redsd/aesencrypt
Composer 安装命令:
composer require redsd/aesencrypt
包简介
Laravel MySql AES Encrypt/Decrypt
README 文档
README
- Installation
- Configure Provider
- Updating your Eloquent Models
- Creating tables to support encrypt columns
- Set encryption key in .env file
- Encrypt existing data
- Decrypt your data in MySQL
Laravel MySql AES Encrypt/Decrypt
Based on https://github.com/devmaster10/mysql-aes-encrypt
Improvements:
- Added improved security by using an unique IV for each encrypted field.
- Added support for multiple encryption methods including: aes-256-cbc
- Added use of MySQL session variables to prevent the encryption key from being outputted when an sql error occures.
- Added laravel 9 support
Laravel Database Encryption in mysql side, use native mysql function AES_DECRYPT and AES_ENCRYPT
Auto encrypt and decrypt signed fields/columns in your Model
Can use all functions of Eloquent/Model
You can perform the operations "=>, <',' between ',' LIKE ' in encrypted columns
1.Install the package via Composer:
For laravel 9.x: $ composer require redsd/aesencrypt:9.x For laravel 8.x: $ composer require redsd/aesencrypt:8.x For laravel 7.x: $ composer require redsd/aesencrypt:7.x For laravel 6.x: $ composer require redsd/aesencrypt:6.x For laravel 5.x: $ composer require redsd/aesencrypt:5.x
2.Configure provider
You'll need to add to add a service provider if you are using Laravel 5.4 or lower or if the encryption is not working, add to following in config/app.php:
'providers' => array( redsd\AESEncrypt\Database\DatabaseServiceProviderEncrypt::class )
Updating Your Eloquent Models
Your models that have encrypted columns, should extend from ModelEncrypt:
namespace App\Models; use redsd\AESEncrypt\Database\Eloquent\ModelEncrypt; class Person extends ModelEncrypt { /** * The attributes that are encrypted. * * @var array */ protected $fillableEncrypt = [ 'name' ]; }
Creating tables to support encrypt columns
It adds new features to Schema which you can use in your migrations:
Schema::create('persons', function (Blueprint $table) { // here you do all columns supported by the schema builder $table->increments('id')->unsigned; $table->string('description', 250)->nullable(); $table->timestamps(); }); // once the table is created use a raw query to ALTER it and add the BLOB, MEDIUMBLOB or LONGBLOB DB::statement("ALTER TABLE persons ADD name MEDIUMBLOB after id");
Set encryption settings in .env file
APP_AESENCRYPT_KEY=yourencryptedkey APP_AESENCRYPT_MODE=aes-256-cbc
See https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_block_encryption_mode for all available encryption methods.
To publish the config file and view run the following command
php artisan vendor:publish --provider="redsd\AESEncrypt\AesEncryptServiceProvider"
Encrypt existing data
In order to use this package with existing data, you must first encrypt all existing columns you want to use.
Note: If the database is allready encrypted, make sure to decrypt it before executing the folowing query.
Always make a back-up before making changes to your data
The easiest and more secure way to use this, is to use this MySQL function when updating your records:
CREATE FUNCTION `aes_encrypt_string` (col blob, aeskey char(255)) RETURNS blob BEGIN SET @iv = RANDOM_BYTES(16); RETURN CONCAT(AES_ENCRYPT(col, aeskey, @iv), ".iv.",@iv); END
After adding the MySQL function, update your records like so:
SET @@SESSION.block_encryption_mode = 'aes-256-cbc'; SET @AESKEY = 'yourencryptedkey'; UPDATE your_table SET your_column = aes_encrypt_string(your_column, @AESKEY), your_column2 = aes_encrypt_string(your_column2, @AESKEY) WHERE your_column NOT LIKE '%.iv.%';
The folowing code will ensure the only data that isn't encrypted yet will be encrypted, in case you need to run the query multiple times.
If you cannot create MySQL functions you can perform the following but this will use the same IV for every record which is less secure.
SET @@SESSION.block_encryption_mode = 'aes-256-cbc'; SET @AESKEY = 'yourencryptedkey'; SET @iv = RANDOM_BYTES(16); UPDATE your_table SET your_column = CONCAT(AES_ENCRYPT(your_column, @AESKEY, @iv), ".iv.",@iv), your_column2 = CONCAT(AES_ENCRYPT(your_column2, @AESKEY, @iv), ".iv.",@iv) WHERE your_column NOT LIKE '%.iv.%';
The folowing code will ensure the only data that isn't encrypted yet will be encrypted, in case you need to run the query multiple times.
Decrypt your data in MySQL
If you want to decrypt your data using mysql query, you can add this function to your mysql database:
CREATE FUNCTION `aes_decrypt_string` (col blob, aeskey char(255)) RETURNS text BEGIN RETURN CAST(AES_DECRYPT(SUBSTRING_INDEX(col, '.iv.', 1), aeskey, SUBSTRING_INDEX(col, '.iv.', -1)) as char); END
Now when you want to decrypt your mysql you can do so like this:
SET @@SESSION.block_encryption_mode = 'aes-256-cbc'; SET @AESKEY = 'yourencryptedkey'; SELECT *, aes_decrypt_string(yourEncryptedColum, @AESKEY) decryptedColumn, aes_decrypt_string(yourEncryptedColum2, @AESKEY) decryptedColumn2 FROM yourtable;
Or if you cannot or do not want to use a MySQL function you can use the following query
SET @@SESSION.block_encryption_mode = 'aes-256-cbc'; SET @AESKEY = 'yourencryptedkey'; SELECT CAST(AES_DECRYPT(SUBSTRING_INDEX(yourEncryptedColum, '.iv.', 1), @AESKEY, SUBSTRING_INDEX(yourEncryptedColum, '.iv.', -1)) as CHAR) decrypted_column FROM yourtable WHERE yourEncryptedColum LIKE '%.iv.%';
redsd/aesencrypt 适用场景与选型建议
redsd/aesencrypt 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 831 次下载、GitHub Stars 达 2, 最近一次更新时间为 2019 年 10 月 12 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「mysql」 「aes」 「laravel」 「encrypt」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 redsd/aesencrypt 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 redsd/aesencrypt 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 redsd/aesencrypt 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Dibi is Database Abstraction Library for PHP
A package for automatically encrypting and decrypting Eloquent attributes in Laravel 5.5+, based on configuration settings.
AES cipher - FIPS 192 compliant
Encrypting fields in doctrine entities wit AES
PHP module for MySql database
AES crypto library which can be used in php and javascript
统计信息
- 总下载量: 831
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 2
- 点击次数: 13
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: Apache-2.0
- 更新时间: 2019-10-12