Simplest two-way encryption using PHP

Question

What is the simplest way of doing two way encryption in common PHP installs   I need to be able to encrypt data with a string key  and use the same key to decrypt on the other end   The security isn t as big of a concern as the portability of the code  so I d like to be able to keep things as simple as possible  Currently  I am using an RC4 implementation  but if I can find something natively supported I figure I can save a lot of unnecessary code

User · Answer

IMPORTANT this answer is valid only for PHP 5  in PHP 7 use built-in cryptographic functions    Here is simple but secure enough implementation    AES-256 encryption in CBC mode   PBKDF2 to create encryption key out of plain-text password   HMAC to authenticate the encrypted message    Code and examples are here  https   stackoverflow com a 19445173 1387163

User · Answer

Use mcrypt encrypt   and mcrypt decrypt   with corresponding parameters  Really easy and straight forward  and you use a battle-tested encryption package   EDIT   5 years and 4 months after this answer  the mcrypt extension is now in the process of deprecation and eventual removal from PHP

User · Answer

Encrypting using openssl encrypt   The openssl encrypt function provides a secured and easy way to encrypt your data  In the script below  we use the AES128 encryption method  but you may consider other kind of encryption method depending on what you want to encrypt   lt  php  message to encrypt    quot Yoroshikune quot    secret key    quot my-secret-key quot    method    quot aes128 quot    iv length   openssl cipher iv length  method    iv   openssl random pseudo bytes  iv length     encrypted message   openssl encrypt  message to encrypt   method   secret key  0   iv    echo  encrypted message    gt   Here is an explanation of the variables used   message to encrypt   the data you want to encrypt secret key   it is your    password    for encryption  Be sure not to choose something too easy and be careful not to share your secret key with other people method   the method of encryption  Here we chose AES128  iv length and iv   prepare the encryption using bytes encrypted message   the variable including your encrypted message Decrypting using openssl decrypt   Now you encrypted your data  you may need to decrypt it in order to re-use the message you first included into a variable  In order to do so  we will use the function openssl decrypt     lt  php  message to encrypt    quot Yoroshikune quot    secret key    quot my-secret-key quot    method    quot aes128 quot    iv length   openssl cipher iv length  method    iv   openssl random pseudo bytes  iv lenght    encrypted message   openssl encrypt  message to encrypt   method   secret key  0   iv     decrypted message   openssl decrypt  encrypted message   method   secret key  0   iv    echo  decrypted message    gt   The decrypt method proposed by openssl decrypt   is close to openssl encrypt    The only difference is that instead of adding  message to encrypt  you will need to add your already encrypted message as the first argument of openssl decrypt    That is all you have to do

