openssl_get_cipher_methods()
(PHP 5 >= 5.3.0, PHP 7)
获取可用的加密算法
说明
openssl_get_cipher_methods([bool $aliases= false]): array
获取可用的加密算法的列表。
参数
- $aliases
如果密码别名应该包含在返回的array中,则设置为
TRUE.
返回值
一个包含可用加密算法的array。
范例
openssl_get_cipher_methods() example
展示了哪些加密算法能被找到,哪些别名可用。
<?php
$ciphers = openssl_get_cipher_methods();
$ciphers_and_aliases = openssl_get_cipher_methods(true);
$cipher_aliases = array_diff($ciphers_and_aliases, $ciphers);
//ECB mode should be avoided
$ciphers = array_filter( $ciphers, function($n) { return stripos($n,"ecb")===FALSE; } );
//At least as early as Aug 2016, Openssl declared the following weak: RC2, RC4, DES, 3DES, MD5 based
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"des")===FALSE; } );
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"rc2")===FALSE; } );
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"rc4")===FALSE; } );
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"md5")===FALSE; } );
$cipher_aliases = array_filter($cipher_aliases,function($c) { return stripos($c,"des")===FALSE; } );
$cipher_aliases = array_filter($cipher_aliases,function($c) { return stripos($c,"rc2")===FALSE; } );
print_r($ciphers);
print_r($cipher_aliases);
?>
以上例程的输出类似于:
Array
(
[0] => AES-128-CBC
[1] => AES-128-CFB
[2] => AES-128-CFB1
[3] => AES-128-CFB8
[5] => AES-128-OFB
[6] => AES-192-CBC
[7] => AES-192-CFB
[8] => AES-192-CFB1
[9] => AES-192-CFB8
[11] => AES-192-OFB
[12] => AES-256-CBC
[13] => AES-256-CFB
[14] => AES-256-CFB1
[15] => AES-256-CFB8
[17] => AES-256-OFB
[18] => BF-CBC
[19] => BF-CFB
[21] => BF-OFB
[22] => CAST5-CBC
[23] => CAST5-CFB
[25] => CAST5-OFB
[41] => IDEA-CBC
[42] => IDEA-CFB
[44] => IDEA-OFB
[53] => aes-128-cbc
[54] => aes-128-cfb
[55] => aes-128-cfb1
[56] => aes-128-cfb8
[58] => aes-128-ofb
[59] => aes-192-cbc
[60] => aes-192-cfb
[61] => aes-192-cfb1
[62] => aes-192-cfb8
[64] => aes-192-ofb
[65] => aes-256-cbc
[66] => aes-256-cfb
[67] => aes-256-cfb1
[68] => aes-256-cfb8
[70] => aes-256-ofb
[71] => bf-cbc
[72] => bf-cfb
[74] => bf-ofb
[75] => cast5-cbc
[76] => cast5-cfb
[78] => cast5-ofb
[94] => idea-cbc
[95] => idea-cfb
[97] => idea-ofb
)
Array
(
[18] => AES128
[19] => AES192
[20] => AES256
[21] => BF
[26] => CAST
[27] => CAST-cbc
[50] => IDEA
[82] => aes128
[83] => aes192
[84] => aes256
[85] => bf
[90] => blowfish
[91] => cast
[92] => cast-cbc
[115] => idea
)
参见
openssl_get_md_methods()获取可用的摘要算法
With OpenSSL 1.1.1 this no longer returns the uppercase variants of the name, i.e. `AES-256-CBC` no longer exists but `aes-256-cbc` does. https://github.com/oerdnj/deb.sury.org/issues/990
May be useful for cyphers execution speed.
<?php
const TEST_COUNT = 100000;
const SOURCE = 'Note that HTML tags are not allowed in the posts, but the note formatting is preserved.';
const KEY = "password";
function TESTER( $testing_function, $argument )
{
$t = microtime(true);
for ($test_iterator = 0; $test_iterator < TEST_COUNT; $test_iterator++) {
$testing_function( $argument );
}
return round(microtime(true) - $t, 4);
}
$crypt = function($cipher) {
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
openssl_encrypt(SOURCE, $cipher, KEY, $options=0, $iv);
};
$methods = openssl_get_cipher_methods(false);
array_splice( $methods, 0, count($methods) / 2);
$timings = array();
foreach ($methods as $cypher) {
$time = TESTER( $crypt, $cypher );
$timings[ $cypher ] = $time;
echo str_pad($cypher, 40, ' ', STR_PAD_LEFT), " have time ", str_pad($time, 8, STR_PAD_LEFT), ' seconds. ', PHP_EOL;
}
uasort($timings, function($a, $b){
return $a <=> $b;
});
$min_time = round(reset($timings) / TEST_COUNT, 7);
$min_cypher = key($timings);
$max_time = round(end($timings) / TEST_COUNT, 7);
$max_cypher = key($timings);
echo '-------------', PHP_EOL;
echo "Total tests: ", count($timings), PHP_EOL;
echo "Max timing : {$max_time} seconds for `{$max_cypher}` algorithm.", PHP_EOL;
echo "Min timing : {$min_time} seconds for `{$min_cypher}` algorithm.", PHP_EOL;
echo 'Details: ', PHP_EOL;
foreach ($timings as $m => $t) {
echo '- ', str_pad($t, 8, STR_PAD_LEFT), " seconds for `{$m}`", PHP_EOL;
}
echo PHP_EOL;