danny
/
code-audit
mirror of https://gitee.com/gaohongy/code-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ae7f5b8273'
${ noResults }
code-audit/第十章/01.md

314 lines
10 KiB
Markdown
Raw Blame History Unescape Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

- [1. 对称加密](#1-对称加密)
- [1.1. 国密算法SM系列](#11-国密算法sm系列)
- [1.2. 3DES 加密](#12-3des-加密)
- [1.3. AES 加密](#13-aes-加密)
- [1.4. RSA加密](#14-rsa加密)
- [1.5. 单向加密](#15-单向加密)
加密是指将明文直接可见的数据以特定的算法进行混淆,以保证数据的安全掩蔽性常见的加密算法可以分为对称加密、非对称加密以及单向加密(哈希算法)
# 1. 对称加密
- 对称加密指的是采用单密钥进行加密,并且该密钥可以对数据进行加密和解密处理
- 目前这类加密算法安全性均比较高,数据的实际安全性取决于密钥的管理
- 常用的算法有DES、3DES、TDEA、Blowfish、RC2、RC4、RC5、IDEA、SKIPJACK、AES 等
## 1.1. 国密算法SM系列
- 国密算法是国家密码管理局制定标准的一系列算法。
- SM1对称加密算法加密强度为128位采用硬件实现
- SM2非对称算法椭圆曲线公钥密码其加密强度为256位
- SM3密码杂凑哈希算法杂凑值长度为32字节
- SM4对称加密算法可使用软件实现加密强度为128位。
- SM7对称加密算法加密强度为128位SM9标识密码算法非对称
## 1.2. 3DES 加密
- 在 php.ini 中打开 php_mcrypt.dll 以及php_mcrypt_filter.dll 两个lib库的引用
- 即去掉代码前面的分号;
- extension=php_mcrypt.dll;
phpinfo 中会有对应的显示
![image-20251030174105509](img/image-20251030174105509.png)
```php
<?php
header("Content-Type:text/html;charset=utf-8");//PHP显示中文
echo "PHP使用3DES加密算法举例"."<br />";
class Crypt3Des{
public $key = "123456789";//加密密钥
function Crypt3Des($key){
$this->key=$key;
}
//加密函数
function encrypt($input){
$size = mcrypt_get_block_size(MCRYPT_3DES,'ecb');
$input = $this->pkcs5_pad($input,$size);
$key = str_pad($this->key,24,'0');
$td = mcrypt_module_open(MCRYPT_3DES,'','ecb','');
$iv = @mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
@mcrypt_generic_init($td, $key, $iv);
$data = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
// var_dump($data);
// exit();
$data = base64_encode($data);
return $data;
}
//解密函数
function decrypt($encrypted){
$encrypted = base64_decode($encrypted);
$key = str_pad($this->key,24,'0');
$td = mcrypt_module_open(MCRYPT_3DES,'','ecb','');
$iv = @mcrypt_create_iv(mcrypt_enc_get_iv_size($td),MCRYPT_RAND);
$ks = mcrypt_enc_get_key_size($td);
@mcrypt_generic_init($td, $key, $iv);
$decrypted = mdecrypt_generic($td, $encrypted);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$y=$this->pkcs5_unpad($decrypted);
return $y;
}
function pkcs5_pad($text, $blocksize){
$pad = $blocksize - (strlen($text) % $blocksize);
return $text . str_repeat(chr($pad), $pad);
}
function pkcs5_unpad($text){
$pad = ord($text{strlen($text)-1});
if ($pad > strlen($text)) {
return false;
}
if (strspn($text, chr($pad), strlen($text) - $pad) != $pad){
return false;
}
return substr($text,0,-1*$pad);
}
function PaddingPKCS7($data){
$block_size = mcrypt_get_block_size(MCRYPT_3DES, MCRYPT_MODE_CBC); $padding_char = $block_size - (strlen($data) % $block_size);
$data .= str_repeat(chr($padding_char), $padding_char);
return $data;
}
}
//使用方法很简单,只要实例化这个类,直接调用相应函数即可,如下所示:
$rep=new Crypt3Des('123456789');
$input="hello 3des";
echo "原文:" . $input . "<br />";
$encrypt_card = $rep->encrypt($input);
echo "加密:" . $encrypt_card . "<br />";
echo "解密:" . $rep->decrypt($rep->encrypt($input));
?>
```
```
http://localhost/2020CodeAudit/c10/10-1-1-3des.php
```
结果:
```
PHP使用3DES加密算法举例
原文hello 3des
加密o9f/220Jb4GFSTHV9NL7mQ==
