在PHP中混淆或加密一些纯文本数据

时间:2021-10-21 06:17:47

I need to obfuscate or encrypt some plain text data in my php 5.2 application.

我需要在php 5.2应用程序中对一些纯文本数据进行模糊处理或加密。

I'd prefer a solution that would have input string and output string retain the same length.

我更喜欢一个输入字符串和输出字符串保持相同长度的解决方案。

This does not need to extremely strong, as there are numerous other layers of security in place. Strong would be good, but this will just keep programmers/dba/support people/etc from accidentally reading the text from within the database.

这不需要非常强大,因为有许多其他安全层。强将是好的,但这将使程序员/ dba /支持人/等不会意外地从数据库中读取文本。

key considerations

  • EDIT ADD I'd prefer a solution that would have input string and output string retain the same length.
  • 编辑添加我更喜欢一个输入字符串和输出字符串保持相同长度的解决方案。

  • only string text will be obfuscated/encrypted for storage in a database
  • 只有字符串文本才会被混淆/加密以便存储在数据库中

  • the php application will need to obfuscate/encrypt the data before the database save and will need to un-obfuscate/dencrypt following the database read
  • php应用程序需要在数据库保存之前对数据进行模糊处理/加密,并且需要在数据库读取后取消模糊/解密

  • this is a modification to an existing application
  • 这是对现有应用程序的修改

  • only some columns will need to be obfuscated/encrypted
  • 只需要对某些列进行模糊/加密

  • only some rows will need to be obfuscated/encrypted, based on a Type field
  • 根据Type字段,只需要对某些行进行模糊处理/加密

  • there are only a few load/save points to handle
  • 只需要处理几个加载/保存点

  • max column size is already determined for some fields, but not for others, but I'd prefer a solution to work within the existing size of the restricted fields
  • 已经为某些字段确定了最大列大小,但是对于其他字段没有确定,但我更喜欢在受限字段的现有大小范围内工作的解决方案

  • EDIT, ADD the key will be probably be a composite of some Primary key info +uneditable fields
  • 编辑,添加密钥可能是一些主键信息+不可编辑字段的组合

here is a sample database table and data:

这是一个示例数据库表和数据:

int           char(1) varchar(24)              int      date
MyPrimaryKey  RowType UserText                 UserNo   DateChange
------------  ------- ------------------------ -------- ----------------
1             N       nothing special here     43       6/20/2009 12:11am
2             N       same thing, wow!         78       6/23/2009 1:03pm
3             S       fBJKg}.jkjWfF78dlg@45kjg 43       6/25/2009 6:45am
4             N       same old, same old text  21       6/25/2009 8:11am

The application would load and display rows 1,2, and 4 normally. However it would conditionally (based on row type) handle the text in row 3 using this obfuscate/encrypt and un-obfuscate/decrypt logic.

应用程序将正常加载和显示行1,2和4。但是,它会有条件地(基于行类型)使用此混淆/加密和非混淆/解密逻辑来处理第3行中的文本。

Can anyone provide obfuscate/encrypt and un-obfuscate/decrypt functions code, links, and or pointer that would help here?

任何人都可以提供混淆/加密和非混淆/解密功能代码,链接和/或指针,这将有所帮助吗?

thanks!

EDIT
I like the simple base64 encoding idea, but is there a method that can keep the data within a fixed size. All methods listed so far have the output value larger than the input value. This will be a problem for some columns, where the user can enter in 50 characters and it is stored in a varchar(50) column.

编辑我喜欢简单的base64编码的想法,但有,可以保持一个固定大小中的数据的方法。到目前为止列出的所有方法的输出值都大于输入值。这将是对于某些列,其中用户可以在50个字符输入一个问题,它被存储在一个varchar(50)柱上。

7 个解决方案

#1


for simple obfuscation use strtr() - Translate certain characters:
string strtr ( string $str , string $from , string $to )

对于简单的混淆使用strtr() - 翻译某些字符:string strtr(string $ str,string $ from,string $ to)

to encode in php:

在php中编码:

$readable='This is a special test string ABC123 ([+,-!#$%&*])';    
$unreadable=strtr($readable,' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ'
                           ,'¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ '
                      );
print $unreadable; //outputs: "ÕéêôAêôAâAôñæäêâíAõæôõAôõóêïèAÂÃIJ³´A©Ü¬­®¢¤¥¦§«Þª"

to decode in php:

在PHP中解码:

$unreadable='ÕéêôAêôAâAôñæäêâíAõæôõAôõóêïèAÂÃIJ³´A©Ü¬­®¢¤¥¦§«Þª';
$readable=strtr($unreadable,'¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ '
                           ,' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ'

               );
print $readable; //outputs: "This is a special test string ABC123 ([+,-!#$%&*])"

you can easily replicate this logic in the DB if necessary (without looping): Using a Table of Numbers, by Erland Sommarskog

如果需要,您可以轻松地在数据库中复制此逻辑(无需循环):使用数字表,由Erland Sommarskog

#2


How about base64 encoding? We use to use that to make SMS messages in our SMS Gateway DB unreadable by the developers.

base64编码怎么样?我们使用它来使我们的SMS Gateway DB中的SMS消息不被开发人员读取。

#3


There are a few options.

