编辑代码

<?php 
//JSRUN引擎2.0，支持多达30种语言在线运行，全仿真在线交互输入输出。 


function secureEncrypt($plaintext, $key) {
    $iv = random_bytes(16); // 生成强随机IV‌:ml-citation{ref="5,7" data="citationList"}
    $ciphertext = openssl_encrypt(
        $plaintext, 
        'aes-256-ctr', // 选择CTR模式提升性能‌:ml-citation{ref="5" data="citationList"}
        hash('sha256', $key, true), // 密钥哈希处理‌:ml-citation{ref="1,5" data="citationList"}
        OPENSSL_RAW_DATA, 
        $iv
    );
    return base64_encode($iv . hash_hmac('sha3-256', $ciphertext, $key, true) . $ciphertext);
}

function secureDecrypt($ciphertext, $key) {
    $data = base64_decode($ciphertext);
    $iv = substr($data, 0, 16);
    $hmac = substr($data, 16, 32);
    $content = substr($data, 48);
    
    if (!hash_equals(hash_hmac('sha3-256', $content, $key, true), $hmac)) {
        throw new Exception('完整性验证失败'); // HMAC防篡改‌:ml-citation{ref="5,8" data="citationList"}
    }
    
    return openssl_decrypt(
        $content,
        'aes-256-ctr',
        hash('sha256', $key, true),
        OPENSSL_RAW_DATA,
        $iv
    );
}



$masterKey = random_bytes(32); // 必须使用密码学安全随机数‌:ml-citation{ref="5" data="citationList"}
$data = "绝密信息123";

// 加密
$encrypted = secureEncrypt($data, $masterKey);

// 解密
try {
    echo secureDecrypt($encrypted, $masterKey);
} catch(Exception $e) {
    die("解密失败: ".$e->getMessage());
}










/**
 * 安全增强型加密/解密方法
 * @param string $data 待处理数据
 * @param string $password 密码（建议通过环境变量获取）‌:ml-citation{ref="5,7" data="citationList"}
 * @param bool $isEncrypt 操作模式 (true加密 / false解密)
 * @return string|false 加密数据或解密结果
 */
function secureCrypt($data, $password, $isEncrypt = true) {
    $method = 'aes-256-ctr';
    $key = hash('sha256', $password, true);  // 生成256位密钥‌:ml-citation{ref="5,7" data="citationList"}
    
    if ($isEncrypt) {
        // 加密流程
        $iv = openssl_random_pseudo_bytes(16);  // 生成安全随机IV‌:ml-citation{ref="7" data="citationList"}
        $ciphertext = openssl_encrypt($data, $method, $key, OPENSSL_RAW_DATA, $iv);
        $hmac = hash_hmac('sha256', $iv . $ciphertext, $key, true);  // 完整性校验‌:ml-citation{ref="7" data="citationList"}
        return base64_encode($iv . $hmac . $ciphertext);
    } else {
        // 解密流程
        $raw = base64_decode($data);
        if (strlen($raw) < 48) return false;  // 基础数据校验
        
        $iv = substr($raw, 0, 16);
        $hmac = substr($raw, 16, 32);
        $ciphertext = substr($raw, 48);
        
        // HMAC验证（防篡改）‌:ml-citation{ref="7" data="citationList"}
        $calculatedHmac = hash_hmac('sha256', $iv . $ciphertext, $key, true);
        if (!hash_equals($hmac, $calculatedHmac)) return false;  // 安全比较‌:ml-citation{ref="3" data="citationList"}
        
        return openssl_decrypt($ciphertext, $method, $key, OPENSSL_RAW_DATA, $iv);
    }
}





// 加密敏感数据
$secretData = "交易凭证2025-001";
$encrypted = secureCrypt($secretData, getenv('ENCRYPTION_KEY'));

// 解密验证（含篡改检测）
$decrypted = secureCrypt($encrypted, getenv('ENCRYPTION_KEY'), false);
if ($decrypted === false) {
    error_log("解密失败：可能遭遇数据篡改");  // 记录安全事件‌:ml-citation{ref="5,7" data="citationList"}
} else {
    echo "解密成功：".$decrypted;
}