Encrypting (large) files in PHP with openSSL
Question
我正在尝试使用 AES 加密 PHP 中的(大)文件并研究使用 Mcrypt 和 OpenSSL,问题是到目前为止我发现的所有解决方案都只加密字符串,而我尝试加密的文件会触发最大值PHP 的内存限制(不幸的是不能设置得更高),我将如何实现这一目标?
4 answers
solution1
4 ACCPTED 2015-06-09 20:54:57
You could use CBC encryption using Mcrypt and then encrypt a segment of data at a time. Make sure that the segment is x times the block size of the used cipher (eg 16 bytes for AES). Encrypt the segment and take the last block of the generated ciphertext and use it as IV for the next segment. The final segment should be PKCS#7 padded (plenty of examples out there including in the mcrypt_encrypt comments).
By chaining the segments together you get a ciphertext indistinguishable from a single encrypt (test your code using this information). Decryption is identical, using the ciphertext as IV. To see how it works, look at the CBC encryption method:
EDIT: if possible you should use the OpenSSL equivalent functionality. That's not (well) documented, but you should be able to do the same using the code found in the link within the comment that Scott mentioned . Note that you should first perform everything without padding, and then for the final segment with padding .
solution2
2 2016-11-10 12:04:23
I have published two functions which encrypt and decrypt even large files with the help of openssl_encrypt() using the AES-128-CBC algorithm.
Please refer to this openssl_encrypt() .
solution3
1 2015-06-09 20:55:58
Updated answer
Encrypting big files is a hard problem as its hard to verify that no "chunk" has been tampered with.
Use a library such as https://github.com/defuse/php-encryption
\\Defuse\\Crypto\\File::encryptFile( 'in.file', 'out.file', $key );
-- Old answer --
http://www.shellhacks.com/en/Encrypt-And-Decrypt-Files-With-A-Password-Using-OpenSSL
$ openssl enc -aes-256-cbc -salt -in file.txt -out file.txt.enc
to not use too much memory, you want a stream cipher. Call this in PHP with backticks `
or with shell_exec
Make sure that the variables are NOT user input (eg user cant control file.txt). generate them yourself.
Edit
As shell exec is not available
http://jeremycook.ca/2011/03/20/easy-file-encryption/
There is a solution there. Though and I can't stress this enough. Stream ciphers are hard I have not reviewed the code there fully nor do I think I am capable. Using open SSL directly is a much better option
http://php.net/manual/en/filters.encryption.php
Is the example code
solution4
-5 2015-06-09 20:54:38
Using SSL on your website would take care of it for you. Any files that are transmitted are encrypted by the client browser, and server using the HTTPS protocol.
As far as storing the encrypted versions of the files I would not recommend.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.