<article><h1>Laravel 的加密解密機制</h1><ul><li><a href="#introduction">介紹</a></li><li><a href="#configuration">設置</a></li><li><a href="#using-the-encrypter">基本用法</a></li></ul><p><a name="introduction"></a></p><h2><a href="#introduction">介紹</a></h2><p>Laravel 是利用 OpenSSL 去提供 AES-256 和 AES-128 的加密。強烈建議您使用 Laravel 自己的加密機制,而不是嘗試自己的「自制」加密算法。 Laravel 所有加密之后的結果都會使用消息認證碼 (MAC) 去簽署,所以一旦被加密就無法再改變。</p><p><a name="configuration"></a></p><h2><a href="#configuration">設置</a></h2><p>在使用 Laravel 加密之前, 你必須先設置 <code class=" language-php">config<span class="token operator">/</span>app<span class="token punctuation">.</span>php</code> 配置文件中的 <code class=" language-php">key</code> 選項。由于 Artisan 控制臺會使用 PHP 的安全機制為你隨機生成 key ,你可以直接使用 <code class=" language-php">php artisan key<span class="token punctuation">:</span>generate</code> 命令去生成 key 。如果沒有適當地設置這個值,所有被 Laravel 加密的值都將是不安全的。</p><p><a name="using-the-encrypter"></a></p><h2><a href="#using-the-encrypter">基本用法</a></h2><h4>加密一個值</h4><p>你可以借助 <code class=" language-php">encrypt</code> 輔助函數來加密一個值。這些值都會使用 OpenSSL 與 <code class=" language-php"><span class="token constant">AES</span><span class="token number">-256</span><span class="token operator">-</span><span class="token constant">CBC</span></code> 來進行加密。此外,所有加密過后的值都會被簽署文件消息驗證碼 (MAC),以檢測加密字符串是否被篡改過:</p><pre class=" language-php"><code class=" language-php"><span class="token delimiter"><?php</span>
<span class="token keyword">namespace</span> <span class="token package">App<span class="token punctuation">\</span>Http<span class="token punctuation">\</span>Controllers</span><span class="token punctuation">;</span>
<span class="token keyword">use</span> <span class="token package">App<span class="token punctuation">\</span>User</span><span class="token punctuation">;</span>
<span class="token keyword">use</span> <span class="token package">Illuminate<span class="token punctuation">\</span>Http<span class="token punctuation">\</span>Request</span><span class="token punctuation">;</span>
<span class="token keyword">use</span> <span class="token package">App<span class="token punctuation">\</span>Http<span class="token punctuation">\</span>Controllers<span class="token punctuation">\</span>Controller</span><span class="token punctuation">;</span>
<span class="token keyword">class</span> <span class="token class-name">UserController</span> <span class="token keyword">extends</span> <span class="token class-name">Controller</span>
<span class="token punctuation">{</span>
<span class="token comment" spellcheck="true">/**
* 存儲用戶保密信息
*
* @param Request $request
* @param int $id
* @return Response
*/</span>
<span class="token keyword">public</span> <span class="token keyword">function</span> <span class="token function">storeSecret<span class="token punctuation">(</span></span>Request <span class="token variable">$request</span><span class="token punctuation">,</span> <span class="token variable">$id</span><span class="token punctuation">)</span>
<span class="token punctuation">{</span>
<span class="token variable">$user</span> <span class="token operator">=</span> <span class="token scope">User<span class="token punctuation">::</span></span><span class="token function">findOrFail<span class="token punctuation">(</span></span><span class="token variable">$id</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token variable">$user</span><span class="token operator">-</span><span class="token operator">></span><span class="token function">fill<span class="token punctuation">(</span></span><span class="token punctuation">[</span>
<span class="token string">'secret'</span> <span class="token operator">=</span><span class="token operator">></span> <span class="token function">encrypt<span class="token punctuation">(</span></span><span class="token variable">$request</span><span class="token operator">-</span><span class="token operator">></span><span class="token property">secret</span><span class="token punctuation">)</span>
