Login/Register
How do you Encrypt and Decrypt a PHP String?
Asked Answered
Solved phpsecurityencryptioncryptographyencryption-symmetric
M

10

279

What I mean is:

Original String + Salt or Key --> Encrypted String
Encrypted String + Salt or Key --> Decrypted (Original String)

Maybe something like:

"hello world!" + "ABCD1234" --> Encrypt --> "2a2ffa8f13220befbe30819047e23b2c" (may be, for e.g)
"2a2ffa8f13220befbe30819047e23b2c" --> Decrypt with "ABCD1234" --> "hello world!"
  • In PHP, how can you do this?

Attempted to use Crypt_Blowfish, but it didn't work for me.

Marigraph answered 17/5, 2013 at 2:57 Comment(5)
@Rogue He doesn't want a hash, he wants symmetric encryption (like AES), he just doesn't know what it's called. (And now he does :) )Lumber
how secure does it need to be?Dactylology
@夏期劇場, You do not 'salt' symmetrical encryption, you use a key. A key must be kept secret. A salt can be public without harming security (as long as everyone's salt is different), and it is a term used in hashing passwords.Lumber
You need a Salt (private key), a public key an an encryption algorithm like AES-256: wpy.me/blog/15-encrypt-and-decrypt-data-in-php-using-aes-256Willem
@CristianFlorea The author of that blog post uses terms that simply do not make the slightest bit of sense in the context of symmetric encryption. There is no public key with AES, nor is there a salt. There is a single key; it must be kept secret. In some modes of operation there is an IV that need not be secret, but an IV is not a salt (depending on mode, it can have quite different requirements) and need not be secret, while the actual encryption key absolutely cannot be public. Public/private key applies to asymmetric crypto, but has nothing to do with AES.Intermingle
M
25

Updated

PHP 7 ready version. It uses openssl_encrypt function from PHP OpenSSL Library.

class Openssl_EncryptDecrypt {
    function encrypt ($pure_string, $encryption_key) {
        $cipher     = 'AES-256-CBC';
        $options    = OPENSSL_RAW_DATA;
        $hash_algo  = 'sha256';
        $sha2len    = 32;
        $ivlen = openssl_cipher_iv_length($cipher);
        $iv = openssl_random_pseudo_bytes($ivlen);
        $ciphertext_raw = openssl_encrypt($pure_string, $cipher, $encryption_key, $options, $iv);
        $hmac = hash_hmac($hash_algo, $ciphertext_raw, $encryption_key, true);
        return $iv.$hmac.$ciphertext_raw;
    }
    function decrypt ($encrypted_string, $encryption_key) {
        $cipher     = 'AES-256-CBC';
        $options    = OPENSSL_RAW_DATA;
        $hash_algo  = 'sha256';
        $sha2len    = 32;
        $ivlen = openssl_cipher_iv_length($cipher);
        $iv = substr($encrypted_string, 0, $ivlen);
        $hmac = substr($encrypted_string, $ivlen, $sha2len);
        $ciphertext_raw = substr($encrypted_string, $ivlen+$sha2len);
        $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $encryption_key, $options, $iv);
        $calcmac = hash_hmac($hash_algo, $ciphertext_raw, $encryption_key, true);
        if(function_exists('hash_equals')) {
            if (hash_equals($hmac, $calcmac)) return $original_plaintext;
        } else {
            if ($this->hash_equals_custom($hmac, $calcmac)) return $original_plaintext;
        }
    }
    /**
     * (Optional)
     * hash_equals() function polyfilling.
     * PHP 5.6+ timing attack safe comparison
     */
    function hash_equals_custom($knownString, $userString) {
        if (function_exists('mb_strlen')) {
            $kLen = mb_strlen($knownString, '8bit');
            $uLen = mb_strlen($userString, '8bit');
        } else {
            $kLen = strlen($knownString);
            $uLen = strlen($userString);
        }
        if ($kLen !== $uLen) {
            return false;
        }
        $result = 0;
        for ($i = 0; $i < $kLen; $i++) {
            $result |= (ord($knownString[$i]) ^ ord($userString[$i]));
        }
        return 0 === $result;
    }
}

define('ENCRYPTION_KEY', '__^%&Q@$&*!@#$%^&*^__');
$string = "This is the original string!";

