How do you Encrypt and Decrypt a PHP String

Question

What I mean is   Original String   Salt or Key -- gt  Encrypted String Encrypted String   Salt or Key -- gt  Decrypted  Original String    Maybe something like    hello world      ABCD1234  -- gt  Encrypt -- gt   2a2ffa8f13220befbe30819047e23b2c   may be  for e g   2a2ffa8f13220befbe30819047e23b2c  -- gt  Decrypt with  ABCD1234  -- gt   hello world      In PHP  how can you do this    Attempted to use Crypt Blowfish  but it didn t work for me

User · Answer

In PHP  Encryption and Decryption of a string is possible using one of the Cryptography Extensions called OpenSSL function for encrypt and decrypt  openssl encrypt   Function  The openssl encrypt   function is used to encrypt the data  Syntax is as follows   string openssl encrypt  string  data  string  method  string  key   options   0  string  iv  string  tag  NULL  string  aad  int  tag length   16   Parameters are as follows    data  It holds the string or data which need to be encrypted   method  The cipher method is adopted using openssl get cipher methods   function   key  It holds the encryption key   options  It holds the bitwise disjunction of the flags OPENSSL RAW DATA and OPENSSL ZERO PADDING   iv  It holds the initialization vector which is not NULL   tag  It holds the authentication tag which is passed by reference when using AEAD cipher mode  GCM or CCM    aad  It holds the additional authentication data   tag length  It holds the length of the authentication tag  The length of authentication tag lies between 4 to 16 for GCM mode  Return Value  It returns the encrypted string on success or FALSE on failure  openssl decrypt   Function The openssl decrypt   function is used to decrypt the data  Syntax is as follows   string openssl decrypt  string  data  string  method  string  key  int  options   0  string  iv  string  tag  string  aad  Parameters are as follows    data  It holds the string or data which need to be encrypted   method  The cipher method is adopted using openssl get cipher methods   function   key  It holds the encryption key   options  It holds the bitwise disjunction of the flags OPENSSL RAW DATA and OPENSSL ZERO PADDING   iv  It holds the initialization vector which is not NULL   tag  It holds the authentication tag using AEAD cipher mode  GCM or CCM   When authentication fails openssl decrypt   returns FALSE   aad  It holds the additional authentication data  Return Value  It returns the decrypted string on success or FALSE on failure  Approach  First declare a string and store it into variable and use openssl encrypt   function to encrypt the given string and use openssl decrypt   function to descrypt the given string  You can find the examples at   https   www geeksforgeeks org how-to-encrypt-and-decrypt-a-php-string

User · Answer

If you don t want to use library  which you should  then use something like this  PHP 7    function sign  message   key        return hash hmac  sha256    message   key     message     function verify  bundle   key        return hash equals        hash hmac  sha256   mb substr  bundle  64  null   8bit     key         mb substr  bundle  0  64   8bit             function getKey  password   keysize   16        return hash pbkdf2  sha256   password  some token  100000  keysize true      function encrypt  message   password         iv   random bytes 16        key   getKey  password        result   sign openssl encrypt  message  aes-256-ctr   key OPENSSL RAW DATA  iv    key       return bin2hex  iv  bin2hex  result      function decrypt  hash   password         iv   hex2bin substr  hash  0  32         data   hex2bin substr  hash  32         key   getKey  password       if   verify  data   key           return null            return openssl decrypt mb substr  data  64  null   8bit    aes-256-ctr   key OPENSSL RAW DATA  iv       string to encrypt  John Smith    password  password    encrypted string encrypt  string to encrypt   password    decrypted string decrypt  encrypted string   password

User · Answer

Below code work in php for all string with special character              Encrypt text --       token    9611222007552           cipher method    aes-128-ctr          enc key   openssl digest php uname     SHA256   TRUE            enc iv   openssl random pseudo bytes openssl cipher iv length  cipher method             crypted token   openssl encrypt  token   cipher method   enc key  0   enc iv           bin2hex  enc iv       echo     crypted token        unset  token   cipher method   enc key   enc iv           Decrypt text  --       list  crypted token   enc iv    explode        crypted token            cipher method    aes-128-ctr          enc key   openssl digest php uname     SHA256   TRUE          token   openssl decrypt  crypted token   cipher method   enc key  0  hex2bin  enc iv        echo    token        unset  crypted token   cipher method   enc key   enc iv

