如何正確地使用加密與認(rèn)證技術(shù)(5)
0x05 用Libsodium安全加密Cookies
/*
// At some point, we run this command:
$key = Sodium::randombytes_buf(Sodium::CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES);
*/
/**
* Store ciphertext in a cookie
*
* @param string $name - cookie name
* @param mixed $cookieData - cookie data
* @param string $key - crypto key
*/
function setSafeCookie($name, $cookieData, $key)
{
$nonce = Sodium::randombytes_buf(Sodium::CRYPTO_SECRETBOX_NONCEBYTES);
return setcookie(
$name,
base64_encode(
$nonce.
Sodium::crypto_secretbox(
json_encode($cookieData),
$nonce,
$key
)
)
);
}
/**
* Decrypt a cookie, expand to array
*
* @param string $name - cookie name
* @param string $key - crypto key
*/
function getSafeCookie($name, $key)
{
$hexSize = 2 * Sodium::Sodium::CRYPTO_SECRETBOX_NONCEBYTES;
if (!isset($_COOKIE[$name])) {
return array();
}
$decoded = base64_decode($_COOKIE[$name]);
$nonce = mb_substr($decoded, 0, $hexSize, '8bit');
$ciphertext = mb_substr($decoded, $hexSize, null, '8bit');
$decrypted = Sodium::crypto_secretbox_open(
$ciphertext,
$nonce,
$key
);
if (empty($decrypted)) {
return array();
}
return json_decode($decrypted, true);
}
對于沒有l(wèi)ibsodium庫的開發(fā)人員,我們的一個(gè)博客讀者,提供了一個(gè)安全cookie實(shí)現(xiàn)的例子,其使用了defuse/php-encryption(我們推薦的PHP庫)。