<span class="token punctuation">]</span><span class="token punctuation">)</span><span class="token operator">-</span><span class="token operator">></span><span class="token function">save<span class="token punctuation">(</span></span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span></code></pre><h4>不進行序列化的加密解密方法</h4><p>加密值在加密期間通過 <code class=" language-php">serialize</code> 傳遞,這也就允許對對象和數組進行加密。由此,非PHP客戶端接收到加密值將需要 <code class=" language-php">unserialize</code> 數據。如果您希望在不進行序列化的情況下加密和解密值,可以使用 <code class=" language-php">Crypt</code> facade的 <code class=" language-php">encryptString</code> 和 <code class=" language-php">decryptString</code> 方法:</p><pre class=" language-php"><code class=" language-php"><span class="token keyword">use</span> <span class="token package">Illuminate<span class="token punctuation">\</span>Support<span class="token punctuation">\</span>Facades<span class="token punctuation">\</span>Crypt</span><span class="token punctuation">;</span>
<span class="token variable">$encrypted</span> <span class="token operator">=</span> <span class="token scope">Crypt<span class="token punctuation">::</span></span><span class="token function">encryptString<span class="token punctuation">(</span></span><span class="token string">'Hello world.'</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token variable">$decrypted</span> <span class="token operator">=</span> <span class="token scope">Crypt<span class="token punctuation">::</span></span><span class="token function">decryptString<span class="token punctuation">(</span></span><span class="token variable">$encrypted</span><span class="token punctuation">)</span><span class="token punctuation">;</span></code></pre><h4>解密一個值</h4><p>你可以借助 <code class=" language-php">decrypt</code> 輔助函數來解密一個值。如果值不能被正確解密,例如當 MAC 無效時,將拋出 <code class=" language-php">Illuminate\<span class="token package">Contracts<span class="token punctuation">\</span>Encryption<span class="token punctuation">\</span>DecryptException</span></code> 異常:</p><pre class=" language-php"><code class=" language-php"><span class="token keyword">use</span> <span class="token package">Illuminate<span class="token punctuation">\</span>Contracts<span class="token punctuation">\</span>Encryption<span class="token punctuation">\</span>DecryptException</span><span class="token punctuation">;</span>
<span class="token keyword">try</span> <span class="token punctuation">{</span>
<span class="token variable">$decrypted</span> <span class="token operator">=</span> <span class="token function">decrypt<span class="token punctuation">(</span></span><span class="token variable">$encryptedValue</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span> <span class="token keyword">catch</span> <span class="token punctuation">(</span><span class="token class-name">DecryptException</span> <span class="token variable">$e</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
<span class="token comment" spellcheck="true"> //
</span><span class="token punctuation">}</span></code></pre><h2>譯者署名</h2><table><thead><tr><th>用戶名</th><th>頭像</th><th>職能</th><th>簽名</th></tr></thead><tbody><tr><td><a href="https://github.com/GanymedeNil">@GanymedeNil</a></td><td><img class="avatar-66 rm-style" src="https://dn-phphub.qbox.me/uploads/avatars/6859_1487055454.jpg?imageView2/1/w/100/h/100"></td><td>翻譯</td><td>我不是Full Stack Developer 2333 <a href="http://weibo.com/jinhongyang">@GanymedeNil</a></td></tr></tbody></table></article>
- 入門指南
- 安裝
- 配置信息
- 文件夾結構
- 請求周期
- 開發環境部署
- Valet
- Homestead
- 核心概念
- 服務提供者
- Facades
- Contracts
- 服務容器
- HTTP 層
- 路由
- 中間件
- CSRF 保護
- 控制器
- 請求
- 響應
- 視圖
- Session
- 表單驗證
- 前端
- Blade 模板
- 本地化
- 前端指南
- 編輯資源 Mix
- 安全
- API 認證
- 用戶認證
- 用戶授權
- 加密解密
- 哈希
- 重置密碼
- 數據庫
- 快速入門
- 查詢構造器
- 分頁
- 數據庫遷移
- Redis
- 數據填充
- Eloquent ORM
- Eloquent ORM快速入門
- 模型關聯
- Eloquent 集合
- 修改器
- 序列化
- 綜合話題
- Artisan 命令行
- 廣播系統
- 緩存系統
- 集合
- 錯誤與日志
- 事件系統
- 文件存儲
- 輔助函數
- 郵件發送
- 消息通知
- 擴展包開發
- 隊列
- 任務調度