有几个选择。

If you want very strong, you could look into mcrypt.

如果你想要非常强大,你可以看看mcrypt。

But if it's only so working developers cant read the text without some work to actually do it. Then you could just BASE64 encode it or uuencode it

但是,如果它只是如此有效,开发人员无法阅读文本,而无需实际操作。然后你可以只对BASE64进行编码或对其进行编码

#4


If you have mcrypt installed (all my current PHP environments have), you could use mcrypt_encrypt and mcrypt_decrypt like this:

如果您安装了mcrypt(我当前所有的PHP环境都有),您可以使用mcrypt_encrypt和mcrypt_decrypt,如下所示:

function encrypt ($text) {
  global $key;
  return mcrypt_encrypt (MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, "abcdefghijklmnopqrstuvwxyz012345");
}

function decrypt ($secret) {
  global $key;
  return rtrim (mcrypt_decrypt (MCRYPT_RIJNDAEL_256, $key, $secret, MCRYPT_MODE_ECB, "abcdefghijklmnopqrstuvwxyz012345"), "\0");
}

which uses a global $key and AES (very strong).

它使用全局$ key和AES(非常强大)。

Drawbacks are performance (in comparison to simpler ones like Base64) and that you somehow have to fix a key.

缺点是性能(与像Base64这样的简单版本相比)并且你必须以某种方式修复密钥。

Cheers,

#5


if you're using mysql around version 5, then you don't even need much php for it, you can do it inside your query with the mysql string functions encrypt(text, password) and decrypt(text, password)

如果你在版本5周围使用mysql,那么你甚至不需要太多的PHP,你可以在你的查询中使用mysql字符串函数encrypt(文本,密码)和解密(文本,密码)

http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html

  • DECODE(crypt_str,pass_str)

    Decrypts the encrypted string crypt_str using pass_str as the password. crypt_str should be a string returned from ENCODE().

    使用pass_str作为密码解密加密的字符串crypt_str。 crypt_str应该是从ENCODE()返回的字符串。

  • ENCODE(str,pass_str)

    Encrypt str using pass_str as the password. To decrypt the result, use DECODE().

    使用pass_str作为密码加密str。要解密结果,请使用DECODE()。

    The result is a binary string of the same length as str.

    结果是一个与str相同长度的二进制字符串。

    The strength of the encryption is based on how good the random generator is. It should suffice for short strings.

    加密的强度取决于随机生成器的好坏程度。它应该足够短串。

update: another possibility would be rot13 ^^

更新:另一种可能性是rot13 ^^

#6


Try these PHP functions convert_uuencode and convert_uudecode:

试试这些PHP函数convert_uuencode和convert_uudecode:

function encrypt_decrypt ($data, $encrypt) {
    if ($encrypt == true) {
        $output = base64_encode (convert_uuencode ($data));
    } else {
        $output = convert_uudecode (base64_decode ($data));
    }
    return $output;
}

$enc_txt = encrypt_decrypt ("HELLO DATA", true);
echo $enc_txt."\n"; // KjIkNSwzJFxAMSQlNDAwYGAKYAo=
echo encrypt_decrypt ($enc_txt, false); // HELLO DATA

#7


Try using the mcrypt library. It's not included with standard PHP, but it's easily downloadable and very commonly used. Here's a quick tutorial on what you can do with it.

尝试使用mcrypt库。它不包含在标准PHP中,但它可以轻松下载并且非常常用。这是一个关于你可以用它做什么的快速教程。

It's best to make sure the key you use for the encryption is stored in a secure place, but if you aren't really concerned about security, you'd probably be OK just hardcoding the key into your code somewhere.

