Modules and Algorithms
Mcrypt mainly uses the Mcrypt tool to perform encryption operations, so in CentOS or other operating systems, we need to install libmcrypt-devel to use this extension . If it cannot be installed in yum, just update the yum source directly.
Mcrypt contains many modules and algorithms. There is no need to explain the algorithm, it is the method used to encrypt data. The modules, including CBC, OFB, CFB and ECB, are a series of grouping and stream encryption modes. There are recommended modules and safe modules. For specific distinctions, you can check the relevant information by yourself. Here we Let's first take a look at the modules and algorithms supported in our environment.
$algorithms = @mcrypt_list_algorithms(); print_r($algorithms); // Array // ( // [0] => cast-128 // [1] => gost // [2] => rijndael-128 // [3] => twofish // [4] => arcfour // [5] => cast-256 // [6] => loki97 // [7] => rijndael-192 // [8] => saferplus // [9] => wake // [10] => blowfish-compat // [11] => des // [12] => rijndael-256 // [13] => serpent // [14] => xtea // [15] => blowfish // [16] => enigma // [17] => rc2 // [18] => tripledes // ) $modes = @mcrypt_list_modes(); print_r($modes); // Array // ( // [0] => cbc // [1] => cfb // [2] => ctr // [3] => ecb // [4] => ncfb // [5] => nofb // [6] => ofb // [7] => stream // )
mcrypt_list_algorithms() function can obtain all supported Mcrypt algorithms in the current environment. And mcrypt_list_modes() prints out all supported modules in the current environment. Note that in some versions of PHP or in some systems, these contents will be different. When using Mcrypt-related encryption capabilities, these two items are used in conjunction with each other. Therefore, it is necessary for us to pre-determine the modules and algorithms supported in the current environment in the environment where Mcrypt needs to be run.
Encryption and decryption of data
$key = hash('sha256', 'secret key', true); $input = json_encode(['id'=>1, 'data'=>'Test mcrypt!']); $td = @mcrypt_module_open('rijndael-128', '', 'cbc', ''); $iv = @mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_URANDOM); @mcrypt_generic_init($td, $key, $iv); $encrypted_data = @mcrypt_generic($td, $input); @mcrypt_generic_deinit($td); @mcrypt_module_close($td); echo $encrypted_data, PHP_EOL; // ��I $�3���gE�ǣu(�9n����� // p�>P $td = @mcrypt_module_open('rijndael-128', '', 'cbc', ''); @mcrypt_generic_init($td, $key, $iv); $data = @mdecrypt_generic($td, $encrypted_data); echo $data, PHP_EOL; // {"id":1,"data":"Test mcrypt!"} @mcrypt_generic_deinit($td); @mcrypt_module_close($td);
The code is quite large and messy, let’s look at it piece by piece.
First we determine an encrypted key, and then the input is the data we want to encrypt. For example, we want to encrypt a json data. This key can actually be a string, but we have also hashed the key here. We have already explained the hash-related content in detail in the previous article.
The next step is to use mcrypt_module_open() to open an encryption module handle. Here we use the rijndael-128 algorithm and the cbc module. Then use mcrypt_create_iv() to create an iv. This iv is an initialization vector. The value of the initialization vector varies depending on the cryptographic algorithm. The most basic requirement is "uniqueness", which means that the same key does not reuse the same initialization vector. This feature is very important in both block cipher and stream cipher. I believe that if you have done interface communication related to WeChat or Alipay, you will definitely have seen this iv attribute when decrypting verification data.
Use mcrypt_generic() to generate the encryption result, use mcrypt_generic_deinit() to end the generation initialization, and finally close the encryption module handle through mcrypt_module_close(). In this way, a set of Mcrypt encryption process is completed.
Similarly, the decryption process and encryption process are similar, except that we use the mdecrypt_generic() function to decrypt.
Another way to encrypt and decrypt data
The above encryption process is very troublesome and complicated. In fact, Mcrypt also provides a simpler encryption function.
$string = 'Test MCrypt2'; $algorithm = 'rijndael-128'; $key = md5( "mypassword", true); $iv_length = @mcrypt_get_iv_size( $algorithm, MCRYPT_MODE_CBC ); $iv = @mcrypt_create_iv( $iv_length, MCRYPT_RAND ); $encrypted = @mcrypt_encrypt( $algorithm, $key, $string, MCRYPT_MODE_CBC, $iv ); $result = @mcrypt_decrypt( $algorithm, $key, $encrypted, MCRYPT_MODE_CBC, $iv ); echo $encrypted, PHP_EOL; // \<�`�U��Uf)�Y echo $result, PHP_EOL; // Test MCrypt2
We still need to prepare the data, algorithm, key, and iv vector to be encrypted. Then just use mcrypt_encrypt() and mcrypt_decrypt() directly to perform encryption/decryption. Isn’t it much more convenient?
Summary
Compared to Hash, Mcrypt is a decryptable symmetric encryption form. Regarding what symmetric and asymmetric encryption are, we will explain in detail in the study of OpenSSL extensions. Hash encryption is a one-way encryption form, and the original data cannot be obtained by reverse calculation of the encrypted data. They all have different application scenarios, but as PHP prompts, Mcrypt is no longer a recommended extension, so we just simply performed encryption/decryption tests here. If you are useful, you can Learn more deeply with the manual.
Test code:
https://github.com/zhangyue0503/dev-blog/blob/master/php/202007/source/PHP%E7%9A%84Mcrypt%E5%8A%A0%E5%AF%86%E6%89%A9%E5%B1%95%E7%9F%A5%E8%AF%86%E4%BA%86%E8%A7%A3.php