danny
/
code-audit
mirror of https://gitee.com/gaohongy/code-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
code-audit/第十章/01.md

10 KiB
Raw Permalink Blame History Unescape Escape

加密是指将明文直接可见的数据以特定的算法进行混淆,以保证数据的安全掩蔽性常见的加密算法可以分为对称加密、非对称加密以及单向加密(哈希算法)

1. 对称加密

  • 对称加密指的是采用单密钥进行加密,并且该密钥可以对数据进行加密和解密处理
  • 目前这类加密算法安全性均比较高,数据的实际安全性取决于密钥的管理
  • 常用的算法有DES、3DES、TDEA、Blowfish、RC2、RC4、RC5、IDEA、SKIPJACK、AES 等

1.1. 国密算法SM系列

  • 国密算法是国家密码管理局制定标准的一系列算法。
  • SM1对称加密算法加密强度为128位采用硬件实现
  • SM2非对称算法椭圆曲线公钥密码其加密强度为256位
  • SM3密码杂凑哈希算法杂凑值长度为32字节
  • SM4对称加密算法可使用软件实现加密强度为128位。
  • SM7对称加密算法加密强度为128位SM9标识密码算法非对称

1.2. 3DES 加密

  • 在 php.ini 中打开 php_mcrypt.dll 以及php_mcrypt_filter.dll 两个lib库的引用
  • 即去掉代码前面的分号;
  • extension=php_mcrypt.dll;

phpinfo 中会有对应的显示

image-20251030174105509

<?php
    header("Content-Type:text/html;charset=utf-8");//PHP显示中文
	echo "PHP使用3DES加密算法举例"."<br />";
	
	class Crypt3Des{
		public $key = "123456789";//加密密钥
		function Crypt3Des($key){
			$this->key=$key;
		}
		//加密函数
		function encrypt($input){
			$size = mcrypt_get_block_size(MCRYPT_3DES,'ecb');
			$input = $this->pkcs5_pad($input,$size);
			$key = str_pad($this->key,24,'0');
			$td = mcrypt_module_open(MCRYPT_3DES,'','ecb','');
			$iv = @mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND); 
			@mcrypt_generic_init($td, $key, $iv);
			$data = mcrypt_generic($td, $input);
			mcrypt_generic_deinit($td);
			mcrypt_module_close($td); 
			// var_dump($data);
			// exit();
			$data = base64_encode($data);			
			return $data;
		}
		//解密函数
		function decrypt($encrypted){
			$encrypted = base64_decode($encrypted);
			$key = str_pad($this->key,24,'0');
			$td = mcrypt_module_open(MCRYPT_3DES,'','ecb','');
			$iv = @mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_RAND);
			$ks = mcrypt_enc_get_key_size($td);
			@mcrypt_generic_init($td, $key, $iv);
			$decrypted = mdecrypt_generic($td, $encrypted); 
			mcrypt_generic_deinit($td);
			mcrypt_module_close($td);
			$y=$this->pkcs5_unpad($decrypted); 
			return $y;
		}
		
		function pkcs5_pad($text, $blocksize){
			$pad = $blocksize - (strlen($text) % $blocksize); 
			return $text . str_repeat(chr($pad), $pad);
		}
		
		function pkcs5_unpad($text){
			$pad = ord($text{strlen($text)-1});
			if ($pad > strlen($text)) {
				return false;
			}
			if (strspn($text, chr($pad), strlen($text) - $pad) != $pad){ 
				return false;
			}
			return substr($text,0,-1*$pad);
		}
		
		function PaddingPKCS7($data){
			$block_size = mcrypt_get_block_size(MCRYPT_3DES, MCRYPT_MODE_CBC); $padding_char = $block_size - (strlen($data) % $block_size);
			$data .= str_repeat(chr($padding_char), $padding_char); 
			return $data;
		}
	}

//使用方法很简单,只要实例化这个类,直接调用相应函数即可,如下所示:
	$rep=new Crypt3Des('123456789');
	$input="hello 3des";
	echo "原文:" . $input . "<br />";
	$encrypt_card = $rep->encrypt($input);
	echo "加密:" . $encrypt_card . "<br />";
	echo "解密:" . $rep->decrypt($rep->encrypt($input));

?>

http://localhost/2020CodeAudit/c10/10-1-1-3des.php

结果:

PHP使用3DES加密算法举例
原文hello 3des
加密o9f/220Jb4GFSTHV9NL7mQ==
解密hello 3des

1.3. AES 加密

<?php
    header("Content-Type:text/html;charset=utf-8");//PHP显示中文
	echo "PHP使用AES加密算法举例"."<br />";
	
	class Aes{
		public $_secrect_key='123456789';//密钥
		function Aes($key){
			$this->_secrect_key = $key;
		}
		/**
		* 加密方法
		* @param string $str
		* return string
		*/
		function encrypt($str){
		//AES, 128 ECB 模式加密数据
			$screct_key = $this->_secrect_key;
			$screct_key = base64_decode($screct_key);
			$str = trim($str);
			$str = $this->addPKCS7Padding($str);
			$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128,MCRYPT_MODE_ECB),MCRYPT_RAND);
			$encrypt_str =	mcrypt_encrypt(MCRYPT_RIJNDAEL_128,$screct_key,$str,MCRYPT_MODE_ECB, $iv);
			return base64_encode($encrypt_str);
		}
		/**解密方法
		* @param string $str
		* @return string
		*/
		function decrypt($str){
		//AES, 128 ECB 模式加密数据
			$screct_key = $this->_secrect_key;
			$str = base64_decode($str);
			$screct_key = base64_decode($screct_key);
			$iv = mcrypt_create_iv (mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB),MCRYPT_RAND);
			$encrypt_str =	mcrypt_decrypt(MCRYPT_RIJNDAEL_128,$screct_key,$str, MCRYPT_MODE_ECB,$iv);
			$encrypt_str = trim($encrypt_str);
			$encrypt_str = $this->stripPKSC7Padding($encrypt_str);
			return $encrypt_str;
		}
		/**填充算法
		* @param string $source
		* @return string
		*/
		function addPKCS7Padding($source){
			$source = trim($source);
			$block = mcrypt_get_block_size('rijndael-128', 'ecb'); 
			$pad = $block - (strlen($source) % $block);
			if ($pad <= $block){
				$char = chr($pad);
				$source .= str_repeat($char,$pad);
			}
			return $source;
			
		}
		/**移去填充算法
		* Qparam string $source
		* return string
		*/
		function stripPKSC7Padding($source){
			$source = trim($source);
			$char = substr($source,-1);
			$num = ord($char);
			if($num==62) return $source;
			$source = substr($source,0,-$num); 
			return $source;
		}
	}
//这个加密类使用起来也相当简单:
	$rep=new Aes('123456789');
	$input="hello aes";
	echo "原文:" . $input. "<br />";
	$encrypt_card=$rep->encrypt($input);
	echo "加密:" . $encrypt_card. "<br />";
	echo "解密:" . $rep->decrypt($rep->encrypt($input));
?>

http://localhost/2020CodeAudit/c10/10-1-2-aes.php

结果:

PHP使用AES加密算法举例
原文hello aes
加密108Ts7vcLcvkhfDv1PgIMA==
解密hello aes

1.4. RSA加密

<?php
    header("Content-Type:text/html;charset=utf-8");//PHP显示中文
	echo "PHP生成RSA密钥"."<br />";
	set_time_limit(0);
	include("./Crypt/RSA.php");
	$rsa = new Crypt_RSA();
	extract($rsa->createKey());
	echo "$privatekey" . '<br />' . "$publickey";
?>

http://localhost/2020CodeAudit/c10/phpseclib/10-2-generateRSAkey.php

PHP生成RSA密钥
-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDVPFtEVTY/ANoohAq3k5VrRJuQpQbcd7lq5dFgPm3Rkkvi31nG zGVm4BKjice3HYX82aT+dbzV/B4AoHcGwarbT0cRL5Pl12x4vFRFevC/NU7fES4z WRRar4ZSY+iBKxDJuMkvXsrAWo3LLRWj+aJHKZ9pUZHJmD2Aqysm+6rWEQIDAQAB AoGAXvOsdGY5bJ61hnsdxpc6XvTDDQrfXkcV0ssZi/DguAScNB9e+85CjSfUROxy eVD1PB2ygfjtqJ/GwGKz/dc5e/SpFGBJGjPMwqElHsXhHUMbai8rODJQ9Fp1HOy/ shLM3rsVMPcG3tQYIbq23fp46xrtTN2LH6pRp8qRHUsQP5ECQQD0sHZRK19gFyCn FZzqULuQrimJZhHAszVYwUmTuCJqKGDILkScSjNlnGPe1ZMcin4R8Np6gy2lJRPN x6A+BDfFAkEA3xewISSq82G+hqMFsyCR7T0E2AJQcWlygTAmFl7AHvbV6K87rEQX +rumG39ncUz3a4X2P50GRh8rjbhfYNX93QJAJWc8DthUcfnXEfNp0x+YLFuTGd+y YwSB6RlSx/PjvtqBQNhhwIpPJP8s/Qkkvb4l21Q38XZP6eirCE+1nQVECQJAbzl+ JGgFmuXmeXWZh977Ig5D9fXhaUmrPuFke86tdkKWDzYeSBqC4gzgGeGBDynSSRc2 2CxPTnKH4lZDpyHJOQJBANMqS0nTJQ1tNRBvGybAT6fkIkcyZFATqqJy77Z3BbAP N2ox9li4mxXQsN32cY5U1DanGGjfjfsX0twYQ0igzbs= -----END RSA PRIVATE KEY-----
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVPFtEVTY/ANoohAq3k5VrRJuQ pQbcd7lq5dFgPm3Rkkvi31nGzGVm4BKjice3HYX82aT+dbzV/B4AoHcGwarbT0cR L5Pl12x4vFRFevC/NU7fES4zWRRar4ZSY+iBKxDJuMkvXsrAWo3LLRWj+aJHKZ9p UZHJmD2Aqysm+6rWEQIDAQAB -----END PUBLIC KEY-----