$OpensslEncryption = new Openssl_EncryptDecrypt;
$encrypted = $OpensslEncryption->encrypt($string, ENCRYPTION_KEY);
$decrypted = $OpensslEncryption->decrypt($encrypted, ENCRYPTION_KEY);
Marigraph answered 29/7, 2019 at 8:15 Comment(6)
This is better and much safer version. Thanks, it works as expected too.Drafty
how do you create and where do you keep the encryption key?Astern
But, Encrypted Text changed everytime, How can I compare stored encrypted string with it?Earthstar
OK! I understood, I've changed openssl_random_pseudo_bytes function to static 16 char string.. Thank You!!!Earthstar
I used this in my project with some changes in order to use it statically. Thank you!!!!Reduction
$cipher = 'AES-256-CTR'; is betterBody
R
475

Before you do anything further, seek to understand the difference between encryption and authentication, and why you probably want authenticated encryption rather than just encryption.

To implement authenticated encryption, you want to Encrypt then MAC. The order of encryption and authentication is very important! One of the existing answers to this question made this mistake; as do many cryptography libraries written in PHP.

You should avoid implementing your own cryptography, and instead use a secure library written by and reviewed by cryptography experts.

Update: PHP 7.2 now provides libsodium! For best security, update your systems to use PHP 7.2 or higher and only follow the libsodium advice in this answer.

Use libsodium if you have PECL access (or sodium_compat if you want libsodium without PECL); otherwise...
Use defuse/php-encryption; don't roll your own cryptography!

Both of the libraries linked above make it easy and painless to implement authenticated encryption into your own libraries.

If you still want to write and deploy your own cryptography library, against the conventional wisdom of every cryptography expert on the Internet, these are the steps you would have to take.

Encryption:

  1. Encrypt using AES in CTR mode. You may also use GCM (which removes the need for a separate MAC). Additionally, ChaCha20 and Salsa20 (provided by libsodium) are stream ciphers and do not need special modes.
  2. Unless you chose GCM above, you should authenticate the ciphertext with HMAC-SHA-256 (or, for the stream ciphers, Poly1305 -- most libsodium APIs do this for you). The MAC should cover the IV as well as the ciphertext!

Decryption:

  1. Unless Poly1305 or GCM is used, recalculate the MAC of the ciphertext and compare it with the MAC that was sent using hash_equals(). If it fails, abort.
  2. Decrypt the message.

Other Design Considerations:

  1. Do not compress anything ever. Ciphertext is not compressible; compressing plaintext before encryption can lead to information leaks (e.g. CRIME and BREACH on TLS).
  2. Make sure you use mb_strlen() and mb_substr(), using the '8bit' character set mode to prevent mbstring.func_overload issues.
  3. IVs should be generating using a CSPRNG; If you're using mcrypt_create_iv(), DO NOT USE MCRYPT_RAND!
  4. Unless you're using an AEAD construct, ALWAYS encrypt then MAC!
  5. bin2hex(), base64_encode(), etc. may leak information about your encryption keys via cache timing. Avoid them if possible.

Even if you follow the advice given here, a lot can go wrong with cryptography. Always have a cryptography expert review your implementation. If you are not fortunate enough to be personal friends with a cryptography student at your local university, you can always try the Cryptography Stack Exchange forum for advice.

If you need a professional analysis of your implementation, you can always hire a reputable team of security consultants to review your PHP cryptography code (disclosure: my employer).

Important: When to Not Use Encryption

Don't encrypt passwords. You want to hash them instead, using one of these password-hashing algorithms:

Never use a general-purpose hash function (MD5, SHA256) for password storage.

Don't encrypt URL Parameters. It's the wrong tool for the job.

PHP String Encryption Example with Libsodium

If you are on PHP < 7.2 or otherwise do not have libsodium installed, you can use sodium_compat to accomplish the same result (albeit slower).

<?php
declare(strict_types=1);

/**
 * Encrypt a message
 * 
 * @param string $message - message to encrypt
 * @param string $key - encryption key
 * @return string
 * @throws RangeException
 */
function safeEncrypt(string $message, string $key): string
{
    if (mb_strlen($key, '8bit') !== SODIUM_CRYPTO_SECRETBOX_KEYBYTES) {
        throw new RangeException('Key is not the correct size (must be 32 bytes).');
    }
    $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
    
    $cipher = base64_encode(
        $nonce.
        sodium_crypto_secretbox(
            $message,
            $nonce,
            $key
        )
    );
    sodium_memzero($message);
    sodium_memzero($key);
    return $cipher;
}

