php7.* 加密解密 openssl_encrypt 替代mcrypt

1 .概况

php7.1发布后新特性吸引了不少PHPer，大家都在讨论新特性带来的好处与便利。但是从php7.0 升级到 php7.1 废弃了一个在过去普遍应用的扩展(mcrypt扩展)。官方提供了相应的解决提示，却没有提供更详细的解决办法。于是坑来了….

2 .解决

php手册目前缺少“ openssl_encrypt ”和“ openssl_decrypt ”功能的文档，所以花了我一段时间来完成我需要做的工作，以使这些功能可以替代mcrypt

2.1 首先，您将需要生成一个用作256位加密密钥的伪随机字节串，请求的长度将为32（32位= 256位）。$encryption_key_256bit = base64_encode(openssl_random_pseudo_bytes(32));2.2 现在我们有了关键，我们将创建加密功能。我们将把要编码的数据和我们的密钥传递给该函数。除了我们的密钥，还有一个二次随机字符串，我们将创建和使用称为 初始化向量 （IV），有助于加强加密。function my_encrypt($data, $key) {// Remove the base64 encoding from our key$encryption_key = base64_decode($key);// Generate an initialization vector$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(aes-256-cbc));// Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector.$encrypted = openssl_encrypt($data, aes-256-cbc, $encryption_key, 0, $iv);// The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)return base64_encode($encrypted . :: . $iv);}2.3 现在为解密功能：function my_decrypt($data, $key) {// Remove the base64 encoding from our key$encryption_key = base64_decode($key);// To decrypt, split the encrypted data from our IV - our unique separator used was "::"list($encrypted_data, $iv) = explode(::, base64_decode($data), 2);return openssl_decrypt($encrypted_data, aes-256-cbc, $encryption_key, 0, $iv);}

2.4 放在一起测试

//$key is our base64 encoded 256bit key that we created earlier. You will probably store and define this key in a config file.$key = bRuD5WYw5wd0rdHR9yLlM6wt2vteuiniQBqE70nAuhU=;function my_encrypt($data, $key) {// Remove the base64 encoding from our key$encryption_key = base64_decode($key);// Generate an initialization vector$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(aes-256-cbc));// Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector.$encrypted = openssl_encrypt($data, aes-256-cbc, $encryption_key, 0, $iv);// The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)return base64_encode($encrypted . :: . $iv);}function my_decrypt($data, $key) {// Remove the base64 encoding from our key$encryption_key = base64_decode($key);// To decrypt, split the encrypted data from our IV - our unique separator used was "::"list($encrypted_data, $iv) = explode(::, base64_decode($data), 2);return openssl_decrypt($encrypted_data, aes-256-cbc, $encryption_key, 0, $iv);}//our data to be encoded$password_plain = abc123;echo $password_plain . "<br>";//our data being encrypted. This encrypted data will probably be going into a database//since its base64 encoded, it can go straight into a varchar or text database field without corruption worry$password_encrypted = my_encrypt($password_plain, $key);echo $password_encrypted . "<br>";//now we turn our encrypted data back to plain text$password_decrypted = my_decrypt($password_encrypted, $key);echo $password_decrypted . "<br>";2.5 上面的代码将输出以下内容。请注意，由于我们的初始化向量，每次运行代码时，中间的加密字符串将会更改：abc123K3gzWkxySUd6VkgvQTNJUUtZMjV2UT09Ojpia3sh1zglO3DYodw84855abc123

我是这样使用的：