PHP 通过 URL 发送加密数据
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20014118/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP sending encrypted data via the URL
提问by Click Upvote
I'm trying to send encrypted data over the url to another site (using file_get_contents("anotherUrl.php?hash=$encryptedString"). The problem is, sometimes, the encryption contains some special characters, like +, and this causes the decryption to fail.
我正在尝试通过 url 将加密数据发送到另一个站点(使用file_get_contents("anotherUrl.php?hash=$encryptedString"). 问题是,有时,加密包含一些特殊字符,例如 +,这会导致解密失败。
Here are my encryption / decryption methods:
这是我的加密/解密方法:
public function encrypt($string, $key)
{
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
}
public function decrypt($encrypted, $key)
{
return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "function encrypt($pure_string) {
$dirty = array("+", "/", "=");
$clean = array("_PLUS_", "_SLASH_", "_EQUALS_");
$iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
$_SESSION['iv'] = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $_SESSION['encryption-key'], utf8_encode($pure_string), MCRYPT_MODE_ECB, $_SESSION['iv']);
$encrypted_string = base64_encode($encrypted_string);
return str_replace($dirty, $clean, $encrypted_string);
}
function decrypt($encrypted_string) {
$dirty = array("+", "/", "=");
$clean = array("_PLUS_", "_SLASH_", "_EQUALS_");
$string = base64_decode(str_replace($clean, $dirty, $encrypted_string));
$decrypted_string = mcrypt_decrypt(MCRYPT_BLOWFISH, $_SESSION['encryption-key'],$string, MCRYPT_MODE_ECB, $_SESSION['iv']);
return $decrypted_string;
}
");
}
Here's an example encrypted string which contains a +, and I'm guessing that this causes the decryption to fail.
这是一个包含 的示例加密字符串,+我猜这会导致解密失败。
oWCrVPaS+5GbxcQFc0fulUk/zRAkDD60av4zlPiWskE=
oWCrVPaS+5GbxcQFc0fulUk/zRAkDD60av4zlPiWskE=
Any ideas how I should solve this? I've tried to do urlencode()and urldecode()on the hash, however that also seems to cause the encryption to break. Is there a way to change the encryption algorithm to get it to only return url safe characters?
任何想法我应该如何解决这个问题?我试图在哈希上做urlencode()和urldecode(),但是这似乎也导致加密被破坏。有没有办法更改加密算法以使其仅返回 url 安全字符?
回答by jszobody
Take a look at this thread:
看看这个线程:
Passing base64 encoded strings in URL
Essentially you DOwant to urlencode()before sending the string, however you do NOTwant to urldecode()at the other end.
从本质上讲,你DO要urlencode()发送字符串之前,然而,你不希望urldecode()在另一端。
回答by Dan Green-Leipciger
In order to solve this problem I now use the following (after 3 hours of pain), and it works great.
为了解决这个问题,我现在使用以下方法(疼痛 3 小时后),效果很好。
Feel free to copy and paste
随意复制和粘贴
class Encryption {
var $skey = "SuPerEncKey2010"; // you can change it
public function safe_b64encode($string) {
$data = base64_encode($string);
$data = str_replace(array('+','/','='),array('-','_',''),$data);
return $data;
}
public function safe_b64decode($string) {
$data = str_replace(array('-','_'),array('+','/'),$string);
$mod4 = strlen($data) % 4;
if ($mod4) {
$data .= substr('====', $mod4);
}
return base64_decode($data);
}
public function encode($value){
if(!$value){return false;}
$text = $value;
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->skey, $text, MCRYPT_MODE_ECB, $iv);
return trim($this->safe_b64encode($crypttext));
}
public function decode($value){
if(!$value){return false;}
$crypttext = $this->safe_b64decode($value);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->skey, $crypttext, MCRYPT_MODE_ECB, $iv);
return trim($decrypttext);
}
}
回答by rkallensee
Instead of using Base64 for encoding your data you can also use Base32(RFC 4648) which is URL-safe because it only uses letters A–Z (case-insensitive) and the digits 2–7. There is already a PHP libraryfor encoding/decoding. Note that Base32 takes ~20% more space than Base64.
除了使用 Base64 编码数据,您还可以使用Base32(RFC 4648),它是 URL 安全的,因为它只使用字母 A–Z(不区分大小写)和数字 2–7。已经有一个用于编码/解码的PHP 库。请注意,Base32 比 Base64 多占用约 20% 的空间。
You can also use URLcryptwhich is a handy library helping you with encryption and Base32 encoding.
您还可以使用URLcrypt,这是一个方便的库,可帮助您进行加密和 Base32 编码。