/**
 * Decrypt a message
 * 
 * @param string $encrypted - message encrypted with safeEncrypt()
 * @param string $key - encryption key
 * @return string
 * @throws Exception
 */
function safeDecrypt(string $encrypted, string $key): string
{   
    $decoded = base64_decode($encrypted);
    $nonce = mb_substr($decoded, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, '8bit');
    $ciphertext = mb_substr($decoded, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, null, '8bit');
    
    $plain = sodium_crypto_secretbox_open(
        $ciphertext,
        $nonce,
        $key
    );
    if (!is_string($plain)) {
        throw new Exception('Invalid MAC');
    }
    sodium_memzero($ciphertext);
    sodium_memzero($key);
    return $plain;
}

Then to test it out:

<?php
// This refers to the previous code block.
require "safeCrypto.php"; 

// Do this once then store it somehow:
$key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);
$message = 'We are all living in a yellow submarine';

$ciphertext = safeEncrypt($message, $key);
$plaintext = safeDecrypt($ciphertext, $key);

var_dump($ciphertext);
var_dump($plaintext);

Halite - Libsodium Made Easier

One of the projects I've been working on is an encryption library called Halite, which aims to make libsodium easier and more intuitive.

<?php
use \ParagonIE\Halite\KeyFactory;
use \ParagonIE\Halite\Symmetric\Crypto as SymmetricCrypto;

// Generate a new random symmetric-key encryption key. You're going to want to store this:
$key = new KeyFactory::generateEncryptionKey();
// To save your encryption key:
KeyFactory::save($key, '/path/to/secret.key');
// To load it again:
$loadedkey = KeyFactory::loadEncryptionKey('/path/to/secret.key');

$message = 'We are all living in a yellow submarine';
$ciphertext = SymmetricCrypto::encrypt($message, $key);
$plaintext = SymmetricCrypto::decrypt($ciphertext, $key);

var_dump($ciphertext);
var_dump($plaintext);

All of the underlying cryptography is handled by libsodium.

Example with defuse/php-encryption

<?php
/**
 * This requires https://github.com/defuse/php-encryption
 * php composer.phar require defuse/php-encryption
 */

use Defuse\Crypto\Crypto;
use Defuse\Crypto\Key;

require "vendor/autoload.php";

// Do this once then store it somehow:
$key = Key::createNewRandomKey();

$message = 'We are all living in a yellow submarine';

$ciphertext = Crypto::encrypt($message, $key);
$plaintext = Crypto::decrypt($ciphertext, $key);

var_dump($ciphertext);
var_dump($plaintext);

Note: Crypto::encrypt() returns hex-encoded output.

Encryption Key Management

If you're tempted to use a "password", stop right now. You need a random 128-bit encryption key, not a human memorable password.

You can store an encryption key for long-term use like so:

$storeMe = bin2hex($key);

And, on demand, you can retrieve it like so:

$key = hex2bin($storeMe);

I strongly recommend just storing a randomly generated key for long-term use instead of any sort of password as the key (or to derive the key).

If you're using Defuse's library:

"But I really want to use a password."

That's a bad idea, but okay, here's how to do it safely.

First, generate a random key and store it in a constant.

/**
 * Replace this with your own salt! 
 * Use bin2hex() then add \x before every 2 hex characters, like so:
 */
define('MY_PBKDF2_SALT', "\x2d\xb7\x68\x1a\x28\x15\xbe\x06\x33\xa0\x7e\x0e\x8f\x79\xd5\xdf");

Note that you're adding extra work and could just use this constant as the key and save yourself a lot of heartache!

Then use PBKDF2 (like so) to derive a suitable encryption key from your password rather than encrypting with your password directly.

/**
 * Get an AES key from a static password and a secret salt
 * 
 * @param string $password Your weak password here
 * @param int $keysize Number of bytes in encryption key
 */
function getKeyFromPassword($password, $keysize = 16)
{
    return hash_pbkdf2(
        'sha256',
        $password,
        MY_PBKDF2_SALT,
        100000, // Number of iterations
        $keysize,
        true
    );
}

Don't just use a 16-character password. Your encryption key will be comically broken.