解密hello 3des
```
## 1.3. AES 加密
```php
<?php
header("Content-Type:text/html;charset=utf-8");//PHP显示中文
echo "PHP使用AES加密算法举例"."<br />";
class Aes{
public $_secrect_key='123456789';//密钥
function Aes($key){
$this->_secrect_key = $key;
}
/**
* 加密方法
* @param string $str
* return string
*/
function encrypt($str){
//AES, 128 ECB 模式加密数据
$screct_key = $this->_secrect_key;
$screct_key = base64_decode($screct_key);
$str = trim($str);
$str = $this->addPKCS7Padding($str);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128,MCRYPT_MODE_ECB),MCRYPT_RAND);
$encrypt_str = mcrypt_encrypt(MCRYPT_RIJNDAEL_128,$screct_key,$str,MCRYPT_MODE_ECB, $iv);
return base64_encode($encrypt_str);
}
/**解密方法
* @param string $str
* @return string
*/
function decrypt($str){
//AES, 128 ECB 模式加密数据
$screct_key = $this->_secrect_key;
$str = base64_decode($str);
$screct_key = base64_decode($screct_key);
$iv = mcrypt_create_iv (mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB),MCRYPT_RAND);
$encrypt_str = mcrypt_decrypt(MCRYPT_RIJNDAEL_128,$screct_key,$str, MCRYPT_MODE_ECB,$iv);
$encrypt_str = trim($encrypt_str);
$encrypt_str = $this->stripPKSC7Padding($encrypt_str);
return $encrypt_str;
}
/**填充算法
* @param string $source
* @return string
*/
function addPKCS7Padding($source){
$source = trim($source);
$block = mcrypt_get_block_size('rijndael-128', 'ecb');
$pad = $block - (strlen($source) % $block);
if ($pad <= $block){
$char = chr($pad);
$source .= str_repeat($char,$pad);
}
return $source;
}
/**移去填充算法
* Qparam string $source
* return string
*/
function stripPKSC7Padding($source){
$source = trim($source);
$char = substr($source,-1);
$num = ord($char);
if($num==62) return $source;
$source = substr($source,0,-$num);
return $source;
}
}
//这个加密类使用起来也相当简单:
$rep=new Aes('123456789');
$input="hello aes";
echo "原文:" . $input. "<br />";
$encrypt_card=$rep->encrypt($input);
echo "加密:" . $encrypt_card. "<br />";
echo "解密:" . $rep->decrypt($rep->encrypt($input));
?>
```
```
http://localhost/2020CodeAudit/c10/10-1-2-aes.php
```
结果:
```
PHP使用AES加密算法举例
原文hello aes
加密108Ts7vcLcvkhfDv1PgIMA==
解密hello aes
```
## 1.4. RSA加密
```php
<?php
header("Content-Type:text/html;charset=utf-8");//PHP显示中文
echo "PHP生成RSA密钥"."<br />";
set_time_limit(0);
include("./Crypt/RSA.php");
$rsa = new Crypt_RSA();
extract($rsa->createKey());
echo "$privatekey" . '<br />' . "$publickey";
?>
```
```
http://localhost/2020CodeAudit/c10/phpseclib/10-2-generateRSAkey.php
```
```
PHP生成RSA密钥
-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDVPFtEVTY/ANoohAq3k5VrRJuQpQbcd7lq5dFgPm3Rkkvi31nG zGVm4BKjice3HYX82aT+dbzV/B4AoHcGwarbT0cRL5Pl12x4vFRFevC/NU7fES4z WRRar4ZSY+iBKxDJuMkvXsrAWo3LLRWj+aJHKZ9pUZHJmD2Aqysm+6rWEQIDAQAB AoGAXvOsdGY5bJ61hnsdxpc6XvTDDQrfXkcV0ssZi/DguAScNB9e+85CjSfUROxy eVD1PB2ygfjtqJ/GwGKz/dc5e/SpFGBJGjPMwqElHsXhHUMbai8rODJQ9Fp1HOy/ shLM3rsVMPcG3tQYIbq23fp46xrtTN2LH6pRp8qRHUsQP5ECQQD0sHZRK19gFyCn FZzqULuQrimJZhHAszVYwUmTuCJqKGDILkScSjNlnGPe1ZMcin4R8Np6gy2lJRPN x6A+BDfFAkEA3xewISSq82G+hqMFsyCR7T0E2AJQcWlygTAmFl7AHvbV6K87rEQX +rumG39ncUz3a4X2P50GRh8rjbhfYNX93QJAJWc8DthUcfnXEfNp0x+YLFuTGd+y YwSB6RlSx/PjvtqBQNhhwIpPJP8s/Qkkvb4l21Q38XZP6eirCE+1nQVECQJAbzl+ JGgFmuXmeXWZh977Ig5D9fXhaUmrPuFke86tdkKWDzYeSBqC4gzgGeGBDynSSRc2 2CxPTnKH4lZDpyHJOQJBANMqS0nTJQ1tNRBvGybAT6fkIkcyZFATqqJy77Z3BbAP N2ox9li4mxXQsN32cY5U1DanGGjfjfsX0twYQ0igzbs= -----END RSA PRIVATE KEY-----
