PHP sodium encryption extension function

Time:2021-11-23

This is the last article in this encryption extension series and the last PHP encryption extension we want to learn about. Sodium also appears to replace the original encryption extension mcrypt. Mcrypt has been removed after php7.2 and marked obsolete at php7.1. However, there are not many applications of sodium extension. In most cases, we will use OpenSSL for encryption. At the same time, sodium extension provides many functions. Therefore, we only need to understand this article. Of course, the most important thing is that even the official documents on this extension are not perfect. There are no parameter descriptions for most functions, and there are very few data searched out.

The sodium extension is released with the PHP source code after php7.2. You only need to add — with sodium when compiling to install it successfully. If it is a version before php7.2, you need to install this extension separately. At the same time, the libsodium devel library also needs to be installed in the operating system.

AEAD_ AES_ 256_ GCM encryption and decryption

The first is the aead_ AES_ 256_ Application of GCM encryption and decryption capability function. In the development of wechat payment, an interface uses this method for data encryption. In the official documents, the corresponding decryption method of PHP is also provided, in which the functions in the sodium extension library are used. (see the second link in the reference document at the end of the text)

$data = 'test encryption'// raw data
$nonce = random_ bytes(SODIUM_CRYPTO_AEAD_AES256GCM_NPUBBYTES); //  Random string of encryption certificate
$ad = 'fullstackpm'; //  Random string of encryption certificate
$kengen = sodium_ crypto_ aead_ aes256gcm_ keygen(); //  secret key

//Available
echo sodium_crypto_aead_aes256gcm_is_available(), PHP_EOL; // 1

//Encryption
$pem = sodium_crypto_aead_aes256gcm_encrypt($data, $ad, $nonce, $kengen);
var_dump($pem);
// string(28) "��VRw!�����f��l�O�tV=\x�"

//Decryption
$v = sodium_crypto_aead_aes256gcm_decrypt($pem, $ad, $nonce, $kengen);
var_dump($v);
//String (12) "test encryption"

The comments in the code have described the related functions and parameters in detail. When this is used for decryption in wechat payment, ad, key, nonce, etc. are all provided by wechat, and we here as a demonstration are all self generated content.

sodium_ crypto_ aead_ aes256gcm_ The content generated by encrypt () encryption is also binary content, so it is also a very secure encryption form.

Information signature

The sodium extension library also brings us the function of verifying whether the data has been tampered, that is, the ability to compare the signatures of the information.

//Information signature
$key = sodium_ crypto_ auth_ keygen(); //  Generate random signature key
$message = 'test authentication signature';

//Generate signature
$signature = sodium_crypto_auth($message, $key);
var_dump($signature);
// string(32) "�B�
//                9���l�wn�x���ӛc�ܙ�u^j��"

//Verify signature
var_dump(sodium_crypto_auth_verify($signature, $message, $key));
// bool(true)

What they need is a simple random signature key, and then compare the signature summary with the original text to determine whether the data is tampered in the transmission process.

Hash

Yes, you are right. The sodium extension also provides us with a set of hash encryption functions. However, its use is more complex, and the generated content is a bit like that generated by cryptographic hash algorithm. However, we prefer to use the password in the password hash algorithm_ Hash () to generate this kind of hash password.

// Hash
$password = 'test hash';
$hash = sodium_crypto_pwhash_str(
    $password,
    SODIUM_ CRYPTO_ PWHASH_ OPSLIMIT_ Interactive, // maximum computation
    SODIUM_ CRYPTO_ PWHASH_ MEMLIMIT_ Interactive // maximum RAM
);
var_dump($hash);
// string(97) "$argon2id$v=19$m=65536,t=2,p=1$VFfdNV4W0MFwLiLPdr9i6g$QDmd5sQToZANYTVEkPVTbPvbY7tuf1ALKU3IXrF44R0"

//Verify hash information
var_dump(sodium_crypto_pwhash_str_verify($hash, $password));
// bool(true)

summary

Although we may not have been in touch with it at ordinary times, it is true that the sodium extension has practical applications in development. Since wechat uses this encryption method for data encryption, we should also have a deeper understanding of it. However, we still hope that the official can improve the document as soon as possible, otherwise we can’t systematically learn the contents of this set of extensions.

Test code:

https://github.com/zhangyue0503/dev-blog/blob/master/php/202008/source/PHP%E7%9A%84Sodium%E5%8A%A0%E5%AF%86%E6%89%A9%E5%B1%95%E5%87%BD%E6%95%B0%E4%BA%86%E8%A7%A3.php

Reference documents:

https://www.php.net/manual/en/book.sodium.php

https://pay.weixin.qq.com/wiki/doc/api/xiaowei.php?chapter=19_11

Official account: hard core project manager

Add wechat / QQ friends: [xiaoyuezigonggong / 149844827] get free PHP and project management learning materials

Tiktok, official account, voice, headline search, hard core project manager.

Station B ID: 482780532

Recommended Today

Apache sqoop

Source: dark horse big data 1.png From the standpoint of Apache, data flow can be divided into data import and export: Import: data import. RDBMS—–>Hadoop Export: data export. Hadoop—->RDBMS 1.2 sqoop installation The prerequisite for installing sqoop is that you already have a Java and Hadoop environment. Latest stable version: 1.4.6 Download the sqoop installation […]