堆棧內存溢出
  簡體   English   中英

如何在PHP中的GET請求中傳遞加密的字符串?

[英]How to pass encrypted string in GET request in php?

 原文  2017-02-12 16:24:45       php/ http/ encryption/ hash/ cryptography

問題描述

我正在使用以下類加密字符串(使用繼承) 

class UnsafeCrypto {

const METHOD = 'aes-256-ctr';

/**
 * Encrypts (but does not authenticate) a message
 * 
 * @param string $message - plaintext message
 * @param string $key - encryption key (raw binary expected)
 * @param boolean $encode - set to TRUE to return a base64-encoded 
 * @return string (raw binary)
 */
public static function encrypt($message, $key, $encode = false)
{
    $nonceSize = openssl_cipher_iv_length(self::METHOD);
    $nonce = openssl_random_pseudo_bytes($nonceSize);

    $ciphertext = openssl_encrypt(
        $message,
        self::METHOD,
        $key,
        OPENSSL_RAW_DATA,
        $nonce
    );

    // Now let's pack the IV and the ciphertext together
    // Naively, we can just concatenate
    if ($encode) {
        return base64_encode($nonce.$ciphertext);
    }
    return $nonce.$ciphertext;
}

/**
 * Decrypts (but does not verify) a message
 * 
 * @param string $message - ciphertext message
 * @param string $key - encryption key (raw binary expected)
 * @param boolean $encoded - are we expecting an encoded string?
 * @return string
 */
public static function decrypt($message, $key, $encoded = false)
{
    if ($encoded) {
        $message = base64_decode($message, true);
        if ($message === false) {
            throw new Exception('Encryption failure');
        }
    }

    $nonceSize = openssl_cipher_iv_length(self::METHOD);
    $nonce = mb_substr($message, 0, $nonceSize, '8bit');
    $ciphertext = mb_substr($message, $nonceSize, null, '8bit');

    $plaintext = openssl_decrypt(
        $ciphertext,
        self::METHOD,
        $key,
        OPENSSL_RAW_DATA,
        $nonce
    );

    return $plaintext;
 }
}

繼承如下所述的類。 

class SaferCrypto extends UnsafeCrypto {
const HASH_ALGO = 'sha256';

/**
 * Encrypts then MACs a message
 * 
 * @param string $message - plaintext message
 * @param string $key - encryption key (raw binary expected)
 * @param boolean $encode - set to TRUE to return a base64-encoded string
 * @return string (raw binary)
 */
public static function encrypt($message, $key, $encode = false)
{
    list($encKey, $authKey) = self::splitKeys($key);

    // Pass to UnsafeCrypto::encrypt
    $ciphertext = parent::encrypt($message, $encKey);

    // Calculate a MAC of the IV and ciphertext
    $mac = hash_hmac(self::HASH_ALGO, $ciphertext, $authKey, true);

    if ($encode) {
        return base64_encode($mac.$ciphertext);
    }
    // Prepend MAC to the ciphertext and return to caller
    return $mac.$ciphertext;
}

/**
 * Decrypts a message (after verifying integrity)
 * 
 * @param string $message - ciphertext message
 * @param string $key - encryption key (raw binary expected)
 * @param boolean $encoded - are we expecting an encoded string?
 * @return string (raw binary)
 */
public static function decrypt($message, $key, $encoded = false)
{
    list($encKey, $authKey) = self::splitKeys($key);
    if ($encoded) {
        $message = base64_decode($message, true);
        if ($message === false) {
            throw new Exception('Encryption failure');
        }
    }

    // Hash Size -- in case HASH_ALGO is changed
    $hs = mb_strlen(hash(self::HASH_ALGO, '', true), '8bit');
    $mac = mb_substr($message, 0, $hs, '8bit');

    $ciphertext = mb_substr($message, $hs, null, '8bit');

    $calculated = hash_hmac(
        self::HASH_ALGO,
        $ciphertext,
        $authKey,
        true
    );

    if (!self::hashEquals($mac, $calculated)) {
        throw new Exception('Encryption failure');
    }

    // Pass to UnsafeCrypto::decrypt
    $plaintext = parent::decrypt($ciphertext, $encKey);

    return $plaintext;
}

/**
 * Splits a key into two separate keys; one for encryption
 * and the other for authenticaiton
 * 
 * @param string $masterKey (raw binary)
 * @return array (two raw binary strings)
 */
protected static function splitKeys($masterKey)
{
    // You really want to implement HKDF here instead!
    return [
        hash_hmac(self::HASH_ALGO, 'ENCRYPTION', $masterKey, true),
        hash_hmac(self::HASH_ALGO, 'AUTHENTICATION', $masterKey, true)
    ];
}

/**
 * Compare two strings without leaking timing information
 * 
 * @param string $a
 * @param string $b
 * @ref https://paragonie.com/b/WS1DLx6BnpsdaVQW
 * @return boolean
 */
protected static function hashEquals($a, $b)
{
    if (function_exists('hash_equals')) {
        return hash_equals($a, $b);
    }
    $nonce = openssl_random_pseudo_bytes(32);
    return hash_hmac(self::HASH_ALGO, $a, $nonce) === hash_hmac(self::HASH_ALGO, $b, $nonce);
 }
}

加密字符串如下。 

$email = 'myemail@domain.com';
$key = 'Some key';
$encrypted_email = $encrypted = SaferCrypto::encrypt($message, $key);

字符串加密如下: 

 óÜCu!>Ò·<x0½“—J ‡l¿Ø ;ƒ;›OøVP#ï 1 Sjñ,(ñúrÛòv–~ºyÍg ÷–´´iƒû

如果我使用urlencode($string)傳遞此數據,則數據未被解密,因為hash不匹配,因為hashEquals方法拋出異常。

在GET請求中傳遞加密字符串的正確方法是什么?

1 個解決方案

解決方案1
 0  2017-02-12 19:16:57

目前尚不清楚,問題是什么,但您可以使用base64_encode($encrypted_email)將您的字符串傳遞為smth,如HDo1FaXabDHjfxBkpx7YBHNGVeZ/G8FvI2BoxES2rUu3lvNWRo5G0PImiv9IhENv 

<a href="?enc=<?=base64_encode($encrypted_email)?>">link</a>

接收時,解碼它 

$encrypted_email = base64_decode($_GET['enc']);

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 PHP POST / GET請求已加密 如何將jQuery獲取字符串傳遞給PHP腳本 如何在php中解密.net加密字符串 如何使用 PHP 解密在 javascript 中的 CryptoJS 中加密的字符串 如何解密在 Java 中加密的 PHP 中的字符串? 如何在PHP中解密Jasypt加密的字符串? 檢查字符串在 php 中加密 如何在執行php請求時傳遞多參數字符串 如何在get請求中傳遞數據以獲取php api命中? 如何在 php curl 的 GET 請求中傳遞令牌參數?
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM