1 概况

php7.1发布后新特性吸引了不少PHPer，大家都在讨论新特性带来的好处与便利。但是从php7.0 升级到 php7.1 废弃了一个在过去普遍应用的扩展(mcrypt扩展)。官方提供了相应的解决提示，却没有提供更详细的解决办法。于是坑来了….

2 解决

php手册目前缺少“ openssl_encrypt ”和“ openssl_decrypt ”功能的文档，所以花了我一段时间来完成我需要做的工作，以使这些功能可以替代mcrypt

2.1 首先，您将需要生成一个用作256位加密密钥的伪随机字节串，请求的长度将为32（32位= 256位）。

$encryption_key_256bit = base64_encode(openssl_random_pseudo_bytes(32));

2.2 现在我们有了关键，我们将创建加密功能。我们将把要编码的数据和我们的密钥传递给该函数。除了我们的密钥，还有一个二次随机字符串，我们将创建和使用称为 初始化向量 （IV），有助于加强加密。

function my_encrypt($data, $key) {
    // Remove the base64 encoding from our key
    $encryption_key = base64_decode($key);
    // Generate an initialization vector
    $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
    // Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector.
    $encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);
    // The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)
    return base64_encode($encrypted . '::' . $iv);
}

2.3 现在为解密功能：

function my_decrypt($data, $key) {
      // Remove the base64 encoding from our key
      $encryption_key = base64_decode($key);
      // To decrypt, split the encrypted data from our IV - our unique separator used was "::"
      list($encrypted_data, $iv) = explode('::', base64_decode($data), 2);
      return openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);
}

2.4 放在一起测试

//$key is our base64 encoded 256bit key that we created earlier. You will probably store and define this     key in a config file.
$key = 'bRuD5WYw5wd0rdHR9yLlM6wt2vteuiniQBqE70nAuhU=';

function my_encrypt($data, $key) {
    // Remove the base64 encoding from our key
    $encryption_key = base64_decode($key);
    // Generate an initialization vector
    $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
    // Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector.
    $encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);
    // The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)
    return base64_encode($encrypted . '::' . $iv);
}

function my_decrypt($data, $key) {
    // Remove the base64 encoding from our key
    $encryption_key = base64_decode($key);
    // To decrypt, split the encrypted data from our IV - our unique separator used was "::"
    list($encrypted_data, $iv) = explode('::', base64_decode($data), 2);
    return openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);
}

//our data to be encoded
$password_plain = 'abc123';
echo $password_plain . "<br>";

//our data being encrypted. This encrypted data will probably be going into a database
//since it's base64 encoded, it can go straight into a varchar or text database field without corruption worry
$password_encrypted = my_encrypt($password_plain, $key);
echo $password_encrypted . "<br>";

//now we turn our encrypted data back to plain text
$password_decrypted = my_decrypt($password_encrypted, $key);
echo $password_decrypted . "<br>";

2.5 上面的代码将输出以下内容。请注意，由于我们的初始化向量，每次运行代码时，中间的加密字符串将会更改：

abc123
K3gzWkxySUd6VkgvQTNJUUtZMjV2UT09Ojpia3sh1zglO3DYodw84855
abc123