Ruttger answered 11/5, 2015 at 3:12 Comment(11)
Don't encrypt passwords, hash them with password_hash() and check them with password_verify().Ruttger
@ScottArciszewski I like your comment about key "// Do this once then store it somehow:" .. somehow, lol :)) well how about storing this 'key' (which is object) as plain string, hardcoded? I need the key itself, as a string. Can I get it from this object somehow? ThanksGyniatrics
Version 1.2.1: save it via bin2hex(). Version 2.0.0: Wait until it's finished then read the docs. DO NOT use version 2 before it's released.Ruttger
Thx, I had just to modify one line in order to make your sodium examples working: function getKeyFromPassword($password, $keysize = \Sodium\CRYPTO_SECRETBOX_KEYBYTES)Ernaernald
For those who are interested in a C# .NET version of Scott's classes, I have published a C# .NET port on GitHub: github.com/mayerwin/SaferCryptoBurglary
@this.lau_ NOOOOO that code is not secure why would you encourage people to copy and paste it?Ruttger
Considering I have to implement a simple, not-critical encryption on client's environments where almost never I have permission to install new libraries, should I go with ECB?Berkie
For versions of PHP prior to 5.4.8 your safeDecrypt function is not working because of mb_substring of cipher. instead of NULL you can pass in length like this $ciphertext = mb_substr($decoded, \Sodium\CRYPTO_SECRETBOX_NONCEBYTES, mb_strlen($decoded), '8bit');Diego
Wow! +1 for mentioning not to encrypt URL parameters. I really liked the article you provide: paragonie.com/blog/2015/09/…Polak
Your words "Never use a general-purpose hash function (MD5, SHA256) for password storage." My question: Why do you recommend against using SHA256 for hashing passwords if it is a strong hashing function?Gratt
@FabianAmran There are two distinct types of algorithms with the name "hash" in it. The first is a cryptographic hash function. This is something like SHA-256. The other is a password hashing function. This is something like PBKDF2 or Argon2. Don't confuse the two!Ruttger
P
137

I'm late to the party, but searching for the correct way to do it I came across this page it was one of the top Google search returns, so I will like to share my view on the problem, which I consider it to be up to date at the time of writing this post (beginning of 2017). From PHP 7.1.0 the mcrypt_decrypt and mcrypt_encrypt is going to be deprecated, so building future proof code should use openssl_encrypt and openssl_decrypt

You can do something like:

$string_to_encrypt="Test";
$password="password";
$encrypted_string=openssl_encrypt($string_to_encrypt,"AES-128-ECB",$password);
$decrypted_string=openssl_decrypt($encrypted_string,"AES-128-ECB",$password);

Important: This uses ECB mode, which isn't secure. If you want a simple solution without taking a crash course in cryptography engineering, don't write it yourself, just use a library.

You can use any other chipper methods as well, depending on your security need. To find out the available chipper methods please see the openssl_get_cipher_methods function.

Pneumectomy answered 12/1, 2017 at 22:24 Comment(16)
Thank you, I'm surprised this simple and clear answer is not more upvoted. I'd rather not read a 10 pages discussion on the subject like the top answer when all I want is encrypt/decrypt a simple string.Hierocracy
This isn't a secure answer. ECB mode shouldn't be used. If you want a "simple and clear answer", just use a library.Ruttger
@ScottArciszewski, yes I admit I've spoken too quickly while looking for some simple code. I've since then added an IV and using CBC in my own code, which is good enough for my use.Hierocracy
Read this and reconsider. With CBC mode, an attacker can completely change the message. If the message is a file, an attacker can flip bits and pop calc.exe. The risks of unauthenticated encryption are severe.Ruttger
It all depends on the use case! There are cases when this is perfectly FINE. For example I want to pass a GET parameter from page to page, let's say prod_id=123 but I just do not want to make 123 readable for everybody, however even if they could read it, it won't be a problem. An attacker being able to replace the 123 to a custom value won't cause any harm, he/she will only be able to get details of any other product, but Joe Average User won't have a clue on how to get details for product 124 for example. For a scenario like this, it's a perfect solution, for security it's a no go!Pneumectomy
By the way @ScottArciszewski, I'm NOT a security expert but looking at the functions parameters php.net/manual/en/function.openssl-decrypt.php it does support authentificated encryption/decryption which to my understanding is considered secure. The problem is the documentation is missing on how to use it properly.Pneumectomy
Re: OpenSSL supporting AEEAD: That's only possible in PHP 7.1, and requires extra care. Also, the person I'm responding to specifically said CBC is fine.Ruttger
"For example I want to pass a GET parameter from page to page, let's say prod_id=123 but I just do not want to make 123 readable for everybody, however even if they could read it, it won't be a problem." - Might I suggest a better way? paragonie.com/blog/2015/09/…Ruttger
Thank you @ScottArciszewski that's good, but its getting inconvenient where for example you want to pass multiple parameters or the return is simply read from a file (example picture). That will add an extra database query, sure it's a good solution it just depends on what is your user case.Pneumectomy
Why would you use a URL parameter (encrypted or not) to dictate which file to open? Do you want LFI vulnerabilities? Because that's how you get LFI vulnerabilities.Ruttger
@ScottArciszewski I'm not speaking of include! I have one page for example where I'm passed something like prodid=123, the processing script knows will do a recursive directory iteration of a specific path looking for EXACTLY "123 + something + extension", if found an x-sendfile is performed on the result (pdf) and displayed to the user. To the best of my knowledge that won't cause an LFI vulnerability, but please correct me if I'm wrong.Pneumectomy
Let us continue this discussion in chat.Pneumectomy
Do I need extra libraries to use openssl_encrypt/decrypt?Thaddeus
No you don't need.Pneumectomy
This is the best for me. Because this is pure nativeAnaximander
This worked well because I didn't need to add extra libraries or modules, I created a little bit of a scramble function before encrypting it, but I couldn't have the passwords encrypted or something. Next time I'll use Environment variable for salt.Saipan
M
45