User · Answer

Historical Note  This was written at the time of PHP4  This is what we call  legacy code  now    I have left this answer for historical purposes - but some of the methods are now deprecated  DES encryption method is not a recommended practice  etc   I have not updated this code for two reasons  1  I no longer work with encryption methods by hand in PHP  and 2  this code still serves the purpose it was intended for  to demonstrate the minimum  simplistic concept of how encryption can work in PHP    If you find a similarly simplistic   PHP encryption for dummies  kind of source that can get people started in 10-20 lines of code or less  let me know in comments   Beyond that  please enjoy this Classic Episode of early-era PHP4 minimalistic encryption answer     Ideally you have - or can get - access to the mcrypt PHP library  as its certainly popular and very useful a variety of tasks  Here s a run down of the different kinds of encryption and some example code  Encryption Techniques in PHP    Listing 3  Encrypting Data Using the mcrypt ecb Function    lt  php  echo   lt h3 gt  Symmetric Encryption  lt  h3 gt       key value    KEYVALUE     plain text    PLAINTEXT     encrypted text   mcrypt ecb MCRYPT DES   key value   plain text  MCRYPT ENCRYPT    echo    lt p gt  lt b gt  Text after encryption    lt  b gt      echo    encrypted text      decrypted text   mcrypt ecb MCRYPT DES   key value   encrypted text  MCRYPT DECRYPT    echo    lt p gt  lt b gt  Text after decryption    lt  b gt      echo    decrypted text       gt     A few warnings   1  Never use reversible  or  symmetric  encryption when a one-way hash will do   2  If the data is truly sensitive  like credit card or social security numbers  stop  you need more than any simple chunk of code will provide  but rather you need a crypto library designed for this purpose and a significant amount of time to research the methods necessary  Further  the software crypto is probably  lt 10  of security of sensitive data  It s like rewiring a nuclear power station - accept that the task is dangerous and difficult and beyond your knowledge if that s the case  The financial penalties can be immense  so better to use a service and ship responsibility to them   3  Any sort of easily implementable encryption  as listed here  can reasonably protect mildly important information that you want to keep from prying eyes or limit exposure in the case of accidental intentional leak  But seeing as how the key is stored in plain text on the web server  if they can get the data they can get the decryption key   Be that as it may  have fun

User · Answer

These are compact methods to encrypt   decrypt strings with PHP using AES256 CBC   function encryptString  plaintext   password   encoding   null         iv   openssl random pseudo bytes 16        ciphertext   openssl encrypt  plaintext   AES-256-CBC   hash  sha256    password  true   OPENSSL RAW DATA   iv        hmac   hash hmac  sha256    ciphertext  iv  hash  sha256    password  true   true       return  encoding     hex    bin2hex  iv  hmac  ciphertext      encoding     base64    base64 encode  iv  hmac  ciphertext     iv  hmac  ciphertext      function decryptString  ciphertext   password   encoding   null         ciphertext    encoding     hex    hex2bin  ciphertext      encoding     base64    base64 decode  ciphertext     ciphertext       if   hash equals hash hmac  sha256   substr  ciphertext  48  substr  ciphertext  0  16   hash  sha256    password  true   true   substr  ciphertext  16  32    return null      return openssl decrypt substr  ciphertext  48    AES-256-CBC   hash  sha256    password  true   OPENSSL RAW DATA  substr  ciphertext  0  16        Usage    enc   encryptString  mysecretText    myPassword     dec   decryptString  enc   myPassword

