mcrypt_module_open

(PHP 4 >= 4.0.2, PHP 5)

mcrypt_module_open — Opens the module of the algorithm and the mode to be used

说明

resource mcrypt_module_open ( string $algorithm , string $algorithm_directory , string $mode , string $mode_directory )

This function opens the module of the algorithm and the mode to be used. The name of the algorithm is specified in algorithm, e.g. "twofish" or is one of the MCRYPT_ciphername constants. The module is closed by calling mcrypt_module_close().

参数

algorithm: The algorithm to be used.
algorithm_directory: The algorithm_directory parameter is used to locate the encryption module. When you supply a directory name, it is used. When you set it to an empty string (""), the value set by the mcrypt.algorithms_dir php.ini directive is used. When it is not set, the default directory that is used is the one that was compiled into libmcrypt (usually /usr/local/lib/libmcrypt).
mode: The mode to be used.
mode_directory: The mode_directory parameter is used to locate the encryption module. When you supply a directory name, it is used. When you set it to an empty string (""), the value set by the mcrypt.modes_dir php.ini directive is used. When it is not set, the default directory that is used is the one that was compiled-in into libmcrypt (usually /usr/local/lib/libmcrypt).

返回值

Normally it returns an encryption descriptor, or FALSE on error.

范例

Example #1 mcrypt_module_open() Examples


<?php
    $td = mcrypt_module_open(MCRYPT_DES, '',
        MCRYPT_MODE_ECB, '/usr/lib/mcrypt-modes');

    $td = mcrypt_module_open('rijndael-256', '', 'ofb', '');
?>

The first line in the example above will try to open the DES cipher from the default directory and the EBC mode from the directory /usr/lib/mcrypt-modes. The second example uses strings as name for the cipher and mode, this only works when the extension is linked against libmcrypt 2.4.x or 2.5.x.

Example #2 Using mcrypt_module_open() in encryption


<?php
    /* Open the cipher */
    $td = mcrypt_module_open('rijndael-256', '', 'ofb', '');

    /* Create the IV and determine the keysize length, use MCRYPT_RAND
     * on Windows instead */
    $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
    $ks = mcrypt_enc_get_key_size($td);

    /* Create key */
    $key = substr(md5('very secret key'), 0, $ks);

    /* Intialize encryption */
    mcrypt_generic_init($td, $key, $iv);

    /* Encrypt data */
    $encrypted = mcrypt_generic($td, 'This is very important data');

    /* Terminate encryption handler */
    mcrypt_generic_deinit($td);

    /* Initialize encryption module for decryption */
    mcrypt_generic_init($td, $key, $iv);

    /* Decrypt encrypted string */
    $decrypted = mdecrypt_generic($td, $encrypted);

    /* Terminate decryption handle and close module */
    mcrypt_generic_deinit($td);
    mcrypt_module_close($td);

    /* Show string */
    echo trim($decrypted) . "\n";
?>

参见

mcrypt_module_close() - Closes the mcrypt module
mcrypt_generic() - This function encrypts data
mdecrypt_generic() - Decrypts data
mcrypt_generic_init() - This function initializes all buffers needed for encryption
mcrypt_generic_deinit() - This function deinitializes an encryption module

PHP手册 - N: Opens the module of the algorithm and the mode to be used

用户评论:

capps at solareclipse dot net (27-Jan-2012 07:27)

If you're getting "mcrypt_module_open(): Could not open encryption module" when working with ARCFOUR / RC4, WAKE or Enigma: You *must* use the "stream" / MCRYPT_STREAM mode of operation with these ciphers. They ciphers may not operate with any other mode, nor may any other ciphers work in stream mode.

lehmann*at*arcor-so.net (20-Jul-2009 04:10)

