 to 26 The bit is used to save $keyb (key b). This key will be used to verify data integrity during decryption.
// If it is decoding, it will start from the $ckey_length bit because the $ckey_length bit before the ciphertext saves the dynamic Key to ensure correct decryption
$string = $operation == 'DECODE' ? base64_decode(substr($string, $ckey_length)) :
sprintf('%010d', $expiry ? $expiry + time () : 0).substr(md5($string.$keyb), 0, 16).$string;
$string_length = strlen($string);
$result = '';
$ box = range(0, 255);
$rndkey = array();
// Generate key book
for($i = 0; $i <= 255; $i++) {
         $rndkey[$i] = ord($cryptkey[$i % $key_length]);                                                                                                                   In fact, the pair will not increase the strength of the ciphertext.
for($j = $i = 0; $i < 256; $i++) {
$j = ($j + $box[$i] + $rndkey[$i]) % 256; = $tmp;                                                                                                ($a + 1) % 256;
$j = ($j + $box[$a]) % 256; ] = $box[$j];                                                                                                                                 chr(ord($string[$i]) ^ ($box[($box[$a] + $box[$j]) % 256])); 
 }
if($operation == 'DECODE') {
// substr($result, 0, 10) == 0 Verify data validity
// substr($result, 0, 10) - time() > 0 Verify data validity
// substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16) Verify data integrity
                                                                                                                                                                                > 0) &&
substr($result, 10, 16) == substr(md5(substr($result, 26).$keyb), 0, 16)) {
return substr($result, 26); 
                                                           Production is different The reason why the ciphertext can be decrypted                                                                                                                    base64_encode($result));
} }
}





http://www.bkjia.com/PHPjc/824910.html

www.bkjia.com

true

http: //www.bkjia.com/PHPjc/824910.htmlTechArticleCore tip: Kangsheng’s authcode function can be said to have made a significant contribution to the Chinese PHP community. Including Kangsheng's own products, as well as most Chinese companies using PHP, use this function...