2

Mcrypt 简介

Mcrypt 库提供了对多种块算法的支持, 包括:DES,TripleDES,Blowfish (默认), 3-WAY,SAFER-SK64,SAFER-SK128,TWOFISH,TEA,RC2 以及 GOST,并且支持 CBC,OFB,CFB 和 ECB 密码模式

安装过程 (Linux)

PHP7 要想使用 Mcrypt, 需要安装相应依赖包以及扩展模块

libmcrpyt 下载安装

libmcrypt-2.5.8.tar.gz 下载地址

# 注意:如果不需要代理服务器 可以去掉 -e 参数
wget --no-check-certificate -e "https_proxy=$http_proxy" -c "https://downloads.sourceforge.net/project/mcrypt/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fmcrypt%2Ffiles%2FLibmcrypt%2F2.5.8%2Flibmcrypt-2.5.8.tar.gz%2Fdownload&ts=1524883417&use_mirror=autoselect" -O libmcrypt-2.5.8.tar.gz

tar -xvzf libmcrpyt-2.5.8.tar.gz

cd libmcrypt-2.5.8

./configure

make

sudo make install

mcrypt 下载安装

mcrypt-2.6.8.tar.gz 下载地址

# 注意:如果不需要代理服务器 可以去掉 -e 参数
wget --no-check-certificate -e "https_proxy=${http_proxy}" -c "https://downloads.sourceforge.net/project/mcrypt/MCrypt/2.6.8/mcrypt-2.6.8.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fmcrypt%2Ffiles%2FMCrypt%2F2.6.8%2Fmcrypt-2.6.8.tar.gz%2Fdownload&ts=1524884655&use_mirror=autoselect" -O mcrypt-2.6.8.tar.gz

tar -xvzf mcrypt-2.6.8.tar.gz 

LD_LIBRARY_PATH=/usr/local/lib ./configure

make

sudo make install

mhash 下载安装

mhash-0.9.9.9.tar.gz 下载地址

# 注意:如果不需要代理服务器 可以去掉 -e 参数

wget --no-check-certificate -e "https_proxy=${http_proxy}" -c "https://downloads.sourceforge.net/project/mhash/mhash/0.9.9.9/mhash-0.9.9.9.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fmhash%2Ffiles%2Fmhash%2F0.9.9.9%2Fmhash-0.9.9.9.tar.gz%2Fdownload&ts=1524885158&use_mirror=autoselect" -O mhash-0.9.9.9.tar.gz

tar -xvzf mhash-0.9.9.9.tar.gz

./configure

make

sudo make install

PHP源码下载

php-7.0.2 下载地址

# 注意:如果不需要代理服务器 可以去掉 -e 参数
wget -e "http_proxy=${http_proxy}" -c "http://cn2.php.net/get/php-7.0.2.tar.gz/from/this/mirror" -O php-7.0.2.tar.gz

tar -xvzf php-7.0.2.tar.gz

cd ./php-7.0.2/ext/mcrpyt

# phpize是一个shell脚本,用于生成PECL扩展的configure文件
# 默认在/path/to/php/bin
phpize

./configure

make

sudo make install

# 结果
Installing shared extensions:     /usr/local/php/lib/php/extensions/no-debug-non-zts-20151012/

修改 php.ini

# 寻找 php.ini 文件在哪里 `php -i | grep php.ini`

vi php.ini
extension=mcrypt.so

# 检查是否安装成功 
php -m | grep mcrypt
mcrypt

使用

使用案例

<?php
    # --- ENCRYPTION ---

    # the key should be random binary, use scrypt, bcrypt or PBKDF2 to
    # convert a string into a key
    # key is specified using hexadecimal
    $key = pack('H*', "bcb04b7e103a0cd8b54763051cef08bc55abe029fdebae5e1d417e2ffb2a00a3");
    
    # show key size use either 16, 24 or 32 byte keys for AES-128, 192
    # and 256 respectively
    $key_size =  strlen($key);
    echo "Key size: " . $key_size . "\n";
    
    $plaintext = "This string was AES-256 / CBC / ZeroBytePadding encrypted.";

    # create a random IV to use with CBC encoding
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    
    # creates a cipher text compatible with AES (Rijndael block size = 128)
    # to keep the text confidential 
    # only suitable for encoded input that never ends with value 00h
    # (because of default zero padding)
    $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key,
                                 $plaintext, MCRYPT_MODE_CBC, $iv);

    # prepend the IV for it to be available for decryption
    $ciphertext = $iv . $ciphertext;
    
    # encode the resulting cipher text so it can be represented by a string
    $ciphertext_base64 = base64_encode($ciphertext);

    echo  $ciphertext_base64 . "\n";

    # === WARNING ===

    # Resulting cipher text has no integrity or authenticity added
    # and is not protected against padding oracle attacks.
    
    # --- DECRYPTION ---
    
    $ciphertext_dec = base64_decode($ciphertext_base64);
    
    # retrieves the IV, iv_size should be created using mcrypt_get_iv_size()
    $iv_dec = substr($ciphertext_dec, 0, $iv_size);
    
    # retrieves the cipher text (everything except the $iv_size in the front)
    $ciphertext_dec = substr($ciphertext_dec, $iv_size);

    # may remove 00h valued characters from end of plain text
    $plaintext_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key,
                                    $ciphertext_dec, MCRYPT_MODE_CBC, $iv_dec);
    
    echo  $plaintext_dec . "\n";
?>

注意: Mcrpyt 扩展从 PHP 7.1.0 开始废弃;自 PHP 7.2.0 起,会移到 PECL


wayneli
1.4k 声望828 粉丝

2017-2018年目标