Keep in mind that the mcrypt functions do not implement padding like e.g. pkcs#5. This causes the problem with zero bytes at the end and the sting cannot be correctly decoded in other environments. For an example how to add pkcs 5 padding, see ref.mcrypt.php

royconejo (30-Mar-2009 05:01)

about the previous comments on hex formatting and capitalization as a way to improve the key: this would seem pretty obvious, but it is a choice to be limited to only hex characters ([0-9a-z]); you can get the original RAW output from md5() or sha1() and not the default readable hex formatting. the result of a raw output will be 16 o 20 (depending on the hash function being used) series of chars in the range 0-255. way better than [0-9a-z] and even [0-9a-zA-Z]. 16 or 20 is generally lower than the maximum key lenght ($ks in the example), but you can append two or more keys together: <?php $human_key1 = 'something very secret'; $human_key2 = 'something else very secret'; // 40 bytes binary key using two "human readable" keys and sha1. $bigger_binary_key = sha1($human_key1, true) . sha1($human_key2, true); // then just use it as you would (extract taken from the example) $key = substr($bigger_binary_key, 0, $ks); ?> ... or you can automatically split one large "human key" into two or more parts, hash those parts with sha1 (raw output!) and merge them together again (in original order or rearrange, salt, transform them as you like) to get a binary key of 40, 60, 80 or more chars depending on the number of parts the secret key has been splitted =)

ash (17-Jul-2008 11:07)

A slight improvement of dinamic's function to create a key: I think the weak point is that capitals are always used in the same part of the string. The following code capitalizes random characters of the string, making the key less predictable: <?php $key = substr($key1, 0, $ks/2) . substr($key2, (round(strlen($key2) / 2)), $ks/2); $key = substr($key.$key1.$key2.$key1,0,$ks); $buffer = str_split($key); $limit = count($buffer)-1; srand((float)microtime() * 1000000); $end = rand(0, $limit); $a = 0; // replace random chars with capitals while ($a < $end) { list($usec, $sec) = explode(' ', microtime()); $seed = ((float)$sec) + ((float) $usec * 100000); mt_srand($seed); $index = mt_rand(0,$limit); $buffer[$index] = strtoupper($buffer[$index]); $a++; } $key = join('', $buffer); ?>

dinamic at gmail dot com (13-Nov-2007 11:05)

Also it should be pointed that md5() and/or sha1() should not be used while forming your key for the mcrypt. This is so because hex encoding uses a set of only 16 characters [0-9a-f], which is equivalent to 4 bits, and thus halve the strength of your encryption: 4 x 32 = 128-bit. I have re-wrote the example shown, so here is my suggestion to get real 256-bit encryption: <?php $key1 = "this is a secret key"; $key2 = "this is the second secret key"; $input = "Let us meet at 9 o'clock at the secret place."; $length = strlen($input); /* Open the cipher */ $td = mcrypt_module_open('rijndael-256', '', 'cbc', ''); /* Create the IV and determine the keysize length, use MCRYPT_RAND * on Windows instead */ $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); $ks = mcrypt_enc_get_key_size($td); /* Create key */ $key1 = md5($key1); $key2 = md5($key2); $key = substr($key1, 0, $ks/2) . substr(strtoupper($key2), (round(strlen($key2) / 2)), $ks/2); $key = substr($key.$key1.$key2.strtoupper($key1),0,$ks); /* Intialize encryption */ mcrypt_generic_init($td, $key, $iv); /* Encrypt data */ $encrypted = mcrypt_generic($td, $input); /* Terminate encryption handler */ mcrypt_generic_deinit($td); /* Initialize encryption module for decryption */ mcrypt_generic_init($td, $key, $iv); /* Decrypt encrypted string */ $decrypted = mdecrypt_generic($td, $encrypted); /* Terminate decryption handle and close module */ mcrypt_generic_deinit($td); mcrypt_module_close($td); /* Show string */ echo "Text: ".substr($decrypted,0,$length) . " "; echo "Encoded: ".$encrypted ." "; echo " key1: $key1 key2: $key2 created key: $key"; ?>

Mon (02-Mar-2006 11:27)

In the text example: $key = substr(md5('very secret key'), 0, $ks); Builds a key of $ks/2 effective bytes.

(01-Aug-2003 04:14)

Doing a trim($decrypted) will remove the null padding that may occur as a result of decryption. The problem is if you're encrypting something like a MSWord document which can commonly end with nulls. The result $decrypted will be smaller than the original cleartext - which will then fail to open in MSOffice. To get around this, make sure you store the length of the original cleartext, and when you decrypt it, do: $decrypted = substr(mdecrypt_generic($td, $encrypted), 0, $originalLength);