如何使用libsodium php用salt加密/解密密码
[英]how to encrypt / decrypt password with salt using libsodium php
问题描述
What i am trying to get is 
我想要得到的是
- encrypt a password + salt with libsodium 用libsodium加密密码+ salt
- store it to a database 将其存储到数据库
- read it and decrypt it (getting the plain password back for authentication) 读取并解密(取回普通密码进行身份验证)
I got a list of salts that i want to use to encrypt / decrypt my password. 我得到了要用于加密/解密密码的盐列表。 When i encrypt the password i get a hash back so that one seems to work but at decrypting i always get false as return value. 当我对密码进行加密时,我会得到一个散列,以便看起来似乎可以工作,但是在解密时,我总是得到false作为返回值。
Am i using the wrong methods for encrypt / decrypt with libsodium or am i completely driving in the wrong direction? 我使用错误的方法使用libsodium进行加密/解密还是完全朝错误的方向行驶?
My source for encrypt / decrypt: 我的加密/解密来源:
function encrypt_libsodium($to_encrypt, $salt_to_use){
if(!$data || !$salt_to_use){
return null;
}
//get stored salt
$this->key_ = substr(md5($this->pw_key[$salt_to_use].'_'), 0, $this->ks);
//some libsodium specific stuff
$out_len = \Sodium\CRYPTO_SIGN_SEEDBYTES;
$ops_limit = \Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE;
$mem_limit =\Sodium\CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE;
//create hash using libsodium
$hash = \Sodium\crypto_pwhash($out_len, $to_encrypt, $this->key_,$ops_limit, $mem_limit);
return $hash;
}
function decrypt_libsodium($hash, $salt_to_use){
if(!$hash || !$what){
return null;
}
//get stored salt
$this->key_ = substr(md5($this->pw_key[$salt_to_use].'_'), 0, $this->ks);
//get verification hash
$decrypted = \Sodium\crypto_pwhash_scryptsalsa208sha256_str_verify($this->key_, $hash);
return $decrypted;
}
I appreciate any help! 感谢您的帮助!
regards Dom 问候唐
2 个解决方案
解决方案1
3 2017-05-23 13:11:23
Looks like you are trying to mix many unrelated things. 看起来您正在尝试混合许多不相关的内容。 CRYPTO_SIGN_SEEDBYTES is for signatures, which has nothing to do with password hashing, crypto_pwhash doesn't use the scrypt algorithm, so the CRYPTO_PWHASH_SCRYPTSALSA208SHA256_* constants don't apply, and I'm not sure what md5() does here. CRYPTO_SIGN_SEEDBYTES用于签名,与密码哈希无关, crypto_pwhash不使用scrypt算法,因此CRYPTO_PWHASH_SCRYPTSALSA208SHA256_*常量不适用,我不确定md5()在这里做什么。 And you probably want to hash the password, not to encrypt it. 您可能希望散列密码,而不是对其进行加密。
Anyway, the crypto_pwhash_str() function does everything you need. 无论如何, crypto_pwhash_str()函数可以完成您需要的一切。 It creates a salt, hashes the password, and encodes the result (along with the salt, the algorithm and its parameters) as a string that you can directly store into the database: 它创建一个salt,对密码进行哈希处理,并将结果(连同salt,算法及其参数)编码为可以直接存储到数据库中的字符串:
$password = 'correct horse battery staple';
$h = \Sodium\crypto_pwhash_str($password,
\Sodium\CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
\Sodium\CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE);
$h is all you need to store in the database. $h是您需要存储在数据库中的全部。
Then, to verify that what you have in the database is valid for a given password: 然后,要验证数据库中的内容对于给定密码是否有效:
if (\Sodium\crypto_pwhash_str_verify($h, $password) === FALSE) {
// wrong password!
}
解决方案2
1 已采纳 2017-05-23 11:08:15
If you dont need specifically use libsodium, with this function you should be able to store the data encrypted in the database and decrypt it. 如果您不需要专门使用libsodium,则可以使用此功能将加密的数据存储在数据库中并解密。
define("ENCRYPT_METHOD", "AES-256-CBC");
define("SECRET_KEY","randomtextrandomtextforthesecretkey");
define("SECRET_IV", "randomtextforthesecretiv");
function encriptar($action, $string)
{
$output = false;
$key = hash("sha256", SECRET_KEY);
$iv = substr(hash("sha256", SECRET_IV), 0, 16);
if ($action == "encrypt")
{
$output = openssl_encrypt($string, ENCRYPT_METHOD, $key, 0, $iv);
$output = base64_encode($output);
}
else if($action == "decrypt")
{
$output = base64_decode($string);
$output = openssl_decrypt($output, ENCRYPT_METHOD, $key, 0, $iv);
}
return $output;
}
The output will be the data you will store/get to database. 输出将是您将存储/获取到数据库的数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.