Have you ever wanted to improve your app's security by hiding everything in your database? Let's make a simple encryption and decryption script in PHP using the openssl_encrypt
and openssl_decrypt
functions
Step 1
Let's define some variables
<?php
define("encryption_method", "AES-128-CBC");
define("key", "your_amazing_key_here");
Obviously, change the encryption key
Step 2
Creating a function to encrypt data
<?php
function encrypt($data) {
$key = key;
$plaintext = $data;
$ivlen = openssl_cipher_iv_length($cipher = encryption_method);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
$ciphertext = base64_encode($iv . $hmac . $ciphertext_raw);
return $ciphertext;
}
Explained
-
openssl_random_pseudo_bytes
- Generates a string of pseudo-random bytes, with the number of bytes determined by the length parameter. -
openssl_cipher_iv_length
- The cipher method, see openssl_get_cipher_methods() for a list of potential values -
openssl_encrypt
- PHP lacks a build-in function to encrypt and decrypt large files.openssl_encrypt()
can be used to encrypt strings -
hash_hmac
- Returns a string containing the calculated message digest as lowercase hexits unless binary is set to true in which case the raw binary representation -
base64_encode
- Encodes the given string with base64
Step 3
Let's create a simple script to decrypt our encrypted string
function decrypt($data) {
$key = key;
$c = base64_decode($data);
$ivlen = openssl_cipher_iv_length($cipher = encryption_method);
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len = 32);
$ciphertext_raw = substr($c, $ivlen + $sha2len);
$original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
$calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
if (hash_equals($hmac, $calcmac))
{
return $original_plaintext;
}
}
Explained
The only difference here is the openssl_decrypt
function. Takes a raw or base64 encoded string and decrypts it using a given method and key.
Complete code
<?php
define("encryption_method", "AES-128-CBC");
define("key", "your_amazing_key_here");
function encrypt($data) {
$key = key;
$plaintext = $data;
$ivlen = openssl_cipher_iv_length($cipher = encryption_method);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
$ciphertext = base64_encode($iv . $hmac . $ciphertext_raw);
return $ciphertext;
}
function decrypt($data) {
$key = key;
$c = base64_decode($data);
$ivlen = openssl_cipher_iv_length($cipher = encryption_method);
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len = 32);
$ciphertext_raw = substr($c, $ivlen + $sha2len);
$original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
$calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
if (hash_equals($hmac, $calcmac))
{
return $original_plaintext;
}
}
echo encrypt("Hello World!");
echo "\n";
echo decrypt(encrypt("Hello World!"));
?>
How to use
To encrypt something
encrypt("Foo");
To decrypt something
decrypt("lF0wxjGE4H7bbSH/51+ihseCa7aT5hn2Wm0b4expCxqc/W9A38m37QXakG/i/hAjSrNzMpINfZWnh8/9Kd2nodHTiP0Vq0euQ4Z3BOO1vt0WP6dsGRR03po7e4dIlep/lMrwS341jzN+o+FPUtcPVPUr6BEc0RtHwFoUH6NNm+2mWXYLUVH4Ct86iuD8+6eBC1SG3IG21R1dWREGdLrsWQ==")
See if you can decrypt the following message. I'll post the encryption key in the comments section later!
Hint: The key is a 3-letter programming language
Credits
This code was taken from my own app, Smartlist. Smartlist is a home inventory app that lets you keep track of what's in your home! We encrypt our items, tasks, and notes too!
Top comments (0)