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVPFtEVTY/ANoohAq3k5VrRJuQ pQbcd7lq5dFgPm3Rkkvi31nGzGVm4BKjice3HYX82aT+dbzV/B4AoHcGwarbT0cR L5Pl12x4vFRFevC/NU7fES4zWRRar4ZSY+iBKxDJuMkvXsrAWo3LLRWj+aJHKZ9p UZHJmD2Aqysm+6rWEQIDAQAB -----END PUBLIC KEY-----
```
用 $rsa->encrypt($plaintext);函数用来加密用 $rsa->decrypt($ciphertext) 来解密并输出明文字符串“cuit.edu.cn"
```php
<?php
header("Content-Type:text/html;charset=utf-8");//PHP显示中文
echo "PHP RSA加解密示例"."<br />";
set_time_limit(0);
$PUBLIC_KEY = '-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCG2OewYkM9hQOJdthogOoj+8HO rJiZ+HXw8C3wbeu4cDcz0P/XgqneyfXpEFadEanRlCRySzAlz0ki7xI0lhFzqw1K OmsUTaOCrtGMsDFQ72io6Ln98hbqFnS3Pc8S0DhYAHrdvFmUyh/QcRJrWRbcQsV4 sG1ThpqjzwTgJLhYjwIDAQAB -----END PUBLIC KEY-----';
$PRIVATE_KEY = '-----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQCG2OewYkM9hQOJdthogOoj+8HOrJiZ+HXw8C3wbeu4cDcz0P/X gqneyfXpEFadEanRlCRySzAlz0ki7xI0lhFzqw1KOmsUTaOCrtGMsDFQ72io6Ln9 8hbqFnS3Pc8S0DhYAHrdvFmUyh/QcRJrWRbcQsV4sG1ThpqjzwTgJLhYjwIDAQAB AoGAFW+oDnvjE4Wwb8BNm6ND//oMBPZJVfn6NGsslQgW951txmtxgvQPBqRqq/pA bTylwclqgnlzCyJTY93HB5wEOaDjJBSa/niHyRVnPQM51eIlNAmE18Lq77V/2QXh eL/fjmLc8MSjvfdbHJd/de4UewXE0N9fhc/TFXhqqtO1+X0CQQCKsYYmdDj2mkpy VZs/1Zn4xysocjw3OBp7dDG4Zihzik07qdLDmx9skFyxsMVw6igIPuIPvrbf1fLf SotKaHfDAkEA+OaXytfOwAYUbOqwbeJfigXDSjAgpqzU4LqmM3PeFGFSCgRShlJy lhypxYPb2tJaR3JWUzhPuyl0oJ4Wbe+bRQJASGMBLj7IoETFCEmP3tBALWzeJJ0C uptIjxiE/sYq5KrRRouLGlZzHzl1d7RYSGed/ze6yxbx4X+L5GjGrE47+wJAVeKL wiyRZOU0KxkYY/JW8TNn3bOZsKm2kw0UyHBU00d5nYc8SqksbOvbERKczHcFO94S N4kYygZV/g5OwwSI2QJAdGV4N43bK6DwWcpvAVD/KTlprvGUdHHol5Pe8CtipMr9 oE9qljXzppyzS9vVrf+6KtTDgIIivosxnrHHPyIOmQ== -----END RSA PRIVATE KEY-----';
include('./Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->loadKey($PUBLIC_KEY) ; // 载入公钥
$plaintext = 'cuit.edu.cn';
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$ciphertext = $rsa->encrypt($plaintext);//加密函数
$rsa->loadKey($PRIVATE_KEY) ; // 载入私钥
echo $ciphertext."<br /> "."<br />"."<br /> ";
echo $rsa->decrypt($ciphertext);//解密函数
?>
```
```
http://localhost/2020CodeAudit/c10/phpseclib/10-2-RSAdecode.php
```
运行结果
```
PHP RSA加解密示例
2<EFBFBD>Ȁ-<2D><><EFBFBD><01><><0E><><EFBFBD><EFBFBD><EFBFBD>:<3A>[<5B><> 'Er0<13>p<EFBFBD><70><EFBFBD><17><1A>Fc<46><63>, <20><><EFBFBD>Ә<EFBFBD><D398>?v<>H.r$9<>?<3F>@,<2C><>-<2D><><EFBFBD>- !ި<>Z<EFBFBD><5A><<<05><><EFBFBD>e<1B><>\<5C>%x
cuit.edu.cn
```
## 1.5. 单向加密
MD系列(md4、md5) 和shal等
```php
<?php
header("Content-Type:text/html;charset=utf-8");//PHP显示中文
echo "PHP使用MD5和sha1加密算法举例"."<br />";
echo 'phpsec md5: '.md5('xinan');
echo '<br /> ';
echo 'phpsec sha1: '.sha1('xinan');
?>
```
```
http://localhost/2020CodeAudit/c10/10-3-md5.php
```
结果:
```
PHP使用MD5和sha1加密算法举例
phpsec md5: d71e1f2ea8307656a8a02136116e1b7b
phpsec sha1: 28c2e7fbf2f6f121a2643d620424b6f9bf6b8d10
```
Reference in New Issue View Git Blame Copy Permalink