User · Answer

I m late to the party  but searching for the correct way to do it I came across this page it was one of the top Google search returns  so I will like to share my view on the problem  which I consider it to be up to date at the time of writing this post  beginning of 2017   From PHP 7 1 0 the mcrypt decrypt and mcrypt encrypt is going to be deprecated  so building future proof code should use openssl encrypt and openssl decrypt  You can do something like    string to encrypt  Test    password  password    encrypted string openssl encrypt  string to encrypt  AES-128-ECB   password    decrypted string openssl decrypt  encrypted string  AES-128-ECB   password        Important  This uses ECB mode  which isn t secure  If you want a simple solution without taking a crash course in cryptography engineering  don t write it yourself  just use a library    You can use any other chipper methods as well  depending on your security need  To find out the available chipper methods please see the openssl get cipher methods function

User · Answer

Before you do anything further  seek to understand the difference between encryption and authentication  and why you probably want authenticated encryption rather than just encryption  To implement authenticated encryption  you want to Encrypt then MAC  The order of encryption and authentication is very important  One of the existing answers to this question made this mistake  as do many cryptography libraries written in PHP  You should avoid implementing your own cryptography  and instead use a secure library written by and reviewed by cryptography experts   Update  PHP 7 2 now provides libsodium  For best security  update your systems to use PHP 7 2 or higher and only follow the libsodium advice in this answer   Use libsodium if you have PECL access  or sodium compat if you want libsodium without PECL   otherwise    Use defuse php-encryption  don t roll your own cryptography  Both of the libraries linked above make it easy and painless to implement authenticated encryption into your own libraries  If you still want to write and deploy your own cryptography library  against the conventional wisdom of every cryptography expert on the Internet  these are the steps you would have to take  Encryption   Encrypt using AES in CTR mode  You may also use GCM  which removes the need for a separate MAC   Additionally  ChaCha20 and Salsa20  provided by libsodium  are stream ciphers and do not need special modes  Unless you chose GCM above  you should authenticate the ciphertext with HMAC-SHA-256  or  for the stream ciphers  Poly1305 -- most libsodium APIs do this for you   The MAC should cover the IV as well as the ciphertext   Decryption   Unless Poly1305 or GCM is used  recalculate the MAC of the ciphertext and compare it with the MAC that was sent using hash equals    If it fails  abort  Decrypt the message   Other Design Considerations   Do not compress anything ever  Ciphertext is not compressible  compressing plaintext before encryption can lead to information leaks  e g  CRIME and BREACH on TLS   Make sure you use mb strlen   and mb substr    using the  8bit  character set mode to prevent mbstring func overload issues  IVs should be generating using a CSPRNG  If you re using mcrypt create iv    DO NOT USE MCRYPT RAND   Also check out random compat    Unless you re using an AEAD construct  ALWAYS encrypt then MAC  bin2hex    base64 encode    etc  may leak information about your encryption keys via cache timing  Avoid them if possible   Even if you follow the advice given here  a lot can go wrong with cryptography  Always have a cryptography expert review your implementation  If you are not fortunate enough to be personal friends with a cryptography student at your local university  you can always try the Cryptography Stack Exchange forum for advice  If you need a professional analysis of your implementation  you can always hire a reputable team of security consultants to review your PHP cryptography code  disclosure  my employer   Important  When to Not Use Encryption Don t encrypt passwords  You want to hash them instead  using one of these password-hashing algorithms   Argon2 scrypt bcrypt PBKDF2-SHA256 with 86 000 iterations  Never use a general-purpose hash function  MD5  SHA256  for password storage  Don t encrypt URL Parameters  It s the wrong tool for the job  PHP String Encryption Example with Libsodium If you are on PHP  lt  7 2 or otherwise do not have libsodium installed  you can use sodium compat to accomplish the same result  albeit slower    lt  php declare strict types 1           Encrypt a message         param string  message - message to encrypt     param string  key - encryption key     return string     throws RangeException     function