苦苦于在数据库字段中存储加密信息
[英]Struggling to store encrypted info in database field
问题描述
I'm having huge problems storing encrypted info in a mysql database, engine mySam 
我在mysql数据库中存储加密信息存在很大问题,引擎mySam
I encrypt the info like this: 我加密这样的信息:
function in($plaintext) {
$cipher = 'rijndael-256';
$mode = 'cbc';
$key = 'key';
$td = mcrypt_module_open($cipher, '', $mode, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$crypttext = mcrypt_generic($td, $plaintext);
mcrypt_generic_deinit($td);
return $iv.$crypttext;
}
The data is then stored in a blob. 然后将数据存储在blob中。 When i come to derypt the info it appears that around 10% of the time it has been corrupted due to storage in the database. 当我来解密信息时,由于存储在数据库中,大约有10%的时间它已被破坏。
I can verify it the database is the problem as i have run scripts to mass encrypt and decrypt the data without issues. 我可以验证它是数据库是问题,因为我已经运行脚本来大规模加密和解密数据没有问题。
Any ideas? 有任何想法吗? Thanks in advance... 提前致谢...
[edit decryption routine] [编辑解密程序]
function decrypt($crypttext)
{
$cipher = 'rijndael-256';
$mode = 'cbc';
$key = '$key';
$plaintext = '';
$td = mcrypt_module_open($cipher, '', $mode, '');
$ivsize = mcrypt_enc_get_iv_size($td);
$iv = substr($crypttext, 0, $ivsize);
$crypttext = substr($crypttext, $ivsize);
if ($iv)
{
mcrypt_generic_init($td, $key, $iv);
$plaintext = mdecrypt_generic($td, $crypttext);
}
return $plaintext;
}
2 个解决方案
解决方案1
2 已采纳 2012-05-16 17:34:48
i highly doubt you've come across a mysql database bug... "corrupted" how? 我非常怀疑你遇到了一个mysql数据库错误......“已损坏”如何? Can we see your decryption routine and test script? 我们能看到你的解密例程和测试脚本吗? It's not just block-size padding you've run into? 这不仅仅是你遇到的块大小的填充吗?
Padding: crypt algos generally work on blocks of data (aes using 128 bits) - input (and thus output!) data will be padded to this length, and you need to store the entire padded output string - and possibly the length of you non-padded input, if your input data is pf a form where padding can't be determined & removed automatically after decryption. 填充:crypt algos通常用于数据块(使用128位) - 输入(因而输出!)数据将被填充到此长度,您需要存储整个填充的输出字符串 - 可能还有非长度-padded输入,如果您的输入数据是填充无法在解密后自动确定和删除的形式。
解决方案2
0 2012-05-16 19:37:44
Securing plaintext passwords in MySQL is not a good idea...also why not use SHA1, or MD5 hash...you are going to get more consice responses, then change the algo as you see fit. 在MySQL中保护明文密码并不是一个好主意...也为什么不使用SHA1或MD5哈希...你会得到更多的反应,然后根据你的需要改变算法。
Basically 基本上
SELECT SHA1("SecretPassword") will = 08cd923367890009657eab812753379bdb321eeb or blabityboo SELECT SHA1(“SecretPassword”)将= 08cd923367890009657eab812753379bdb321eeb或blabityboo
SHA1 will store to 40 characterse, which means you should probably change your data type from BLOB to varchar, or nvarchar() <---probably varchar... SHA1将存储为40个字符,这意味着您可能应该将数据类型从BLOB更改为varchar,或者nvarchar()<---可能是varchar ...
without the construction of your algorithm we cannot tell how long the field is going to be, hence the remark about padding. 如果没有算法的构造,我们无法判断字段的长度,因此有关填充的注释。
When you select the pass using SELECT CHARACTER_LENGTH("SecretPassword") you will get the length of the encrypted field. 使用SELECT CHARACTER_LENGTH(“SecretPassword”)选择传递时,您将获得加密字段的长度。 and then you can create the appropriate constraints. 然后你可以创建适当的约束。
Hope this helps. 希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.