在php中如何在GET请求中传递加密字符串?
我正在使用以下类加密字符串(使用继承) 继承类,如下所示在php中如何在GET请求中传递加密字符串?,php,http,encryption,hash,cryptography,Php,Http,Encryption,Hash,Cryptography,我正在使用以下类加密字符串(使用继承) 继承类,如下所示 class SaferCrypto extends UnsafeCrypto { const HASH_ALGO = 'sha256'; /** * Encrypts then MACs a message * * @param string $message - plaintext message * @param string $key - encryption key (raw binary expected) * @
class SaferCrypto extends UnsafeCrypto {
const HASH_ALGO = 'sha256';
/**
* Encrypts then MACs a message
*
* @param string $message - plaintext message
* @param string $key - encryption key (raw binary expected)
* @param boolean $encode - set to TRUE to return a base64-encoded string
* @return string (raw binary)
*/
public static function encrypt($message, $key, $encode = false)
{
list($encKey, $authKey) = self::splitKeys($key);
// Pass to UnsafeCrypto::encrypt
$ciphertext = parent::encrypt($message, $encKey);
// Calculate a MAC of the IV and ciphertext
$mac = hash_hmac(self::HASH_ALGO, $ciphertext, $authKey, true);
if ($encode) {
return base64_encode($mac.$ciphertext);
}
// Prepend MAC to the ciphertext and return to caller
return $mac.$ciphertext;
}
/**
* Decrypts a message (after verifying integrity)
*
* @param string $message - ciphertext message
* @param string $key - encryption key (raw binary expected)
* @param boolean $encoded - are we expecting an encoded string?
* @return string (raw binary)
*/
public static function decrypt($message, $key, $encoded = false)
{
list($encKey, $authKey) = self::splitKeys($key);
if ($encoded) {
$message = base64_decode($message, true);
if ($message === false) {
throw new Exception('Encryption failure');
}
}
// Hash Size -- in case HASH_ALGO is changed
$hs = mb_strlen(hash(self::HASH_ALGO, '', true), '8bit');
$mac = mb_substr($message, 0, $hs, '8bit');
$ciphertext = mb_substr($message, $hs, null, '8bit');
$calculated = hash_hmac(
self::HASH_ALGO,
$ciphertext,
$authKey,
true
);
if (!self::hashEquals($mac, $calculated)) {
throw new Exception('Encryption failure');
}
// Pass to UnsafeCrypto::decrypt
$plaintext = parent::decrypt($ciphertext, $encKey);
return $plaintext;
}
/**
* Splits a key into two separate keys; one for encryption
* and the other for authenticaiton
*
* @param string $masterKey (raw binary)
* @return array (two raw binary strings)
*/
protected static function splitKeys($masterKey)
{
// You really want to implement HKDF here instead!
return [
hash_hmac(self::HASH_ALGO, 'ENCRYPTION', $masterKey, true),
hash_hmac(self::HASH_ALGO, 'AUTHENTICATION', $masterKey, true)
];
}
/**
* Compare two strings without leaking timing information
*
* @param string $a
* @param string $b
* @ref https://paragonie.com/b/WS1DLx6BnpsdaVQW
* @return boolean
*/
protected static function hashEquals($a, $b)
{
if (function_exists('hash_equals')) {
return hash_equals($a, $b);
}
$nonce = openssl_random_pseudo_bytes(32);
return hash_hmac(self::HASH_ALGO, $a, $nonce) === hash_hmac(self::HASH_ALGO, $b, $nonce);
}
}
加密字符串如下
$email = 'myemail@domain.com';
$key = 'Some key';
$encrypted_email = $encrypted = SaferCrypto::encrypt($message, $key);
字符串的加密方式如下:
óÜCu!>Ò·<x0½“—J ‡l¿Ø ;ƒ;›OøVP#ï 1 Sjñ,(ñúrÛòv–~ºyÍg ÷–´´iƒû
óÜCu!>Ò·不清楚问题出在哪里,但您可以使用base64_encode($encrypted_email)
将字符串作为smth传递,如HDo1FaXabDHjfxBkpx7YBHNGVeZ/G8FvI2BoxES2rUu3lvNWRo5G0PImiv9IhENv
<a href="?enc=<?=base64_encode($encrypted_email)?>">link</a>
不清楚问题出在哪里,但您可以使用base64\u encode($encrypted\u email)
将字符串作为smth传递,如HDo1FaXabDHjfxBkpx7YBHNGVeZ/G8FvI2BoxES2rUu3lvNWRo5G0PImiv9IhENv
<a href="?enc=<?=base64_encode($encrypted_email)?>">link</a>
哈希不匹配
是否有哈希或加密?(哈希无法解密)@chris85如果你查看decrypt
方法,方法hashEquals
会抛出错误。你的问题应该包含所有信息。用完整的信息编辑描述。加密例程生成的字符在查询字符串中根本无效。考虑应用Base64传输编码。还有:HTTPS呢?我认为与您在这里尝试的操作相比,这更安全,也更少麻烦。哈希不匹配
您有哈希或加密吗?(哈希无法解密)@chris85如果你查看decrypt
方法,方法hashEquals
会抛出错误。你的问题应该包含所有信息。用完整的信息编辑描述。加密例程生成的字符在查询字符串中根本无效。考虑应用Base64传输编码。还有:HTTPS呢?我认为这比你在这里做的更安全,也更少麻烦。对不起,我错过了隐藏的评论。只是回答)对不起,我错过了隐藏的评论。(只是一个回答)
$encrypted_email = base64_decode($_GET['enc']);