safeEncrypt string  message  string  key   string       if  mb strlen  key   8bit       SODIUM CRYPTO SECRETBOX KEYBYTES            throw new RangeException  Key is not the correct size  must be 32 bytes                 nonce   random bytes SODIUM CRYPTO SECRETBOX NONCEBYTES             cipher   base64 encode           nonce          sodium crypto secretbox               message               nonce               key                      sodium memzero  message       sodium memzero  key       return  cipher            Decrypt a message         param string  encrypted - message encrypted with safeEncrypt       param string  key - encryption key     return string     throws Exception     function safeDecrypt string  encrypted  string  key   string           decoded   base64 decode  encrypted        nonce   mb substr  decoded  0  SODIUM CRYPTO SECRETBOX NONCEBYTES   8bit         ciphertext   mb substr  decoded  SODIUM CRYPTO SECRETBOX NONCEBYTES  null   8bit              plain   sodium crypto secretbox open           ciphertext           nonce           key            if   is string  plain             throw new Exception  Invalid MAC              sodium memzero  ciphertext       sodium memzero  key       return  plain     Then to test it out   lt  php    This refers to the previous code block  require  quot safeCrypto php quot        Do this once then store it somehow   key   random bytes SODIUM CRYPTO SECRETBOX KEYBYTES    message    We are all living in a yellow submarine     ciphertext   safeEncrypt  message   key    plaintext   safeDecrypt  ciphertext   key    var dump  ciphertext   var dump  plaintext    Halite - Libsodium Made Easier One of the projects I ve been working on is an encryption library called Halite  which aims to make libsodium easier and more intuitive   lt  php use  ParagonIE Halite KeyFactory  use  ParagonIE Halite Symmetric Crypto as SymmetricCrypto      Generate a new random symmetric-key encryption key  You re going to want to store this   key   new KeyFactory  generateEncryptionKey       To save your encryption key  KeyFactory  save  key    path to secret key       To load it again   loadedkey   KeyFactory  loadEncryptionKey   path to secret key      message    We are all living in a yellow submarine    ciphertext   SymmetricCrypto  encrypt  message   key    plaintext   SymmetricCrypto  decrypt  ciphertext   key    var dump  ciphertext   var dump  plaintext    All of the underlying cryptography is handled by libsodium  Example with defuse php-encryption  lt  php        This requires https   github com defuse php-encryption    php composer phar require defuse php-encryption      use Defuse Crypto Crypto  use Defuse Crypto Key   require  quot vendor autoload php quot       Do this once then store it somehow   key   Key  createNewRandomKey      message    We are all living in a yellow submarine     ciphertext   Crypto  encrypt  message   key    plaintext   Crypto  decrypt  ciphertext   key    var dump  ciphertext   var dump  plaintext    Note  Crypto  encrypt   returns hex-encoded output  Encryption Key Management If you re tempted to use a  quot password quot   stop right now  You need a random 128-bit encryption key  not a human memorable password  You can store an encryption key for long-term use like so   storeMe   bin2hex  key    And  on demand  you can retrieve it like so   key   hex2bin  storeMe    I strongly recommend just storing a randomly generated key for long-term use instead of any sort of password as the key  or to derive the key   If you re using Defuse s library    string    keyObject- gt saveToAsciiSafeString    loaded   Key  loadFromAsciiSafeString  string     quot But I really want to use a password  quot  That s a bad idea  but okay  here s how to do it safely  First  generate a random key and store it in a constant         Replace this with your own salt      Use bin2hex   then add  x before every 2 hex characters  like so      define  MY PBKDF2 SALT    quot  x2d xb7 x68 x1a x28 x15 xbe x06 x33 xa0 x7e x0e x8f x79 xd5 xdf quot     Note that you re adding extra work and could just use this constant as the key and save yourself a lot of heartache  Then use PBKDF2  like so  to derive a suitable encryption key from your password rather than encrypting with your password directly         Get an AES key from a static password and a secret salt         param string  password Your weak password here     param int  keysize Number of bytes in encryption key     function getKeyFromPassword  password   keysize   16        return hash pbkdf2           sha256            password          MY PBKDF2 SALT          100000     Number of iterations          keysize          true           Don t just use a 16-character password  Your encryption key will be comically broken

