1) The mcrypt module has been deprecated with PHP 7.1.
What does that mean for the encryption filters?
2) deriving the IV from the secret passphrase seems wrong. This leaks information about the passphrase without need.
3) using md5() for this? Really? hash() has been available since PHP 5.1.2.
4) hashing the passphrase twice does not add any security.
5) using substr() on binary data (why, oh why, is true passed to md5()?) might lead to headaches if mbstring.func_overload is used.
PHP - Manual: 加密过滤器
2024-04-24
加密过滤器
加密过滤器特别适用于文件/数据流的加密。
mcrypt.* 和 mdecrypt.*
警告
本特性已自 PHP 7.1.0 起废弃。强烈建议不要使用本特性。
mcrypt.* 和
mdecrypt.* 使用 libmcrypt 提供了对称的加密和解密。这两组过滤器都支持
mcrypt 扩展库中相同的算法,格式为
mcrypt.ciphername,其中
ciphername 是密码的名字,将被传递给
mcrypt_module_open()。有以下五个过滤器参数可用:
| 参数 | 是否必须 | 默认值 | 取值举例 |
|---|---|---|---|
| mode | 可选 | cbc | cbc, cfb, ecb, nofb, ofb, stream |
| algorithms_dir | 可选 | ini_get('mcrypt.algorithms_dir') | algorithms 模块的目录 |
| modes_dir | 可选 | ini_get('mcrypt.modes_dir') | modes 模块的目录 |
| iv | 必须 | N/A | 典型为 8,16 或 32 字节的二进制数据。根据密码而定 |
| key | 必须 | N/A | 典型为 8,16 或 32 字节的二进制数据。根据密码而定 |
示例 #1 用 Blowfish 算法加解密
<?php
// 假设之前已经生成了 $key
$iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM);
$fp = fopen('encrypted-file.enc', 'wb');
fwrite($fp, $iv);
$opts = array('mode'=>'cbc','iv'=>$iv, 'key'=>$key);
stream_filter_append($fp, 'mcrypt.blowfish', STREAM_FILTER_WRITE, $opts);
fwrite($fp, 'message to encrypt');
fclose($fp);
// 解密
$fp = fopen('encrypted-file.enc', 'rb');
$iv = fread($fp, $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC));
$opts = array('mode'=>'cbc','iv'=>$iv, 'key'=>$key)
stream_filter_append($fp, 'mdecrypt.blowfish', STREAM_FILTER_READ, $opts);
$data = rtrim(stream_get_contents($fp));//trims off null padding
fclose($fp);
echo $data;
?>
示例 #2 将文件以 SHA256 HMAC 的 AES-128 CBC 加密
<?php
AES_CBC::encryptFile($password, "plaintext.txt", "encrypted.enc");
AES_CBC::decryptFile($password, "encrypted.enc", "decrypted.txt");
class AES_CBC
{
protected static $KEY_SIZES = array('AES-128'=>16,'AES-192'=>24,'AES-256'=>32);
protected static function key_size() { return self::$KEY_SIZES['AES-128']; } //default AES-128
public static function encryptFile($password, $input_stream, $aes_filename){
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$fin = fopen($input_stream, "rb");
$fc = fopen($aes_filename, "wb+");
if (!empty($fin) && !empty($fc)) {
fwrite($fc, str_repeat("_", 32) );//placeholder, SHA256 HMAC will go here later
fwrite($fc, $hmac_salt = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM));
fwrite($fc, $esalt = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM));
fwrite($fc, $iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM));
$ekey = hash_pbkdf2("sha256", $password, $esalt, $it=1000, self::key_size(), $raw=true);
$opts = array('mode'=>'cbc', 'iv'=>$iv, 'key'=>$ekey);
stream_filter_append($fc, 'mcrypt.rijndael-128', STREAM_FILTER_WRITE, $opts);
$infilesize = 0;
while (!feof($fin)) {
$block = fread($fin, 8192);
$infilesize+=strlen($block);
fwrite($fc, $block);
}
$block_size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$padding = $block_size - ($infilesize % $block_size);//$padding is a number from 1-16
fwrite($fc, str_repeat(chr($padding), $padding) );//perform PKCS7 padding
fclose($fin);
fclose($fc);
$hmac_raw = self::calculate_hmac_after_32bytes($password, $hmac_salt, $aes_filename);
$fc = fopen($aes_filename, "rb+");
fwrite($fc, $hmac_raw);//overwrite placeholder
fclose($fc);
}
}
public static function decryptFile($password, $aes_filename, $out_stream) {
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$hmac_raw = file_get_contents($aes_filename, false, NULL, 0, 32);
$hmac_salt = file_get_contents($aes_filename, false, NULL, 32, $iv_size);
$hmac_calc = self::calculate_hmac_after_32bytes($password, $hmac_salt, $aes_filename);
$fc = fopen($aes_filename, "rb");
$fout = fopen($out_stream, 'wb');
if (!empty($fout) && !empty($fc) && self::hash_equals($hmac_raw,$hmac_calc)) {
