openssl_get_cipher_methods

(PHP 5 >= 5.3.0, PHP 7)

openssl_get_cipher_methods获取可用的加密算法

说明

openssl_get_cipher_methods ([ bool $aliases = false ] ) : array

获取可用的加密算法的列表。

参数

aliases

如果密码别名应该包含在返回的array中,则设置为 TRUE.

返回值

一个包含可用加密算法的array

范例

Example #1 openssl_get_cipher_methods() example

展示了哪些加密算法能被找到,哪些别名可用。

<?php
$ciphers             
openssl_get_cipher_methods();
$ciphers_and_aliases openssl_get_cipher_methods(true);
$cipher_aliases      array_diff($ciphers_and_aliases$ciphers);

//ECB mode should be avoided
$ciphers array_filter$ciphers, function($n) { return stripos($n,"ecb")===FALSE; } );

//At least as early as Aug 2016, Openssl declared the following weak: RC2, RC4, DES, 3DES, MD5 based
$ciphers array_filter$ciphers, function($c) { return stripos($c,"des")===FALSE; } );
$ciphers array_filter$ciphers, function($c) { return stripos($c,"rc2")===FALSE; } );
$ciphers array_filter$ciphers, function($c) { return stripos($c,"rc4")===FALSE; } );
$ciphers array_filter$ciphers, function($c) { return stripos($c,"md5")===FALSE; } );
$cipher_aliases array_filter($cipher_aliases,function($c) { return stripos($c,"des")===FALSE; } );
$cipher_aliases array_filter($cipher_aliases,function($c) { return stripos($c,"rc2")===FALSE; } );

print_r($ciphers);
print_r($cipher_aliases);
?>

以上例程的输出类似于:

Array
(
    [0] => AES-128-CBC
    [1] => AES-128-CFB
    [2] => AES-128-CFB1
    [3] => AES-128-CFB8
    [5] => AES-128-OFB
    [6] => AES-192-CBC
    [7] => AES-192-CFB
    [8] => AES-192-CFB1
    [9] => AES-192-CFB8
    [11] => AES-192-OFB
    [12] => AES-256-CBC
    [13] => AES-256-CFB
    [14] => AES-256-CFB1
    [15] => AES-256-CFB8
    [17] => AES-256-OFB
    [18] => BF-CBC
    [19] => BF-CFB
    [21] => BF-OFB
    [22] => CAST5-CBC
    [23] => CAST5-CFB
    [25] => CAST5-OFB
    [41] => IDEA-CBC
    [42] => IDEA-CFB
    [44] => IDEA-OFB
    [53] => aes-128-cbc
    [54] => aes-128-cfb
    [55] => aes-128-cfb1
    [56] => aes-128-cfb8
    [58] => aes-128-ofb
    [59] => aes-192-cbc
    [60] => aes-192-cfb
    [61] => aes-192-cfb1
    [62] => aes-192-cfb8
    [64] => aes-192-ofb
    [65] => aes-256-cbc
    [66] => aes-256-cfb
    [67] => aes-256-cfb1
    [68] => aes-256-cfb8
    [70] => aes-256-ofb
    [71] => bf-cbc
    [72] => bf-cfb
    [74] => bf-ofb
    [75] => cast5-cbc
    [76] => cast5-cfb
    [78] => cast5-ofb
    [94] => idea-cbc
    [95] => idea-cfb
    [97] => idea-ofb
)
Array
(
    [18] => AES128
    [19] => AES192
    [20] => AES256
    [21] => BF
    [26] => CAST
    [27] => CAST-cbc
    [50] => IDEA
    [82] => aes128
    [83] => aes192
    [84] => aes256
    [85] => bf
    [90] => blowfish
    [91] => cast
    [92] => cast-cbc
    [115] => idea
)

参见

User Contributed Notes

Alasdair 08-Nov-2018 01:29
With OpenSSL 1.1.1 this no longer returns the uppercase variants of the name, i.e. `AES-256-CBC` no longer exists but `aes-256-cbc` does.

https://github.com/oerdnj/deb.sury.org/issues/990
karel dot wintersky at gmail dot com 20-Sep-2017 11:29
May be useful for cyphers execution speed.

<?php

const TEST_COUNT = 100000;
const
SOURCE = 'Note that HTML tags are not allowed in the posts, but the note formatting is preserved.';
const
KEY = "password";

function
TESTER( $testing_function, $argument )
{
   
$t = microtime(true);

    for (
$test_iterator = 0; $test_iterator < TEST_COUNT; $test_iterator++) {
       
$testing_function( $argument );
    }
    return
round(microtime(true) - $t, 4);
}

$crypt = function($cipher) {
   
$ivlen = openssl_cipher_iv_length($cipher);
   
$iv = openssl_random_pseudo_bytes($ivlen);
   
openssl_encrypt(SOURCE, $cipher, KEY, $options=0, $iv);
};

$methods = openssl_get_cipher_methods(false);

array_splice( $methods, 0, count($methods) / 2);

$timings = array();

foreach (
$methods as $cypher) {
   
$time = TESTER( $crypt, $cypher );
   
$timings[ $cypher ] = $time;
    echo
str_pad($cypher, 40, ' ', STR_PAD_LEFT), " have time  ", str_pad($time, 8, STR_PAD_LEFT), ' seconds. ', PHP_EOL;
}

uasort($timings, function($a, $b){
    return
$a <=> $b;
});

$min_time = round(reset($timings) / TEST_COUNT, 7);
$min_cypher = key($timings);

$max_time = round(end($timings) / TEST_COUNT, 7);
$max_cypher = key($timings);

echo
'-------------', PHP_EOL;
echo
"Total tests: ", count($timings), PHP_EOL;
echo
"Max timing : {$max_time} seconds for `{$max_cypher}` algorithm.", PHP_EOL;
echo
"Min timing : {$min_time} seconds for `{$min_cypher}` algorithm.", PHP_EOL;

echo
'Details: ', PHP_EOL;

foreach (
$timings as $m => $t) {
    echo
'- ', str_pad($t, 8, STR_PAD_LEFT), " seconds for `{$m}`"PHP_EOL;
}

echo
PHP_EOL;