What not to do

WARNING:
This answer uses ECB. ECB is not an encryption mode, it's only a building block. Using ECB as demonstrated in this answer does not actually encrypt the string securely. Do not use ECB in your code. See Scott's answer for a good solution.

I got it on myself. Actually i found some answer on google and just modified something. The result is completely insecure however.

<?php
define("ENCRYPTION_KEY", "!@#$%^&*");
$string = "This is the original data string!";

echo $encrypted = encrypt($string, ENCRYPTION_KEY);
echo "<br />";
echo $decrypted = decrypt($encrypted, ENCRYPTION_KEY);

/**
 * Returns an encrypted & utf8-encoded
 */
function encrypt($pure_string, $encryption_key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $encryption_key, utf8_encode($pure_string), MCRYPT_MODE_ECB, $iv);
    return $encrypted_string;
}

/**
 * Returns decrypted original string
 */
function decrypt($encrypted_string, $encryption_key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $decrypted_string = mcrypt_decrypt(MCRYPT_BLOWFISH, $encryption_key, $encrypted_string, MCRYPT_MODE_ECB, $iv);
    return $decrypted_string;
}
?>
Marigraph answered 17/5, 2013 at 10:1 Comment(16)
You can either user "MCRYPT_MODE_CBC" instead of "MCRYPT_MODE_ECB" to ensure more security.Product
MCRYPT_MODE_ECB doesn't use IVPettifog
Here is implementation of AES-128 encryption in CBC mode https://mcmap.net/q/110075/-how-do-i-encrypt-a-string-in-phpPettifog
Ramesh, this is because you're getting the raw encrypted data. You can get a nicer version of the encrypted data by using base64, like this: base64_encode(encrypt($string)) -- To decrypt it: decrypt(base64_decode($encrypted))Bereniceberenson
If your string is already encoded as UTF-8, running it through the utf8_encode function will break it, so it needs to be removed on line 15Aquacade
WARNING: this is insecure. ECB mode should not be used for strings, ECB does not take an IV, this is not authenticated, it uses a old cipher (Blowfish) instead of AES, the key is not binary etc. etc. The SO community should really stop upvoting encryption / decryption that just "work" and start upvoting answers that are known to be secure. If you don't know that for sure, don't vote.Jillion
I kind of did this already by having the sample code of mcrypt_encrypt replaced: php.net/manual/en/function.mcrypt-encrypt.php. Note that reviewing it now it probably should have a rtrim for character "\0" at the end.Jillion
The correct answer is to use something like defuse/php-encryption instead of writing your own mcrypt code.Ruttger
@RyanB the heading were actually on purpose, read the revision history "added a big fat warning, because this answer ... is harmful"Varve
one correction needed need to return trim($decrypted_string); as I was having trouble using this with file path on windowsBanta
@Banta thanks for the correction. And then, json_encode ? I didn't use it.Banana
When I try to json_encode the data, it won't let meBanta
when i crypt "abbie" with this code i get "?�Xg:e". & when i decrypt "?�Xg:e" i get "abbie" which seems good. but here is the my problem: the last "abbie" is not same with first "abbie". PHPs strcomp() function says so. Why is that?Prodigal
Not sure, but on Windows? Try something like what people were talking about in above conversations? It probably needs trim or rtrim.Banana
mcrypt_get_iv_size: This function has been DEPRECATED as of PHP 7.1.0Viridity
This solution no longer works or is discouraged for php version > 7.2Pentathlon
T
25

For Laravel framework

If you are using Laravel framework then it's more easy to encrypt and decrypt with internal functions.

