Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.1k views
in Technique[技术] by (71.8m points)

security - How to save encrypted data in cookie (using php)?

I would like to save data in cookies (user name, email address, etc...) but I don't the user to easily read it or modify it. I need to be able able to read the data back. How can I do that with php 5.2+?

It would be used for "welcome back bob" kind of feature. It is not a replacement for persistence or session storage.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

We use mcrypt in our projects to achieve encryption. Below is a code sample based on content found on the internet:

<?php
class MyProjCrypt {

    private $td;
    private $iv;
    private $ks;
    private $salt;
    private $encStr;
    private $decStr;


    /**
     *  The constructor initializes the cryptography library
     * @param $salt string The encryption key
     * @return void
     */
    function __construct($salt) {
        $this->td = mcrypt_module_open('rijndael-256', '', 'ofb', ''); // algorithm
        $this->ks = mcrypt_enc_get_key_size($this->td); // key size needed for the algorithm
        $this->salt = substr(md5($salt), 0, $this->ks);
    }

    /**
     * Generates a hex string of $src
     * @param $src string String to be encrypted
     * @return void
     */
    function encrypt($src) {
        srand(( double) microtime() * 1000000); //for sake of MCRYPT_RAND
        $this->iv = mcrypt_create_iv($this->ks, MCRYPT_RAND); 
        mcrypt_generic_init($this->td, $this->salt, $this->iv);
        $tmpStr = mcrypt_generic($this->td, $src);
        mcrypt_generic_deinit($this->td);
        mcrypt_module_close($this->td);

        //convert the encrypted binary string to hex
        //$this->iv is needed to decrypt the string later. It has a fixed length and can easily 
        //be seperated out from the encrypted String
        $this->encStr = bin2hex($this->iv.$tmpStr);

    }

    /**
     * Decrypts a hex string    
     * @param $src string String to be decrypted
     * @return void
     */
    function decrypt($src) {
        //convert the hex string to binary
        $corrected = preg_replace("[^0-9a-fA-F]", "", $src);
        $binenc = pack("H".strlen($corrected), $corrected);

        //retrieve the iv from the encrypted string
        $this->iv = substr($binenc, 0, $this->ks);

        //retrieve the encrypted string alone(minus iv)
        $binstr = substr($binenc, $this->ks);

        /* Initialize encryption module for decryption */
        mcrypt_generic_init($this->td, $this->salt, $this->iv);
        /* Decrypt encrypted string */
        $decrypted = mdecrypt_generic($this->td, $binstr);

        /* Terminate decryption handle and close module */
        mcrypt_generic_deinit($this->td);
        mcrypt_module_close($this->td);
        $this->decStr = trim($decrypted);

    }
}

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...