PHP加密算法与安全通信实践数据加密是保障信息安全的核心技术。PHP提供了多种加密扩展从基础的散列函数到公钥加密都支持。今天说说PHP中各种加密算法的使用。散列函数用于数据完整性验证。md5和sha1已经不够安全推荐用sha256或更高强度的算法。php// 散列函数$data 要计算散列的数据;echo MD5: . md5($data) . (不推荐)\n;echo SHA1: . sha1($data) . (不推荐)\n;echo SHA256: . hash(sha256, $data) . \n;echo SHA384: . hash(sha384, $data) . \n;echo SHA512: . hash(sha512, $data) . \n;// 带密钥的散列$secret my-secret-key;echo HMAC-SHA256: . hash_hmac(sha256, $data, $secret) . \n;// 密码哈希$password UserPassword123!;$hash password_hash($password, PASSWORD_BCRYPT, [cost 12]);echo Bcrypt: $hash\n;if (password_verify($password, $hash)) {echo 密码验证成功\n;}??对称加密用openssl扩展使用相同的密钥进行加密和解密。class SymmetricEncryption{private string $cipher aes-256-gcm;public function encrypt(string $plaintext, string $key): string{$ivLen openssl_cipher_iv_length($this-cipher);$iv openssl_random_pseudo_bytes($ivLen);$tag ;$ciphertext openssl_encrypt($plaintext, $this-cipher, $key, OPENSSL_RAW_DATA, $iv, $tag);if ($ciphertext false) {throw new RuntimeException(加密失败: . openssl_error_string());}// 返回 iv tag ciphertext 的 base64return base64_encode($iv . $tag . $ciphertext);}public function decrypt(string $data, string $key): string{$decoded base64_decode($data);$ivLen openssl_cipher_iv_length($this-cipher);$tagLen 16;$iv substr($decoded, 0, $ivLen);$tag substr($decoded, $ivLen, $tagLen);$ciphertext substr($decoded, $ivLen $tagLen);$plaintext openssl_decrypt($ciphertext, $this-cipher, $key, OPENSSL_RAW_DATA, $iv, $tag);if ($plaintext false) {throw new RuntimeException(解密失败);}return $plaintext;}}$encryption new SymmetricEncryption();$key random_bytes(32);$secret 这是一条机密消息;$encrypted $encryption-encrypt($secret, $key);echo 加密: $encrypted\n;$decrypted $encryption-decrypt($encrypted, $key);echo 解密: $decrypted\n;?非对称加密使用公钥加密、私钥解密适合在不安全的通道上传输密钥。phpclass AsymmetricEncryption{private string $privateKey;private string $publicKey;public function __construct(?string $privateKeyPath null, ?string $publicKeyPath null){if ($privateKeyPath file_exists($privateKeyPath)) {$this-privateKey file_get_contents($privateKeyPath);} else {$this-generateKeyPair();}if ($publicKeyPath file_exists($publicKeyPath)) {$this-publicKey file_get_contents($publicKeyPath);}}private function generateKeyPair(): void{$config [digest_alg sha256,private_key_bits 2048,private_key_type OPENSSL_KEYTYPE_RSA,];$resource openssl_pkey_new($config);openssl_pkey_export($resource, $this-privateKey);$details openssl_pkey_get_details($resource);$this-publicKey $details[key];}public function encrypt(string $data): string{$encrypted ;openssl_public_encrypt($data, $encrypted, $this-publicKey);return base64_encode($encrypted);}public function decrypt(string $data): string{$decrypted ;openssl_private_decrypt(base64_decode($data), $decrypted, $this-privateKey);return $decrypted;}public function sign(string $data): string{$signature ;openssl_sign($data, $signature, $this-privateKey, OPENSSL_ALGO_SHA256);return base64_encode($signature);}public function verify(string $data, string $signature): bool{$result openssl_verify($data, base64_decode($signature), $this-publicKey, OPENSSL_ALGO_SHA256);return $result 1;}public function getPublicKey(): string{return $this-publicKey;}public function saveKeys(string $privatePath, string $publicPath): void{file_put_contents($privatePath, $this-privateKey);file_put_contents($publicPath, $this-publicKey);}}$crypto new AsymmetricEncryption();$message 重要消息;echo 原文: $message\n;$encrypted $crypto-encrypt($message);echo 加密: $encrypted\n;$decrypted $crypto-decrypt($encrypted);echo 解密: $decrypted\n;$signature $crypto-sign($message);echo 签名: $signature\n;$verified $crypto-verify($message, $signature);echo 验证: . ($verified ? 通过 : 不通过) . \n;?实际项目中的混合加密方案。用非对称加密传输对称密钥用对称加密加密数据本身。phpclass HybridEncryption{private AsymmetricEncryption $asymmetric;public function __construct(AsymmetricEncryption $asymmetric){$this-asymmetric $asymmetric;}public function encrypt(string $plaintext): array{// 生成对称密钥$symmetricKey random_bytes(32);// 用对称加密加密数据$cipher new SymmetricEncryption();$encryptedData $cipher-encrypt($plaintext, $symmetricKey);// 用非对称加密加密对称密钥$encryptedKey $this-asymmetric-encrypt(base64_encode($symmetricKey));return [data $encryptedData,key $encryptedKey,];}public function decrypt(array $package): string{// 解密对称密钥$decodedKey base64_decode($this-asymmetric-decrypt($package[key]));// 用对称密钥解密数据$cipher new SymmetricEncryption();return $cipher-decrypt($package[data], $decodedKey);}}?HTTPS是Web通信的基础安全保障。在PHP层面确保cURL验证SSL证书避免中间人攻击。php// 安全的cURL请求function secureHttpRequest(string $url): string{$ch curl_init($url);curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER true,CURLOPT_SSL_VERIFYPEER true,CURLOPT_SSL_VERIFYHOST 2,CURLOPT_CAINFO /etc/ssl/certs/ca-certificates.crt,CURLOPT_TIMEOUT 30,]);$response curl_exec($ch);if (curl_errno($ch)) {throw new RuntimeException(请求失败: . curl_error($ch));}curl_close($ch);return $response;}?加密算法的选择要根据安全等级和性能要求来定。密码存储用password_hash数据传输用TLS数据加密用AES-256-GCM数字签名用RSA或ECDSA。理解各种加密算法的特性和使用场景是安全编程的基本功。