User · Answer

Important  Unless you have a very particular use-case  do not encrypt passwords  use a password hashing algorithm instead  When someone says they encrypt their passwords in a server-side application  they re either uninformed or they re describing a dangerous system design  Safely storing passwords is a totally separate problem from encryption   Be informed  Design safe systems   Portable Data Encryption in PHP  If you re using PHP 5 4 or newer and don t want to write a cryptography module yourself  I recommend using an existing library that provides authenticated encryption  The library I linked relies only on what PHP provides and is under periodic review by a handful of security researchers   Myself included    If your portability goals do not prevent requiring PECL extensions  libsodium is highly recommended over anything you or I can write in PHP   Update  2016-06-12   You can now use sodium compat and use the same crypto libsodium offers without installing PECL extensions   If you want to try your hand at cryptography engineering  read on     First  you should take the time to learn the dangers of unauthenticated encryption and the Cryptographic Doom Principle    Encrypted data can still be tampered with by a malicious user  Authenticating the encrypted data prevents tampering  Authenticating the unencrypted data does not prevent tampering    Encryption and Decryption  Encryption in PHP is actually simple  we re going to use openssl encrypt   and openssl decrypt   once you have made some decisions about how to encrypt your information  Consult openssl get cipher methods   for a list of the methods supported on your system  The best choice is AES in CTR mode    aes-128-ctr aes-192-ctr aes-256-ctr   There is currently no reason to believe that the AES key size is a significant issue to worry about  bigger is probably not better  due to bad key-scheduling in the 256-bit mode    Note  We are not using mcrypt because it is abandonware and has unpatched bugs that might be security-affecting  Because of these reasons  I encourage other PHP developers to avoid it as well   Simple Encryption Decryption Wrapper using OpenSSL  class UnsafeCrypto       const METHOD    aes-256-ctr                   Encrypts  but does not authenticate  a message                 param string  message - plaintext message         param string  key - encryption key  raw binary expected          param boolean  encode - set to TRUE to return a base64-encoded          return string  raw binary              public static function encrypt  message   key   encode   false                 nonceSize   openssl cipher iv length self  METHOD            nonce   openssl random pseudo bytes  nonceSize             ciphertext   openssl encrypt               message              self  METHOD               key              OPENSSL RAW DATA               nonce                        Now let s pack the IV and the ciphertext together            Naively  we can just concatenate         if   encode                return base64 encode  nonce  ciphertext                     return  nonce  ciphertext                        Decrypts  but does not verify  a message                 param string  message - ciphertext message         param string  key - encryption key  raw binary expected          param boolean  encoded - are we expecting an encoded string          return string             public static function decrypt  message   key   encoded   false                if   encoded                 message   base64 decode  message  true               if   message     false                    throw new Exception  Encryption failure                                      nonceSize   openssl cipher iv length self  METHOD            nonce   mb substr  message  0   nonceSize   8bit             ciphertext   mb substr  message   nonceSize  null   8bit              plaintext   openssl decrypt               ciphertext              self  METHOD               key              OPENSSL RAW DATA               nonce                     return  plaintext            Usage Example   message    Ready your ammunition  we attack at dawn     key   hex2bin  000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f      encrypted   UnsafeCrypto  encrypt  message   key    decrypted   UnsafeCrypto  decrypt  encrypted   key    var dump  encrypted   decrypted     Demo  https   3v4l org jl7qR    The above simple crypto library still is not safe to use  We need to authenticate ciphertexts and verify them before we decrypt   Note  By default  UnsafeCrypto  encrypt   will return a raw binary string  Call it like this if you need to store it in a binary-safe format  base64-encoded     message    Ready your ammunition  we attack at dawn     key   hex2bin  000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f      encrypted   UnsafeCrypto  encrypt  message   key  true    decrypted   UnsafeCrypto  decrypt  encrypted   key  true    var dump  encrypted   decrypted     Demo  http   3v4l org f5K93  Simple Authentication Wrapper  class SaferCrypto extends UnsafeCrypto       const HASH ALGO    sha256                   Encrypts then MACs a message                 param string  message - plaintext message         param string  key - encryption key  raw binary expected          param boolean  encode - set to TRUE to return a base64-encoded string         return string  raw binary              public static function encrypt  message   key   encode   false                list  encKey   authKey    self  splitKeys  key               Pass to UnsafeCrypto  encrypt          ciphertext   parent  encrypt  message   encKey               Calculate a MAC of the IV and ciphertext          mac   hash hmac self  HASH ALGO   ciphertext   authKey  true            if   encode                return base64 encode  mac  ciphertext                        Prepend MAC to the ciphertext and return to caller         return  mac  ciphertext                        Decrypts a message  after verifying integrity                  param string  message - ciphertext message         param string  key - encryption key  raw binary expected          param boolean  encoded - are we expecting an encoded string          return string  raw binary              public static function decrypt  message   key   encoded   false                list  encKey   authKey    self  splitKeys  key           if   encoded                 message   base64 decode  message  true               if   message     false                    throw new Exception  Encryption failure                                        Hash Size -- in case HASH ALGO is changed          hs   mb strlen hash self  HASH ALGO      true    8bit             mac   mb substr  message  0   hs   8bit              ciphertext   mb substr  message   hs  null   8bit              calculated   hash hmac              self  HASH ALGO               ciphertext               authKey              true                     if   self  hashEquals  mac   calculated                 throw new Exception  Encryption failure                          Pass to UnsafeCrypto  decrypt          plaintext   parent  decrypt  ciphertext   encKey            return  plaintext                        Splits a key into two separate keys  one for encryption        and the other for authenticaiton                 param string  masterKey  raw binary          return array  two raw binary strings              protected static function splitKeys  masterKey                   You really want to implement HKDF here instead          return               hash hmac self  HASH ALGO   ENCRYPTION    masterKey  true               hash hmac self  HASH ALGO   AUTHENTICATION    masterKey  true                                   Compare two strings without leaking timing information                 param string  a         param string  b         ref https   paragonie com b WS1DLx6BnpsdaVQW         return boolean             protected static function hashEquals  a   b                if  function exists  hash equals                  return hash equals  a   b                      nonce   openssl random pseudo bytes 32           return hash hmac self  HASH ALGO   a   nonce      hash hmac self  HASH ALGO   b   nonce             Usage Example   message    Ready your ammunition  we attack at dawn     key   hex2bin  000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f      encrypted   SaferCrypto  encrypt  message   key    decrypted   SaferCrypto  decrypt  encrypted   key    var dump  encrypted   decrypted     Demos  raw binary  base64-encoded    If anyone wishes to use this SaferCrypto library in a production environment  or your own implementation of the same concepts  I strongly recommend reaching out to your resident cryptographers for a second opinion before you do  They ll be able tell you about mistakes that I might not even be aware of   You will be much better off using a reputable cryptography library

User · Answer

Edited   You should really be using openssl encrypt    amp  openssl decrypt    As Scott says  Mcrypt is not a good idea as it has not been updated since 2007   There is even an RFC to remove Mcrypt from PHP - https   wiki php net rfc mcrypt-viking-funeral

User · Answer

PHP 7 2 moved completely away from Mcrypt and the encryption now is based on the maintainable Libsodium library   All your encryption needs can be basically resolved through Libsodium library      On Alice s computer   msg    This comes from Alice     signed msg   sodium crypto sign  msg   secret sign key        On Bob s computer   original msg   sodium crypto sign open  signed msg   alice sign publickey   if   original msg     false        throw new Exception  Invalid signature      else       echo  original msg     Displays  This comes from Alice       Libsodium documentation  https   github com paragonie pecl-libsodium-doc

[php] Simplest two-way encryption using PHP

Examples related to php

Examples related to security

Examples related to encryption

Examples related to cryptography

Examples related to encryption-symmetric