User · Answer

What not to do     WARNING    This answer uses ECB  ECB is not an encryption mode  it s only a building block  Using ECB as demonstrated in this answer does not actually encrypt the string securely  Do not use ECB in your code  See Scott s answer for a good solution    I got it on myself  Actually i found some answer on google and just modified something  The result is completely insecure however    lt  php define  ENCRYPTION KEY           amp       string    This is the original data string     echo  encrypted   encrypt  string  ENCRYPTION KEY   echo   lt br   gt    echo  decrypted   decrypt  encrypted  ENCRYPTION KEY           Returns an encrypted  amp  utf8-encoded     function encrypt  pure string   encryption key         iv size   mcrypt get iv size MCRYPT BLOWFISH  MCRYPT MODE ECB        iv   mcrypt create iv  iv size  MCRYPT RAND        encrypted string   mcrypt encrypt MCRYPT BLOWFISH   encryption key  utf8 encode  pure string   MCRYPT MODE ECB   iv       return  encrypted string            Returns decrypted original string     function decrypt  encrypted string   encryption key         iv size   mcrypt get iv size MCRYPT BLOWFISH  MCRYPT MODE ECB        iv   mcrypt create iv  iv size  MCRYPT RAND        decrypted string   mcrypt decrypt MCRYPT BLOWFISH   encryption key   encrypted string  MCRYPT MODE ECB   iv       return  decrypted string      gt

User · Answer

Updated  PHP 7 ready version  It uses openssl encrypt function from PHP OpenSSL Library   class Openssl EncryptDecrypt       function encrypt   pure string   encryption key             cipher        AES-256-CBC            options      OPENSSL RAW DATA           hash algo     sha256            sha2len      32           ivlen   openssl cipher iv length  cipher            iv   openssl random pseudo bytes  ivlen            ciphertext raw   openssl encrypt  pure string   cipher   encryption key   options   iv            hmac   hash hmac  hash algo   ciphertext raw   encryption key  true           return  iv  hmac  ciphertext raw            function decrypt   encrypted string   encryption key             cipher        AES-256-CBC            options      OPENSSL RAW DATA           hash algo     sha256            sha2len      32           ivlen   openssl cipher iv length  cipher            iv   substr  encrypted string  0   ivlen            hmac   substr  encrypted string   ivlen   sha2len            ciphertext raw   substr  encrypted string   ivlen  sha2len            original plaintext   openssl decrypt  ciphertext raw   cipher   encryption key   options   iv            calcmac   hash hmac  hash algo   ciphertext raw   encryption key  true           if function exists  hash equals                  if  hash equals  hmac   calcmac   return  original plaintext            else               if   this- gt hash equals custom  hmac   calcmac   return  original plaintext                                  Optional         hash equals   function polyfilling         PHP 5 6  timing attack safe comparison             function hash equals custom  knownString   userString            if  function exists  mb strlen                   kLen   mb strlen  knownString   8bit                 uLen   mb strlen  userString   8bit              else                kLen   strlen  knownString                uLen   strlen  userString                     if   kLen      uLen                return false                     result   0          for   i   0   i  lt   kLen   i                   result     ord  knownString  i     ord  userString  i                       return 0      result           define  ENCRYPTION KEY         amp Q   amp         amp          string    This is the original string      OpensslEncryption   new Openssl EncryptDecrypt   encrypted    OpensslEncryption- gt encrypt  string  ENCRYPTION KEY    decrypted    OpensslEncryption- gt decrypt  encrypted  ENCRYPTION KEY

User · Answer

For Laravel framework If you are using Laravel framework then it s more easy to encrypt and decrypt with internal functions   string    Some text to be encrypted    encrypted    Illuminate Support Facades Crypt  encrypt  string    decrypted string    Illuminate Support Facades Crypt  decrypt  encrypted    var dump  string   var dump  encrypted   var dump  decrypted string     Note  Be sure to set a 16  24  or 32 character random string in the key option of the config app php file  Otherwise  encrypted values will not be secure

[php] How do you Encrypt and Decrypt a PHP String?

Examples related to php

Examples related to security

Examples related to encryption

Examples related to cryptography

Examples related to encryption-symmetric