<article><h1>Laravel 的加密解密机制</h1><ul><li><a href="#introduction">介绍</a></li><li><a href="#configuration">设置</a></li><li><a href="#using-the-encrypter">基本用法</a></li></ul><p><a name="introduction"></a></p><h2><a href="#introduction">介绍</a></h2><p>Laravel 是利用 OpenSSL 去提供 AES-256 和 AES-128 的加密。强烈建议您使用 Laravel 自己的加密机制,而不是尝试自己的「自制」加密算法。 Laravel 所有加密之后的结果都会使用消息认证码 (MAC) 去签署,所以一旦被加密就无法再改变。</p><p><a name="configuration"></a></p><h2><a href="#configuration">设置</a></h2><p>在使用 Laravel 加密之前, 你必须先设置 <code class=" language-php">config<span class="token operator">/</span>app<span class="token punctuation">.</span>php</code> 配置文件中的 <code class=" language-php">key</code> 选项。由于 Artisan 控制台会使用 PHP 的安全机制为你随机生成 key ,你可以直接使用 <code class=" language-php">php artisan key<span class="token punctuation">:</span>generate</code> 命令去生成 key 。如果没有适当地设置这个值,所有被 Laravel 加密的值都将是不安全的。</p><p><a name="using-the-encrypter"></a></p><h2><a href="#using-the-encrypter">基本用法</a></h2><h4>加密一个值</h4><p>你可以借助 <code class=" language-php">encrypt</code> 辅助函数来加密一个值。这些值都会使用 OpenSSL 与 <code class=" language-php"><span class="token constant">AES</span><span class="token number">-256</span><span class="token operator">-</span><span class="token constant">CBC</span></code> 来进行加密。此外,所有加密过后的值都会被签署文件消息验证码 (MAC),以检测加密字符串是否被篡改过:</p><pre class=" language-php"><code class=" language-php"><span class="token delimiter"><?php</span>
<span class="token keyword">namespace</span> <span class="token package">App<span class="token punctuation">\</span>Http<span class="token punctuation">\</span>Controllers</span><span class="token punctuation">;</span>
<span class="token keyword">use</span> <span class="token package">App<span class="token punctuation">\</span>User</span><span class="token punctuation">;</span>
<span class="token keyword">use</span> <span class="token package">Illuminate<span class="token punctuation">\</span>Http<span class="token punctuation">\</span>Request</span><span class="token punctuation">;</span>
<span class="token keyword">use</span> <span class="token package">App<span class="token punctuation">\</span>Http<span class="token punctuation">\</span>Controllers<span class="token punctuation">\</span>Controller</span><span class="token punctuation">;</span>
<span class="token keyword">class</span> <span class="token class-name">UserController</span> <span class="token keyword">extends</span> <span class="token class-name">Controller</span>
<span class="token punctuation">{</span>
<span class="token comment" spellcheck="true">/**
* 存储用户保密信息
*
* @param Request $request
* @param int $id
* @return Response
*/</span>
<span class="token keyword">public</span> <span class="token keyword">function</span> <span class="token function">storeSecret<span class="token punctuation">(</span></span>Request <span class="token variable">$request</span><span class="token punctuation">,</span> <span class="token variable">$id</span><span class="token punctuation">)</span>
<span class="token punctuation">{</span>
<span class="token variable">$user</span> <span class="token operator">=</span> <span class="token scope">User<span class="token punctuation">::</span></span><span class="token function">findOrFail<span class="token punctuation">(</span></span><span class="token variable">$id</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token variable">$user</span><span class="token operator">-</span><span class="token operator">></span><span class="token function">fill<span class="token punctuation">(</span></span><span class="token punctuation">[</span>
<span class="token string">'secret'</span> <span class="token operator">=</span><span class="token operator">></span> <span class="token function">encrypt<span class="token punctuation">(</span></span><span class="token variable">$request</span><span class="token operator">-</span><span class="token operator">></span><span class="token property">secret</span><span class="token punctuation">)</span>