最好确保用于加密的密钥存储在一个安全的地方,但是如果你真的不关心安全性,那么你可能只需将密钥硬编码到你的代码中。

#1


for simple obfuscation use strtr() - Translate certain characters:
string strtr ( string $str , string $from , string $to )

对于简单的混淆使用strtr() - 翻译某些字符:string strtr(string $ str,string $ from,string $ to)

to encode in php:

在php中编码:

$readable='This is a special test string ABC123 ([+,-!#$%&*])';    
$unreadable=strtr($readable,' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ'
                           ,'¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ '
                      );
print $unreadable; //outputs: "ÕéêôAêôAâAôñæäêâíAõæôõAôõóêïèAÂÃIJ³´A©Ü¬­®¢¤¥¦§«Þª"

to decode in php:

在PHP中解码:

$unreadable='ÕéêôAêôAâAôñæäêâíAõæôõAôõóêïèAÂÃIJ³´A©Ü¬­®¢¤¥¦§«Þª';
$readable=strtr($unreadable,'¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ '
                           ,' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ'

               );
print $readable; //outputs: "This is a special test string ABC123 ([+,-!#$%&*])"

you can easily replicate this logic in the DB if necessary (without looping): Using a Table of Numbers, by Erland Sommarskog

如果需要,您可以轻松地在数据库中复制此逻辑(无需循环):使用数字表,由Erland Sommarskog

#2


How about base64 encoding? We use to use that to make SMS messages in our SMS Gateway DB unreadable by the developers.

base64编码怎么样?我们使用它来使我们的SMS Gateway DB中的SMS消息不被开发人员读取。

#3


There are a few options.

有几个选择。

If you want very strong, you could look into mcrypt.

如果你想要非常强大,你可以看看mcrypt。

But if it's only so working developers cant read the text without some work to actually do it. Then you could just BASE64 encode it or uuencode it

但是,如果它只是如此有效,开发人员无法阅读文本,而无需实际操作。然后你可以只对BASE64进行编码或对其进行编码

#4


If you have mcrypt installed (all my current PHP environments have), you could use mcrypt_encrypt and mcrypt_decrypt like this:

如果您安装了mcrypt(我当前所有的PHP环境都有),您可以使用mcrypt_encrypt和mcrypt_decrypt,如下所示:

function encrypt ($text) {
  global $key;
  return mcrypt_encrypt (MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, "abcdefghijklmnopqrstuvwxyz012345");
}

function decrypt ($secret) {
  global $key;
  return rtrim (mcrypt_decrypt (MCRYPT_RIJNDAEL_256, $key, $secret, MCRYPT_MODE_ECB, "abcdefghijklmnopqrstuvwxyz012345"), "\0");
}

which uses a global $key and AES (very strong).

它使用全局$ key和AES(非常强大)。

Drawbacks are performance (in comparison to simpler ones like Base64) and that you somehow have to fix a key.

缺点是性能(与像Base64这样的简单版本相比)并且你必须以某种方式修复密钥。

Cheers,

#5


if you're using mysql around version 5, then you don't even need much php for it, you can do it inside your query with the mysql string functions encrypt(text, password) and decrypt(text, password)

如果你在版本5周围使用mysql,那么你甚至不需要太多的PHP,你可以在你的查询中使用mysql字符串函数encrypt(文本,密码)和解密(文本,密码)

http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html

  • DECODE(crypt_str,pass_str)

    Decrypts the encrypted string crypt_str using pass_str as the password. crypt_str should be a string returned from ENCODE().

    使用pass_str作为密码解密加密的字符串crypt_str。 crypt_str应该是从ENCODE()返回的字符串。

  • ENCODE(str,pass_str)

    Encrypt str using pass_str as the password. To decrypt the result, use DECODE().

    使用pass_str作为密码加密str。要解密结果,请使用DECODE()。

    The result is a binary string of the same length as str.

    结果是一个与str相同长度的二进制字符串。

    The strength of the encryption is based on how good the random generator is. It should suffice for short strings.

    加密的强度取决于随机生成器的好坏程度。它应该足够短串。

update: another possibility would be rot13 ^^

更新:另一种可能性是rot13 ^^

#6


Try these PHP functions convert_uuencode and convert_uudecode:

试试这些PHP函数convert_uuencode和convert_uudecode:

function encrypt_decrypt ($data, $encrypt) {
    if ($encrypt == true) {
        $output = base64_encode (convert_uuencode ($data));
    } else {
        $output = convert_uudecode (base64_decode ($data));
    }
    return $output;
}

$enc_txt = encrypt_decrypt ("HELLO DATA", true);
echo $enc_txt."\n"; // KjIkNSwzJFxAMSQlNDAwYGAKYAo=
echo encrypt_decrypt ($enc_txt, false); // HELLO DATA

#7


Try using the mcrypt library. It's not included with standard PHP, but it's easily downloadable and very commonly used. Here's a quick tutorial on what you can do with it.

尝试使用mcrypt库。它不包含在标准PHP中,但它可以轻松下载并且非常常用。这是一个关于你可以用它做什么的快速教程。

It's best to make sure the key you use for the encryption is stored in a secure place, but if you aren't really concerned about security, you'd probably be OK just hardcoding the key into your code somewhere.

最好确保用于加密的密钥存储在一个安全的地方,但是如果你真的不关心安全性,那么你可能只需将密钥硬编码到你的代码中。