mmeyer2k/dcrypt
Composer 安装命令:
composer require mmeyer2k/dcrypt
包简介
A petite library of encryption functionality for PHP
关键字:
README 文档
README
A petite library of essential encryption functions for PHP 7.1+. For legacy PHP version support, look here.
Install
Add dcrypt to your composer.json file requirements. Don't worry, dcrypt does not have any dependencies of its own.
composer require "mmeyer2k/dcrypt:^13.2"
Block Ciphers
The dcrypt library helps application developers avoid common mistakes in crypto implementations that leave data at risk.
Keys
Safe usage of dcrypt's block cipher functions requires the use of a high entropy 256 bit (minimum) key. Keys should be passed into dcrypt in base64 encoded format. You are responsible for the randomness of your key!
Generate a new key on the linux CLI:
head -c 32 /dev/urandom | base64 -w 0 | xargs echo
Or with PHP...
<?php $key = \Dcrypt\OpensslKey::create(32);
AES-256 GCM Encryption
Since PHP 7.1 supports native AEAD encryption modes, using GCM would be safest option for most applications. Dcrypt will handle the AEAD authentication tag, SHA3-256 HMAC, initialization vector and encrypted message as a single unencoded string.
<?php $key = '[...BASE64 KEY...]'; $encrypted = \Dcrypt\Aes::encrypt('a secret', $key); $plaintext = \Dcrypt\Aes::decrypt($encrypted, $key);
If in doubt, use this example and don't read any further!
Other AES-256 Modes
If you read to this point then you are an experienced cryptonaut, congrats! 👌 🤘
Several AES-256 encryption modes are supported out of the box via hardcoded classes.
| Class Name | OpenSSL Cipher | Security Rating | Further Reading |
|---|---|---|---|
Aes256Gcm or Aes |
aes-256-gcm |
😃 | wiki |
Aes256Ctr |
aes-256-ctr |
☺️ | wiki |
Aes256Cbc |
aes-256-cbc |
😑 | wiki |
Aes256Ofb |
aes-256-ofb |
😬 | wiki |
Aes256Cfb |
aes-256-cfb |
😯 | wiki |
Aes256Ccm |
aes-256-ccm |
😲 | wiki |
Aes256Ecb |
aes-256-ecb |
😡 | wiki |
Custom Encryption Suites
Dcrypt is compatible with most OpenSSL ciphers and hashing algorithms supported by PHP.
Run openssl_get_cipher_methods() and hash_algos() to view supported options on your platform.
Static Wrapper
Use any cipher/algo combination by calling the OpensslStatic class.
<?php $encrypted = \Dcrypt\OpensslStatic::encrypt('a secret', $key, 'bf-ofb', 'crc32'); $plaintext = \Dcrypt\OpensslStatic::decrypt($encrypted, $key, 'bf-ofb', 'crc32');
Class Overloading
Dcrypt's internal functions are easily extendable by overloading the OpensslBridge class.
<?php class BlowfishCrc32 extends \Dcrypt\OpensslBridge { const CIPHER = 'bf-ofb'; const ALGO = 'crc32'; } $encrypted = BlowfishCrc32::encrypt('a secret', $key); $plaintext = BlowfishCrc32::decrypt($encrypted, $key);
Layered Encryption Factory
Feeling especially paranoid? Not sure which cipher methods and algos can be trusted? Why not try all of them.
<?php $stack = (new \Dcrypt\OpensslStack($key)) ->add('aes-256-ecb', 'snefru') ->add('aes-256-ofb', 'sha224') ->add('aes-256-cbc', 'sha256') ->add('aes-256-ctr', 'sha384') ->add('aes-256-gcm', 'sha512'); $encrypted = $stack->encrypt('a secret'); $plaintext = $stack->decrypt($encrypted);
Message Authenticity Checking
By default, \Dcrypt\Exceptions\InvalidChecksumException exception will be raised before decryption is allowed to proceed when the supplied checksum is not valid.
<?php try { $decrypted = \Dcrypt\Aes::decrypt('malformed cyphertext', $key); } catch (\Dcrypt\Exceptions\InvalidChecksumException $ex) { // ... }
Stream Ciphers
Be sure you understand the risks and inherent issues of using a stream cipher before proceeding.
- Each key should only be used once
- Data integrity can not be guaranteed
- https://en.wikipedia.org/wiki/Stream_cipher_attacks
- https://jameshfisher.com/2018/01/01/making-a-stream-cipher/
One Time Pad
A novel counter-based stream cipher.
OneTimePad uses SHA3-512 to output a keystream that is ⊕'d with the input in 512 bit chunks.
<?php $encrypted = \Dcrypt\OneTimePad::crypt('a secret', $key); $plaintext = \Dcrypt\OneTimePad::crypt($encrypted, $key);
OneTimePad can use any hashing algorithm to generate the pseudorandom keystream.
<?php $encrypted = \Dcrypt\OneTimePad::crypt('a secret', $key, 'whirlpool'); $plaintext = \Dcrypt\OneTimePad::crypt($encrypted, $key, 'whirlpool');
String Helpers
Generate random base62 string tokens with specified number of characters.
$token = \Dcrypt\Str::token(10);
Compare 2 strings in a time-safe manner.
$equal = \Dcrypt\Str::equal($known, $given);
Show me some love 😍🍺
Developing dcrypt has been a great journey for many years. If you find dcrypt useful, please consider donating.
LTC |
LN97LrLCNiv14V6fntp247H2pj9UiFzUQZ |
BTC |
3N7vhA6ghWb1VrP4nGA6m6mzA9T2ASCVEj |
ETH |
0xe14a56046f28fCEF56A0EA4a84973bDdFF546923 |
Or please consider checking out my dcrypt inspired encryption library for .NET, check out harpocrates.
mmeyer2k/dcrypt 适用场景与选型建议
mmeyer2k/dcrypt 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 791.05k 次下载、GitHub Stars 达 97, 最近一次更新时间为 2015 年 06 月 20 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「encryption」 「aes」 「gcm」 「openssl」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 mmeyer2k/dcrypt 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 mmeyer2k/dcrypt 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 mmeyer2k/dcrypt 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
A simple PHP class to encrypt a string and decrypt an encrypted string
A package for automatically encrypting and decrypting Eloquent attributes in Laravel 5.5+, based on configuration settings.
Yii 2 Apns and Gcm together
Encryption with AES-256 and HMAC-SHA256
Firebase cloud messaging http v1 php
AES cipher - FIPS 192 compliant
统计信息
- 总下载量: 791.05k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 98
- 点击次数: 35
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2015-06-20