用 $rsa->encrypt($plaintext);函数用来加密用 $rsa->decrypt($ciphertext) 来解密并输出明文字符串“cuit.edu.cn"

<?php
    header("Content-Type:text/html;charset=utf-8");//PHP显示中文
	echo "PHP RSA加解密示例"."<br />";
	set_time_limit(0);

	$PUBLIC_KEY = '-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCG2OewYkM9hQOJdthogOoj+8HO rJiZ+HXw8C3wbeu4cDcz0P/XgqneyfXpEFadEanRlCRySzAlz0ki7xI0lhFzqw1K OmsUTaOCrtGMsDFQ72io6Ln98hbqFnS3Pc8S0DhYAHrdvFmUyh/QcRJrWRbcQsV4 sG1ThpqjzwTgJLhYjwIDAQAB -----END PUBLIC KEY-----';
	$PRIVATE_KEY = '-----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQCG2OewYkM9hQOJdthogOoj+8HOrJiZ+HXw8C3wbeu4cDcz0P/X gqneyfXpEFadEanRlCRySzAlz0ki7xI0lhFzqw1KOmsUTaOCrtGMsDFQ72io6Ln9 8hbqFnS3Pc8S0DhYAHrdvFmUyh/QcRJrWRbcQsV4sG1ThpqjzwTgJLhYjwIDAQAB AoGAFW+oDnvjE4Wwb8BNm6ND//oMBPZJVfn6NGsslQgW951txmtxgvQPBqRqq/pA bTylwclqgnlzCyJTY93HB5wEOaDjJBSa/niHyRVnPQM51eIlNAmE18Lq77V/2QXh eL/fjmLc8MSjvfdbHJd/de4UewXE0N9fhc/TFXhqqtO1+X0CQQCKsYYmdDj2mkpy VZs/1Zn4xysocjw3OBp7dDG4Zihzik07qdLDmx9skFyxsMVw6igIPuIPvrbf1fLf SotKaHfDAkEA+OaXytfOwAYUbOqwbeJfigXDSjAgpqzU4LqmM3PeFGFSCgRShlJy lhypxYPb2tJaR3JWUzhPuyl0oJ4Wbe+bRQJASGMBLj7IoETFCEmP3tBALWzeJJ0C uptIjxiE/sYq5KrRRouLGlZzHzl1d7RYSGed/ze6yxbx4X+L5GjGrE47+wJAVeKL wiyRZOU0KxkYY/JW8TNn3bOZsKm2kw0UyHBU00d5nYc8SqksbOvbERKczHcFO94S N4kYygZV/g5OwwSI2QJAdGV4N43bK6DwWcpvAVD/KTlprvGUdHHol5Pe8CtipMr9 oE9qljXzppyzS9vVrf+6KtTDgIIivosxnrHHPyIOmQ== -----END RSA PRIVATE KEY-----';
	
	include('./Crypt/RSA.php');
	$rsa = new Crypt_RSA();
	$rsa->loadKey($PUBLIC_KEY) ; // 载入公钥
	$plaintext = 'cuit.edu.cn';
	$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
	$ciphertext = $rsa->encrypt($plaintext);//加密函数
	$rsa->loadKey($PRIVATE_KEY) ; // 载入私钥 
	echo $ciphertext."<br /> "."<br />"."<br /> "; 
	echo $rsa->decrypt($ciphertext);//解密函数

?>

http://localhost/2020CodeAudit/c10/phpseclib/10-2-RSAdecode.php

运行结果

PHP RSA加解密示例
2<>Ȁ-<2D><><EFBFBD><01><><0E><><EFBFBD><EFBFBD><EFBFBD>:<3A>[<5B><> 'Er0<13>p<EFBFBD><70><EFBFBD><17><1A>Fc<46><63>, <20><><EFBFBD>Ә<EFBFBD><D398>?v<>H.r$9<>?<3F>@,<2C><>-<2D><><EFBFBD>- !ި<>Z<EFBFBD><5A><<<05><><EFBFBD>e<1B><>\<5C>%x


cuit.edu.cn

1.5. 单向加密

MD系列(md4、md5) 和shal等

<?php
    header("Content-Type:text/html;charset=utf-8");//PHP显示中文
	echo "PHP使用MD5和sha1加密算法举例"."<br />";
	
	echo 'phpsec md5: '.md5('xinan');
	echo '<br /> ';
	echo 'phpsec sha1: '.sha1('xinan');

?>

http://localhost/2020CodeAudit/c10/10-3-md5.php

结果:

PHP使用MD5和sha1加密算法举例
phpsec md5: d71e1f2ea8307656a8a02136116e1b7b
phpsec sha1: 28c2e7fbf2f6f121a2643d620424b6f9bf6b8d10