Ketika kita menggunakan php, untuk keperluan enkripsi selain dengan mcrypt, kita juga bisa menggunakan openssl. Apalagi mcrypt sudah tidak disertakan pada php 7.2. Openssl bisa jadi pilihan tepat untuk kebutuhan kriptografi. Untuk bisa menggunakan library openssl, kita harus mengaktifkannya dengan mengedit file php/php.ini. Dan menghilangkan semicolon(;) di depan:
extension=php_openssl.dll
Setelah itu restart web server (apache)nya. Jika library openssl sudah diaktifkan, kita bisa mulai bermain kriptografi dengan menggunakan fungsi-fungsinya. Fungsi yang disediakan untuk enkripsi adalah:
string openssl_encrypt ( string
$data , string $method , string $key [, int $options = 0 [, string $iv = "" [, string &$tag = NULL [, string $aad = "" [, int $tag_length = 16 ]]]]] )string openssl_decrypt ( string
$data , string $method , string $key [, int $options = 0 [, string $iv = "" [, string $tag = "" [, string $aad = "" ]]]] )data
plaintext / chipertext
method
Metode yang bisa dilihat dengan fungsi openssl_get_cipher_methods(). Hasilnya adalah sebagai berikut:
Array
(
[0] => AES-128-CBC
[1] => AES-128-CFB
[2] => AES-128-CFB1
[3] => AES-128-CFB8
[5] => AES-128-OFB
[6] => AES-192-CBC
[7] => AES-192-CFB
[8] => AES-192-CFB1
[9] => AES-192-CFB8
[11] => AES-192-OFB
[12] => AES-256-CBC
[13] => AES-256-CFB
[14] => AES-256-CFB1
[15] => AES-256-CFB8
[17] => AES-256-OFB
[18] => BF-CBC
[19] => BF-CFB
[21] => BF-OFB
[22] => CAST5-CBC
[23] => CAST5-CFB
[25] => CAST5-OFB
[41] => IDEA-CBC
[42] => IDEA-CFB
[44] => IDEA-OFB
[53] => aes-128-cbc
[54] => aes-128-cfb
[55] => aes-128-cfb1
[56] => aes-128-cfb8
[58] => aes-128-ofb
[59] => aes-192-cbc
[60] => aes-192-cfb
[61] => aes-192-cfb1
[62] => aes-192-cfb8
[64] => aes-192-ofb
[65] => aes-256-cbc
[66] => aes-256-cfb
[67] => aes-256-cfb1
[68] => aes-256-cfb8
[70] => aes-256-ofb
[71] => bf-cbc
[72] => bf-cfb
[74] => bf-ofb
[75] => cast5-cbc
[76] => cast5-cfb
[78] => cast5-ofb
[94] => idea-cbc
[95] => idea-cfb
[97] => idea-ofb
)
Key untuk melakukan enkripsi / dekripsi.
optionsoptions bisa salah satu dari: OPENSSL_RAW_DATA, OPENSSL_ZERO_PADDING.iv
A non-NULL Initialization Vector.
tag
The authentication tag in AEAD cipher mode. If it is incorrect, the authentication fails and the function returns
FALSE.aad
Additional authentication data.
<?php
//$key previously generated safely, ie: openssl_random_pseudo_bytes
$plaintext = "message to be encrypted";
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
$ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );
//decrypt later....
$c = base64_decode($ciphertext);
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len=32);
$ciphertext_raw = substr($c, $ivlen+$sha2len);
$original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
if (hash_equals($hmac, $calcmac))//PHP 5.6+ timing attack safe comparison
{
echo $original_plaintext."\n";
}?>
$c = base64_decode($ciphertext);
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len=32);
$ciphertext_raw = substr($c, $ivlen+$sha2len);
$original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
if (hash_equals($hmac, $calcmac))//PHP 5.6+ timing attack safe comparison
{
echo $original_plaintext."\n";
}?>
mantab pak sentod
BalasHapus