$string = 'Some text to be encrypted';
$encrypted = \Illuminate\Support\Facades\Crypt::encrypt($string);
$decrypted_string = \Illuminate\Support\Facades\Crypt::decrypt($encrypted);

var_dump($string);
var_dump($encrypted);
var_dump($decrypted_string);

Note: Be sure to set a 16, 24, or 32 character random string in the key option of the config/app.php file. Otherwise, encrypted values will not be secure.

Tarton answered 14/12, 2015 at 12:58 Comment(1)
Sure, it may be easy to use. But is it secure? How does it address the issues in https://mcmap.net/q/107952/-how-do-you-encrypt-and-decrypt-a-php-string? Does it use authenticated encryption? Does it avoid side channel vulnerabilities and ensure constant-time equality checks? Does it use a truly random key rather than a password/passphrase? Does it use a suitable mode of operation? Does it generate random IV's properly?Selfwill
M
25

Updated

PHP 7 ready version. It uses openssl_encrypt function from PHP OpenSSL Library.

class Openssl_EncryptDecrypt {
    function encrypt ($pure_string, $encryption_key) {
        $cipher     = 'AES-256-CBC';
        $options    = OPENSSL_RAW_DATA;
        $hash_algo  = 'sha256';
        $sha2len    = 32;
        $ivlen = openssl_cipher_iv_length($cipher);
        $iv = openssl_random_pseudo_bytes($ivlen);
        $ciphertext_raw = openssl_encrypt($pure_string, $cipher, $encryption_key, $options, $iv);
        $hmac = hash_hmac($hash_algo, $ciphertext_raw, $encryption_key, true);
        return $iv.$hmac.$ciphertext_raw;
    }
    function decrypt ($encrypted_string, $encryption_key) {
        $cipher     = 'AES-256-CBC';
        $options    = OPENSSL_RAW_DATA;
        $hash_algo  = 'sha256';
        $sha2len    = 32;
        $ivlen = openssl_cipher_iv_length($cipher);
        $iv = substr($encrypted_string, 0, $ivlen);
        $hmac = substr($encrypted_string, $ivlen, $sha2len);
        $ciphertext_raw = substr($encrypted_string, $ivlen+$sha2len);
        $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $encryption_key, $options, $iv);
        $calcmac = hash_hmac($hash_algo, $ciphertext_raw, $encryption_key, true);
        if(function_exists('hash_equals')) {
            if (hash_equals($hmac, $calcmac)) return $original_plaintext;
        } else {
            if ($this->hash_equals_custom($hmac, $calcmac)) return $original_plaintext;
        }
    }
    /**
     * (Optional)
     * hash_equals() function polyfilling.
     * PHP 5.6+ timing attack safe comparison
     */
    function hash_equals_custom($knownString, $userString) {
        if (function_exists('mb_strlen')) {
            $kLen = mb_strlen($knownString, '8bit');
            $uLen = mb_strlen($userString, '8bit');
        } else {
            $kLen = strlen($knownString);
            $uLen = strlen($userString);
        }
        if ($kLen !== $uLen) {
            return false;
        }
        $result = 0;
        for ($i = 0; $i < $kLen; $i++) {
            $result |= (ord($knownString[$i]) ^ ord($userString[$i]));
        }
        return 0 === $result;
    }
}

define('ENCRYPTION_KEY', '__^%&Q@$&*!@#$%^&*^__');
$string = "This is the original string!";

$OpensslEncryption = new Openssl_EncryptDecrypt;
$encrypted = $OpensslEncryption->encrypt($string, ENCRYPTION_KEY);
$decrypted = $OpensslEncryption->decrypt($encrypted, ENCRYPTION_KEY);
Marigraph answered 29/7, 2019 at 8:15 Comment(6)
This is better and much safer version. Thanks, it works as expected too.Drafty
how do you create and where do you keep the encryption key?Astern
But, Encrypted Text changed everytime, How can I compare stored encrypted string with it?Earthstar
OK! I understood, I've changed openssl_random_pseudo_bytes function to static 16 char string.. Thank You!!!Earthstar
I used this in my project with some changes in order to use it statically. Thank you!!!!Reduction
$cipher = 'AES-256-CTR'; is betterBody
H
11

