• 首页
  • vue
  • TypeScript
  • JavaScript
  • scss
  • css3
  • html5
  • php
  • MySQL
  • redis
  • jQuery
  • openssl_get_cipher_methods()

    (PHP 5 >= 5.3.0, PHP 7)

    获取可用的加密算法

    说明

    openssl_get_cipher_methods([bool $aliases= false]): array

    获取可用的加密算法的列表。

    参数

    $aliases

    如果密码别名应该包含在返回的array中,则设置为TRUE.

    返回值

    一个包含可用加密算法的array。

    范例

    openssl_get_cipher_methods() example

    展示了哪些加密算法能被找到,哪些别名可用。

    <?php
    $ciphers             = openssl_get_cipher_methods();
    $ciphers_and_aliases = openssl_get_cipher_methods(true);
    $cipher_aliases      = array_diff($ciphers_and_aliases, $ciphers);
    //ECB mode should be avoided
    $ciphers = array_filter( $ciphers, function($n) { return stripos($n,"ecb")===FALSE; } );
    //At least as early as Aug 2016, Openssl declared the following weak: RC2, RC4, DES, 3DES, MD5 based
    $ciphers = array_filter( $ciphers, function($c) { return stripos($c,"des")===FALSE; } );
    $ciphers = array_filter( $ciphers, function($c) { return stripos($c,"rc2")===FALSE; } );
    $ciphers = array_filter( $ciphers, function($c) { return stripos($c,"rc4")===FALSE; } );
    $ciphers = array_filter( $ciphers, function($c) { return stripos($c,"md5")===FALSE; } );
    $cipher_aliases = array_filter($cipher_aliases,function($c) { return stripos($c,"des")===FALSE; } );
    $cipher_aliases = array_filter($cipher_aliases,function($c) { return stripos($c,"rc2")===FALSE; } );
    print_r($ciphers);
    print_r($cipher_aliases);
    ?>
    

    以上例程的输出类似于:

    Array
    (
        [0] => AES-128-CBC
        [1] => AES-128-CFB
        [2] => AES-128-CFB1
        [3] => AES-128-CFB8
        [5] => AES-128-OFB
        [6] => AES-192-CBC
        [7] => AES-192-CFB
        [8] => AES-192-CFB1
        [9] => AES-192-CFB8
        [11] => AES-192-OFB
        [12] => AES-256-CBC
        [13] => AES-256-CFB
        [14] => AES-256-CFB1
        [15] => AES-256-CFB8
        [17] => AES-256-OFB
        [18] => BF-CBC
        [19] => BF-CFB
        [21] => BF-OFB
        [22] => CAST5-CBC
        [23] => CAST5-CFB
        [25] => CAST5-OFB
        [41] => IDEA-CBC
        [42] => IDEA-CFB
        [44] => IDEA-OFB
        [53] => aes-128-cbc
        [54] => aes-128-cfb
        [55] => aes-128-cfb1
        [56] => aes-128-cfb8
        [58] => aes-128-ofb
        [59] => aes-192-cbc
        [60] => aes-192-cfb
        [61] => aes-192-cfb1
        [62] => aes-192-cfb8
        [64] => aes-192-ofb
        [65] => aes-256-cbc
        [66] => aes-256-cfb
        [67] => aes-256-cfb1
        [68] => aes-256-cfb8
        [70] => aes-256-ofb
        [71] => bf-cbc
        [72] => bf-cfb
        [74] => bf-ofb
        [75] => cast5-cbc
        [76] => cast5-cfb
        [78] => cast5-ofb
        [94] => idea-cbc
        [95] => idea-cfb
        [97] => idea-ofb
    )
    Array
    (
        [18] => AES128
        [19] => AES192
        [20] => AES256
        [21] => BF
        [26] => CAST
        [27] => CAST-cbc
        [50] => IDEA
        [82] => aes128
        [83] => aes192
        [84] => aes256
        [85] => bf
        [90] => blowfish
        [91] => cast
        [92] => cast-cbc
        [115] => idea
    )
    

    参见

    With OpenSSL 1.1.1 this no longer returns the uppercase variants of the name, i.e. `AES-256-CBC` no longer exists but `aes-256-cbc` does.
    https://github.com/oerdnj/deb.sury.org/issues/990
    May be useful for cyphers execution speed.
    <?php
    const TEST_COUNT = 100000;
    const SOURCE = 'Note that HTML tags are not allowed in the posts, but the note formatting is preserved.';
    const KEY = "password";
    function TESTER( $testing_function, $argument )
    {
      $t = microtime(true);
      for ($test_iterator = 0; $test_iterator < TEST_COUNT; $test_iterator++) {
        $testing_function( $argument );
      }
      return round(microtime(true) - $t, 4);
    }
    $crypt = function($cipher) {
      $ivlen = openssl_cipher_iv_length($cipher);
      $iv = openssl_random_pseudo_bytes($ivlen);
      openssl_encrypt(SOURCE, $cipher, KEY, $options=0, $iv);
    };
    $methods = openssl_get_cipher_methods(false);
    array_splice( $methods, 0, count($methods) / 2);
    $timings = array();
    foreach ($methods as $cypher) {
      $time = TESTER( $crypt, $cypher );
      $timings[ $cypher ] = $time;
      echo str_pad($cypher, 40, ' ', STR_PAD_LEFT), " have time ", str_pad($time, 8, STR_PAD_LEFT), ' seconds. ', PHP_EOL;
    }
    uasort($timings, function($a, $b){
      return $a <=> $b;
    });
    $min_time = round(reset($timings) / TEST_COUNT, 7);
    $min_cypher = key($timings);
    $max_time = round(end($timings) / TEST_COUNT, 7);
    $max_cypher = key($timings);
    echo '-------------', PHP_EOL;
    echo "Total tests: ", count($timings), PHP_EOL;
    echo "Max timing : {$max_time} seconds for `{$max_cypher}` algorithm.", PHP_EOL;
    echo "Min timing : {$min_time} seconds for `{$min_cypher}` algorithm.", PHP_EOL;
    echo 'Details: ', PHP_EOL;
    foreach ($timings as $m => $t) {
      echo '- ', str_pad($t, 8, STR_PAD_LEFT), " seconds for `{$m}`", PHP_EOL;
    }
    echo PHP_EOL;