This article mainly introduces the encryption and decryption algorithm and how to use it in PHP
According to the classification, encryption and decryption are divided into two categories: symmetric encryption and asymmetric encryption.
The simple distinction is that symmetric encryption and decryption use the same set of secret keys; Asymmetric encryption has two secret keys, public and private. The public key is used for encryption and the private key is used for decryption.
The conventional algorithms of symmetric encryption include DES, 3DES, AES, etc., and support some modes, such as ECB, CBC, CTR, etc.
The OpenSSL extension in PHP provides ready-made functions
openssl_decryptFor symmetric encryption, it supports a variety of encryption algorithms, including state secret SM4, which can be used through
openssl_get_cipher_methodsCheck the specific supported algorithms.
Asymmetric encryption algorithm
RSA, the difference lies in different secret key lengths. At this stage, the recommended secret key length is 2048 bits or higher. The relevant principles can be found in the blog Garden or Wikipedia.
Examples of use in PHP
//Generate the key resource ID. this function is mainly used to verify whether the public and private secret keys can be used normally $pi_key = openssl_pkey_get_private($private_key); $pu_key = openssl_pkey_get_public($public_key); //Private key encryption, in addition to such use, can also directly the original secret key content without extraction $encrypted = ‘’; openssl_private_encrypt($data, $encrypted, $pi_key); //Transcoding, $encrypted here is the string encrypted by the private key $encrypted = base64_encode($encrypted); //Public key decryption, $decrypted is the plaintext after public key decryption and before private key encryption $decrypted = ‘’; $encrypted = base64_decode($encrypted); openssl_public_decrypt($encrypted, $decrypted, $pu_key);
Hash value calculation is one-way, because it cannot be deduced reversely. It is generally used for various verifications. For example, the user’s login secret key and the signature of data transmission.
The algorithm is generally
In actual operation, “salt” is usually added to increase the difficulty of cracking, which can not be detected by simply hitting the library.
httpsIn this case, in theory, data transmission plus signature is OK. However, in practical use, in some occasions with special emphasis on safety, in
httpsWill still encrypt and sign on the basis of.
This article is very rough and belongs to a general introduction. The details in actual use are not much involved. There are many such details on the Internet.
Wikipedia and blog parks are good sources of information.
Search bar: encryption and decryption site: cnblogs com
This work adoptsCC agreementThe author, link and reprint of this article must be indicated