These are compact methods to encrypt / decrypt strings with PHP using AES256 CBC:

function encryptString($plaintext, $password, $encoding = null) {
    $iv = openssl_random_pseudo_bytes(16);
    $ciphertext = openssl_encrypt($plaintext, "AES-256-CBC", hash('sha256', $password, true), OPENSSL_RAW_DATA, $iv);
    $hmac = hash_hmac('sha256', $ciphertext.$iv, hash('sha256', $password, true), true);
    return $encoding == "hex" ? bin2hex($iv.$hmac.$ciphertext) : ($encoding == "base64" ? base64_encode($iv.$hmac.$ciphertext) : $iv.$hmac.$ciphertext);
}

function decryptString($ciphertext, $password, $encoding = null) {
    $ciphertext = $encoding == "hex" ? hex2bin($ciphertext) : ($encoding == "base64" ? base64_decode($ciphertext) : $ciphertext);
    if (!hash_equals(hash_hmac('sha256', substr($ciphertext, 48).substr($ciphertext, 0, 16), hash('sha256', $password, true), true), substr($ciphertext, 16, 32))) return null;
    return openssl_decrypt(substr($ciphertext, 48), "AES-256-CBC", hash('sha256', $password, true), OPENSSL_RAW_DATA, substr($ciphertext, 0, 16));
}

Usage:

$enc = encryptString("mysecretText", "myPassword");
$dec = decryptString($enc, "myPassword");

EDIT: This is a new version of functions that use AES256 GCM and PBKDF2 as key derivation, more secure.

function str_encryptaesgcm($plaintext, $password, $encoding = null) {
    if ($plaintext != null && $password != null) {
        $keysalt = openssl_random_pseudo_bytes(16);
        $key = hash_pbkdf2("sha512", $password, $keysalt, 20000, 32, true);
        $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length("aes-256-gcm"));
        $tag = "";
        $encryptedstring = openssl_encrypt($plaintext, "aes-256-gcm", $key, OPENSSL_RAW_DATA, $iv, $tag, "", 16);
        return $encoding == "hex" ? bin2hex($keysalt.$iv.$encryptedstring.$tag) : ($encoding == "base64" ? base64_encode($keysalt.$iv.$encryptedstring.$tag) : $keysalt.$iv.$encryptedstring.$tag);
    }
}

function str_decryptaesgcm($encryptedstring, $password, $encoding = null) {
    if ($encryptedstring != null && $password != null) {
        $encryptedstring = $encoding == "hex" ? hex2bin($encryptedstring) : ($encoding == "base64" ? base64_decode($encryptedstring) : $encryptedstring);
        $keysalt = substr($encryptedstring, 0, 16);
        $key = hash_pbkdf2("sha512", $password, $keysalt, 20000, 32, true);
        $ivlength = openssl_cipher_iv_length("aes-256-gcm");
        $iv = substr($encryptedstring, 16, $ivlength);
        $tag = substr($encryptedstring, -16);
        return openssl_decrypt(substr($encryptedstring, 16 + $ivlength, -16), "aes-256-gcm", $key, OPENSSL_RAW_DATA, $iv, $tag);
    }
}

Usage:

$enc = str_encryptaesgcm("mysecretText", "myPassword", "base64"); // return a base64 encrypted string, you can also choose hex or null as encoding.
$dec = str_decryptaesgcm($enc, "myPassword", "base64");
Hafler answered 3/6, 2020 at 14:23 Comment(0)
V
10

If you don't want to use library (which you should) then use something like this (PHP 7):

function sign($message, $key) {
    return hash_hmac('sha256', $message, $key) . $message;
}

function verify($bundle, $key) {
    return hash_equals(
      hash_hmac('sha256', mb_substr($bundle, 64, null, '8bit'), $key),
      mb_substr($bundle, 0, 64, '8bit')
    );
}

function getKey($password, $keysize = 16) {
    return hash_pbkdf2('sha256',$password,'some_token',100000,$keysize,true);
}

function encrypt($message, $password) {
    $iv = random_bytes(16);
    $key = getKey($password);
    $result = sign(openssl_encrypt($message,'aes-256-ctr',$key,OPENSSL_RAW_DATA,$iv), $key);
    return bin2hex($iv).bin2hex($result);
}

function decrypt($hash, $password) {
    $iv = hex2bin(substr($hash, 0, 32));
    $data = hex2bin(substr($hash, 32));
    $key = getKey($password);
    if (!verify($data, $key)) {
      return null;
    }
    return openssl_decrypt(mb_substr($data, 64, null, '8bit'),'aes-256-ctr',$key,OPENSSL_RAW_DATA,$iv);
}