<span class="token punctuation">]</span><span class="token punctuation">)</span><span class="token operator">-</span><span class="token operator">></span><span class="token function">save<span class="token punctuation">(</span></span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span></code></pre><h4>不进行序列化的加密解密方法</h4><p>加密值在加密期间通过 <code class=" language-php">serialize</code> 传递,这也就允许对对象和数组进行加密。由此,非PHP客户端接收到加密值将需要 <code class=" language-php">unserialize</code> 数据。如果您希望在不进行序列化的情况下加密和解密值,可以使用 <code class=" language-php">Crypt</code> facade的 <code class=" language-php">encryptString</code> 和 <code class=" language-php">decryptString</code> 方法:</p><pre class=" language-php"><code class=" language-php"><span class="token keyword">use</span> <span class="token package">Illuminate<span class="token punctuation">\</span>Support<span class="token punctuation">\</span>Facades<span class="token punctuation">\</span>Crypt</span><span class="token punctuation">;</span>
<span class="token variable">$encrypted</span> <span class="token operator">=</span> <span class="token scope">Crypt<span class="token punctuation">::</span></span><span class="token function">encryptString<span class="token punctuation">(</span></span><span class="token string">'Hello world.'</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token variable">$decrypted</span> <span class="token operator">=</span> <span class="token scope">Crypt<span class="token punctuation">::</span></span><span class="token function">decryptString<span class="token punctuation">(</span></span><span class="token variable">$encrypted</span><span class="token punctuation">)</span><span class="token punctuation">;</span></code></pre><h4>解密一个值</h4><p>你可以借助 <code class=" language-php">decrypt</code> 辅助函数来解密一个值。如果值不能被正确解密,例如当 MAC 无效时,将抛出 <code class=" language-php">Illuminate\<span class="token package">Contracts<span class="token punctuation">\</span>Encryption<span class="token punctuation">\</span>DecryptException</span></code> 异常:</p><pre class=" language-php"><code class=" language-php"><span class="token keyword">use</span> <span class="token package">Illuminate<span class="token punctuation">\</span>Contracts<span class="token punctuation">\</span>Encryption<span class="token punctuation">\</span>DecryptException</span><span class="token punctuation">;</span>
<span class="token keyword">try</span> <span class="token punctuation">{</span>
<span class="token variable">$decrypted</span> <span class="token operator">=</span> <span class="token function">decrypt<span class="token punctuation">(</span></span><span class="token variable">$encryptedValue</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span> <span class="token keyword">catch</span> <span class="token punctuation">(</span><span class="token class-name">DecryptException</span> <span class="token variable">$e</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
<span class="token comment" spellcheck="true"> //
</span><span class="token punctuation">}</span></code></pre><h2>译者署名</h2><table><thead><tr><th>用户名</th><th>头像</th><th>职能</th><th>签名</th></tr></thead><tbody><tr><td><a href="https://github.com/GanymedeNil">@GanymedeNil</a></td><td><img class="avatar-66 rm-style" src="https://dn-phphub.qbox.me/uploads/avatars/6859_1487055454.jpg?imageView2/1/w/100/h/100"></td><td>翻译</td><td>我不是Full Stack Developer 2333 <a href="http://weibo.com/jinhongyang">@GanymedeNil</a></td></tr></tbody></table></article>
- 入门指南
- 安装
- 配置信息
- 文件夹结构
- 请求周期
- 开发环境部署
- Valet
- Homestead
- 核心概念
- 服务提供者
- Facades
- Contracts
- 服务容器
- HTTP 层
- 路由
- 中间件
- CSRF 保护
- 控制器
- 请求
- 响应
- 视图
- Session
- 表单验证
- 前端
- Blade 模板
- 本地化
- 前端指南
- 编辑资源 Mix
- 安全
- API 认证
- 用户认证
- 用户授权
- 加密解密
- 哈希
- 重置密码
- 数据库
- 快速入门
- 查询构造器
- 分页
- 数据库迁移
- Redis
- 数据填充
- Eloquent ORM
- Eloquent ORM快速入门
- 模型关联
- Eloquent 集合
- 修改器
- 序列化
- 综合话题
- Artisan 命令行
- 广播系统
- 缓存系统
- 集合
- 错误与日志
- 事件系统
- 文件存储
- 辅助函数
- 邮件发送
- 消息通知
- 扩展包开发
- 队列
- 任务调度