9  

We use mcrypt in our projects to achieve encryption. Below is a code sample based on content found on the internet:

我们在项目中使用mcrypt来实现加密。以下是基于互联网上的内容的代码示例:

<?php
class MyProjCrypt {

    private $td;
    private $iv;
    private $ks;
    private $salt;
    private $encStr;
    private $decStr;


    /**
     *  The constructor initializes the cryptography library
     * @param $salt string The encryption key
     * @return void
     */
    function __construct($salt) {
        $this->td = mcrypt_module_open('rijndael-256', '', 'ofb', ''); // algorithm
        $this->ks = mcrypt_enc_get_key_size($this->td); // key size needed for the algorithm
        $this->salt = substr(md5($salt), 0, $this->ks);
    }

    /**
     * Generates a hex string of $src
     * @param $src string String to be encrypted
     * @return void
     */
    function encrypt($src) {
        srand(( double) microtime() * 1000000); //for sake of MCRYPT_RAND
        $this->iv = mcrypt_create_iv($this->ks, MCRYPT_RAND); 
        mcrypt_generic_init($this->td, $this->salt, $this->iv);
        $tmpStr = mcrypt_generic($this->td, $src);
        mcrypt_generic_deinit($this->td);
        mcrypt_module_close($this->td);

        //convert the encrypted binary string to hex
        //$this->iv is needed to decrypt the string later. It has a fixed length and can easily 
        //be seperated out from the encrypted String
        $this->encStr = bin2hex($this->iv.$tmpStr);

    }

    /**
     * Decrypts a hex string    
     * @param $src string String to be decrypted
     * @return void
     */
    function decrypt($src) {
        //convert the hex string to binary
        $corrected = preg_replace("[^0-9a-fA-F]", "", $src);
        $binenc = pack("H".strlen($corrected), $corrected);

        //retrieve the iv from the encrypted string
        $this->iv = substr($binenc, 0, $this->ks);

        //retrieve the encrypted string alone(minus iv)
        $binstr = substr($binenc, $this->ks);

        /* Initialize encryption module for decryption */
        mcrypt_generic_init($this->td, $this->salt, $this->iv);
        /* Decrypt encrypted string */
        $decrypted = mdecrypt_generic($this->td, $binstr);

        /* Terminate decryption handle and close module */
        mcrypt_generic_deinit($this->td);
        mcrypt_module_close($this->td);
        $this->decStr = trim($decrypted);

    }
}

7  

I suggest you not only encrypt but also sign the data. If you don't sign the data, you won't be able to tell reliably whether the user modified the data. Also, to avoid replay you may want to add some timestamp/validity period information into the data.

我建议您不仅要加密,还要对数据进行签名。如果您不对数据签名,您将无法可靠地判断用户是否修改了数据。此外,为避免重放,您可能需要在数据中添加一些时间戳/有效期信息。

6  

If you don't want your users to read it don't put it in a cookie; In stead use Session's with a cookie that stays for a longer time. This way the data stays on the server and not at the computer of the user.

如果您不希望用户阅读它,请不要将其放入cookie中;而使用会话的Cookie会保留更长时间。这样,数据保留在服务器上而不是用户的计算机上。

See this article about persistant sessions

请参阅有关持久会话的文章

3  

For encryption example see "symmetric encryption" section in http://www.osix.net/modules/article/?id=606.

有关加密示例,请参阅http://www.osix.net/modules/article/?id=606中的“对称加密”部分。

To prevent unauthorized modification, use HMAC: http://php.net/hash-hmac, and about hmac in general: http://en.wikipedia.org/wiki/HMAC, http://en.wikipedia.org/wiki/Message_authentication_code

为了防止未经授权的修改,请使用HMAC:http://php.net/hash-hmac,以及关于hmac的一般信息:http://en.wikipedia.org/wiki/HMAC,http://en.wikipedia.org/维基/ Message_authentication_code

And if you don't have to, don't store sensitive data in a cookie, even encrypted. You may want to read more about "data indirection".

如果您不需要,请不要将敏感数据存储在cookie中,甚至是加密的。您可能想要阅读有关“数据间接”的更多信息。

1  

If you absolutely must do this then you can use the symmetric encryption functionality in mcrypt.

如果您绝对必须这样做,那么您可以在mcrypt中使用对称加密功能。

http://php.net/mcrypt