Read encrypted php files using ajax

你说的曾经没有我的故事 提交于 2020-01-06 08:58:30

问题


I encrypt all my core files using libsodium, but my problem is how to read the php files in decrypted state like calling the file using ajax like automatic decryption.

I'm not sure if its possible.

Its something like this.

Sorry, I'm still exploring on this library

I work on this before but method is wrong, and told me to use libsodium.

Hope you help me.

ENCRYPTION

    <?php
    require_once('function.php');
    if(isset($_FILES)){

        $tmp = "enc/";
        $tmpFiles = browseDir($tmp);

        foreach($tmpFiles as $file){ // iterate files

        if(is_file($tmp.$file))

            unlink($tmp.$file); // delete file
        }


        foreach($_FILES['files']['name'] as $key => $value){

            $file = explode(".", $_FILES['files']['name'][$key]);
            $ext = array("php");

            if(in_array($file[1], $ext)){

                $file_name = $file[0].'.'.$file[1];

                $source = $_FILES['files']['tmp_name'][$key];
                $location = $tmp.$file_name;

                $password = 'password';
                $chunk_size = 4096;

                $alg = SODIUM_CRYPTO_PWHASH_ALG_DEFAULT;
                $opslimit = SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE;
                $memlimit = SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE;
                $salt = random_bytes(SODIUM_CRYPTO_PWHASH_SALTBYTES);

                $secret_key = sodium_crypto_pwhash(SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_KEYBYTES,
                                                $password, $salt, $opslimit, $memlimit, $alg);

                $fd_in = fopen($source, 'rb');
                $fd_out = fopen($location, 'wb');

                fwrite($fd_out, pack('V', $alg));
                fwrite($fd_out, pack('V', $opslimit));
                fwrite($fd_out, pack('V', $memlimit));
                fwrite($fd_out, $salt);

                list($stream, $header) = sodium_crypto_secretstream_xchacha20poly1305_init_push($secret_key);

                fwrite($fd_out, $header);

                $tag = SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_MESSAGE;
                do {
                    $chunk = fread($fd_in, $chunk_size);
                    if (feof($fd_in)) {
                        $tag = SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_FINAL;
                    }
                    $encrypted_chunk = sodium_crypto_secretstream_xchacha20poly1305_push($stream, $chunk, '', $tag);
                    fwrite($fd_out, $encrypted_chunk);
                } while ($tag !== SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_FINAL);

                fclose($fd_out);
                fclose($fd_in);

            }
        }
    }
?>

DECRYPTION

<?php

$password = 'password';
$encrypted_file = 'enc/inc.php';
$decrypted_file = 'dec/dec.php';
$chunk_size = 4096;

$fd_in = fopen($encrypted_file, 'rb');
$fd_out = fopen($decrypted_file, 'wb');

$alg = unpack('V', fread($fd_in, 4))[1];
$opslimit = unpack('V', fread($fd_in, 4))[1];
$memlimit = unpack('V', fread($fd_in, 4))[1];
$salt = fread($fd_in, SODIUM_CRYPTO_PWHASH_SALTBYTES);

echo $alg. ' alg';
echo $opslimit. 'ops';
echo $memlimit. 'mem';

$header = fread($fd_in, SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES);

$secret_key = sodium_crypto_pwhash(SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_KEYBYTES,
                                   $password, $salt, $opslimit, $memlimit, $alg);

$stream = sodium_crypto_secretstream_xchacha20poly1305_init_pull($header, $secret_key);
do {
    $chunk = fread($fd_in, $chunk_size + SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_ABYTES);
    $res = sodium_crypto_secretstream_xchacha20poly1305_pull($stream, $chunk);
    if ($res === FALSE) {
       break;
    }
    list($decrypted_chunk, $tag) = $res;
    fwrite($fd_out, $decrypted_chunk);
} while (!feof($fd_in) && $tag !== SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_TAG_FINAL);
$ok = feof($fd_in);

fclose($fd_out);
fclose($fd_in);

if (!$ok) {
    die('Invalid/corrupted input');
}

来源:https://stackoverflow.com/questions/54586451/read-encrypted-php-files-using-ajax

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!