fread($fc, 32+$iv_size);//skip sha256 hmac and salt
$esalt = fread($fc, $iv_size);
$iv = fread($fc, $iv_size);
$ekey = hash_pbkdf2("sha256", $password, $esalt, $it=1000, self::key_size(), $raw=true);
$opts = array('mode'=>'cbc', 'iv'=>$iv, 'key'=>$ekey);
stream_filter_append($fc, 'mdecrypt.rijndael-128', STREAM_FILTER_READ, $opts);
while (!feof($fc)) {
$block = fread($fc, 8192);
if (feof($fc)) {
$padding = ord($block[strlen($block) - 1]);//assume PKCS7 padding
$block = substr($block, 0, 0-$padding);
}
fwrite($fout, $block);
}
fclose($fout);
fclose($fc);
}
}
private static function hash_equals($str1, $str2) {
if(strlen($str1) == strlen($str2)) {
$res = $str1 ^ $str2;
for($ret=0,$i = strlen($res) - 1; $i >= 0; $i--) $ret |= ord($res[$i]);
return !$ret;
}
return false;
}
private static function calculate_hmac_after_32bytes($password, $hsalt, $filename) {
static $init=0;
$init or $init = stream_filter_register("user-filter.skipfirst32bytes", "FileSkip32Bytes");
$stream = 'php://filter/read=user-filter.skipfirst32bytes/resource=' . $filename;
$hkey = hash_pbkdf2("sha256", $password, $hsalt, $iterations=1000, 24, $raw=true);
return hash_hmac_file('sha256', $stream, $hkey, $raw=true);
}
}
class FileSkip32Bytes extends php_user_filter
{
private $skipped=0;
function filter($in, $out, &$consumed, $closing) {
while ($bucket = stream_bucket_make_writeable($in)) {
$outlen = $bucket->datalen;
if ($this->skipped<32){
$outlen = min($bucket->datalen,32-$this->skipped);
$bucket->data = substr($bucket->data, $outlen);
$bucket->datalen = $bucket->datalen-$outlen;
$this->skipped+=$outlen;
}
$consumed += $outlen;
stream_bucket_append($out, $bucket);
}
return PSFS_PASS_ON;
}
}
class AES_128_CBC extends AES_CBC {
protected static function key_size() { return self::$KEY_SIZES['AES-128']; }
}
class AES_192_CBC extends AES_CBC {
protected static function key_size() { return self::$KEY_SIZES['AES-192']; }
}
class AES_256_CBC extends AES_CBC {
protected static function key_size() { return self::$KEY_SIZES['AES-256']; }
}
add a note
User Contributed Notes 2 notes
Uwe Ohse ¶
5 years ago
Maarten Bodewes ¶
4 years ago
The examples on this page should be destroyed with utmost urgency.
Strangely most people will fall over the use of generating the IV and 3DES key using MD5, a weak hash function, e.g. the previous note and CryptoFails blog.
http://www.cryptofails.com/post/70059608390/php-documentation-woes
A password based key derivation function should be used (bcrypt, PBKDF2).
However the use of MD-5 for key derivation however isn't that bad and if the password is strong enough (it usually isn't) then the generated DES ABC key is strong enough even now.
Using an identical IV for each password means that this function directly leaks information about the encrypted file. If the start of two encrypted files is identical then this function will directly leak information. For instance, if the routine encrypts multiple images then the JPEG header would be easily distinguished.
All in all these examples use deprecated routines (mcrypt), deprecated cryptographic functions (MD5 / DES) and then incorrectly perform the actual encryption. Enough reason to destroy them in the first place.
IT
PHP
编程语言
Linux
科技
开发编程
Elasticsearch
HTML/CSS/XML
网络
JAVA
NoSQL
C/C++
面试
Golang
数据库
Git
算法
正则表达式
操作系统
Redis
互联网
MySql
JavaScript
运维
软件
架构设计
Mac OS
TCP/IP
国际
Excel
Vim
Windows
Socket
Oracle
VR
MongoDB
运营
Python
MemCache
商业
硬件
电子
设计
nginx
娱乐
摄影
游戏
WordPress
HTTP
团建
数码电器
广告
广告
php7 安装fileinfo扩展
preg_split — 通过一个正则表达式分隔字符串
[PHP] inet_pton/inet_ntop IP地址转换函数
php位值,解决 PHP 中 usort 在值相同时改变原始位置的问题
PHPMailer设置utf8 PHPMailer字符集CharSet
如何在Composer中为GitLab实例设置访问令牌
array_multisort() 多字段排序
laravel框架查看sql语句方式
[原创]诡异的php-fpm超时问题
PHP获取指定函数定义在哪个文件中及行号
利用php soap实现web service
PHP-FPM进程数的设定
php设置cookie为httponly防止xss攻击
PHP5 扩展SOAP 调用 webservice
PHP7添加redis扩展
利用PHP SOAP实现WEB SERVICE
纯php实现DES以及TripleDES加密算法
PHPstorm 里面Terminal 不能使用 esc键吗退出编辑模式吗
Composer的Packagist资源
php扩展开发