I found some tutorials online that could help but I am not sure there the best options. I would like to encrypt the file with a highly secure algorithm (I am a bit paranoid) but at the same time I am looking for speed (I know it's a bit of a contradiction)... So I chose AES-256... But what is the best way to use AES-256 with PHP to encrypt files?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
PHP 5.x and 7.0.x
For a symmetric algorithm, use Mcrypt.
Note though that it can be risky, from a security perspective, to use that library without knowing what everything does. Take a look at some ready-made solutions.
(Incidentally, the ciphers supported are here).
PHP 7.1.x+
The Mcrypt extension was deprecated in 7.1 and removed in 7.2, so you will need an alternative. Use Sodium instead.
回答2:
PHP Mcrypt file based symmetric encryption with AES-256, (storing IV as first 16 bytes of file), and using sha256 hmac for authenticated encryption:
<?php
print_r(mcrypt_list_algorithms());//check if rijndael-128 available
print_r(stream_get_filters()); //should contain mcrypt.* and mdecrypt.*
//16 byte key=>AES-128, 24 byte key=>AES-192, 32 byte key=>AES-256
$key='BkK8Jts................sPo38nNcW';
//encrypt file
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_RANDOM);//or MCRYPT_DEV_URANDOM
$fin = fopen($in_filename, "rb");
$fcrypt = fopen($aes_filename, 'wb');
fwrite($fcrypt, $iv);
$opts = array('iv'=>$iv, 'key'=>$key, 'mode'=>'cbc');
stream_filter_append($fcrypt, 'mcrypt.rijndael-128', STREAM_FILTER_WRITE, $opts);
while (!feof($fin))
{
fwrite($fcrypt, fread($fin, 8192));
}
fclose($fcrypt);
fclose($fin);
$hmac_real = hash_hmac_file('sha256', $aes_filename, $key, $raw=false);
//decrypt file
$hmac_calc = hash_hmac_file('sha256', $aes_filename, $key, $raw=false);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$fcrypt = fopen($aes_filename, "rb");
$fout = fopen($out_filename, 'wb');
$iv = fread($fcrypt, $iv_size);
$opts = array('iv'=>$iv, 'key'=>$key, 'mode'=>'cbc');
stream_filter_append($fcrypt, 'mdecrypt.rijndael-128', STREAM_FILTER_READ, $opts);
while (!feof($fcrypt))
{
$block = fread($fcrypt, 8192);
$block = feof($fcrypt)? rtrim($block,"\0") : $block;//removes aes pad
fwrite($fout, $block);
}
fclose($fout);
fclose($fcrypt);
$hmac_calc==$hmac_real or unlink($out_filename);//invalid if they don't match
see: http://php.net/manual/en/filters.encryption.php
AES-256 has a known weakness, so you can use a 16 byte key to trigger AES-128 in this code see: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 够拽才男人 的文章《What is the best way to encrypt files in AES-256 w》','https://www.manongdao.com/article-978878.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}