$string_to_encrypt='John Smith';
$password='password';
$encrypted_string=encrypt($string_to_encrypt, $password);
$decrypted_string=decrypt($encrypted_string, $password);
Vollmer answered 16/5, 2018 at 14:5 Comment(4)
Can this be a replacement to https://mcmap.net/q/107952/-how-do-you-encrypt-and-decrypt-a-php-string ? I've using the former until my host upgraded to PHP 7.2.Termor
@Termor you won't be able to decrypt old data with this one (different algorithms + this one also checks signature)Vollmer
In your case probably this should do: define("ENCRYPTION_KEY", "123456*"); $string = "This is the original data string!"; $encrypted = openssl_encrypt($string, 'BF-ECB', ENCRYPTION_KEY); $decrypted = openssl_decrypt($encrypted,'BF-ECB',ENCRYPTION_KEY);Vollmer
This is Super !Termor
N
8

Historical Note: This was written at the time of PHP4. This is what we call "legacy code" now.

I have left this answer for historical purposes - but some of the methods are now deprecated, DES encryption method is not a recommended practice, etc.

I have not updated this code for two reasons: 1) I no longer work with encryption methods by hand in PHP, and 2) this code still serves the purpose it was intended for: to demonstrate the minimum, simplistic concept of how encryption can work in PHP.

If you find a similarly simplistic, "PHP encryption for dummies" kind of source that can get people started in 10-20 lines of code or less, let me know in comments.

Beyond that, please enjoy this Classic Episode of early-era PHP4 minimalistic encryption answer.

Ideally you have - or can get - access to the mcrypt PHP library, as its certainly popular and very useful a variety of tasks. Here's a run down of the different kinds of encryption and some example code: Encryption Techniques in PHP

//Listing 3: Encrypting Data Using the mcrypt_ecb Function 

<?php 
echo("<h3> Symmetric Encryption </h3>"); 
$key_value = "KEYVALUE"; 
$plain_text = "PLAINTEXT"; 
$encrypted_text = mcrypt_ecb(MCRYPT_DES, $key_value, $plain_text, MCRYPT_ENCRYPT); 
echo ("<p><b> Text after encryption : </b>"); 
echo ( $encrypted_text ); 
$decrypted_text = mcrypt_ecb(MCRYPT_DES, $key_value, $encrypted_text, MCRYPT_DECRYPT); 
echo ("<p><b> Text after decryption : </b>"); 
echo ( $decrypted_text ); 
?>

A few warnings:

1) Never use reversible, or "symmetric" encryption when a one-way hash will do.

2) If the data is truly sensitive, like credit card or social security numbers, stop; you need more than any simple chunk of code will provide, but rather you need a crypto library designed for this purpose and a significant amount of time to research the methods necessary. Further, the software crypto is probably <10% of security of sensitive data. It's like rewiring a nuclear power station - accept that the task is dangerous and difficult and beyond your knowledge if that's the case. The financial penalties can be immense, so better to use a service and ship responsibility to them.

3) Any sort of easily implementable encryption, as listed here, can reasonably protect mildly important information that you want to keep from prying eyes or limit exposure in the case of accidental/intentional leak. But seeing as how the key is stored in plain text on the web server, if they can get the data they can get the decryption key.

Be that as it may, have fun :)

Namhoi answered 17/5, 2013 at 4:0 Comment(8)
Thanks! But some issues. I'm getting M�������f=�_= strange characters as the encrypted one. Can't i get simple characters? Like: 2a2ffa8f13220befbe30819047e23b2c. Also, can't i change the LENGTH of $key_value (fixed to 8 ???) and the LENGTH of output $encrypted_text? (can't it be 32 or 64 long or whatever longer??)Banana
@Marigraph The result of encryption is binary data. If you need it to be human readable, use base64 or hex encoding on it. 'Can't I change the length of key value?' Different symmetrical encryption algorithms have different requirements for key value. 'and the LENGTH of output...' The length of the encrypted text has to be at least as long as the original text, or else there is not enough information to recreate the original text. (This is an application of the Pigeonhole principle.) BTW, you should use AES instead of DES. DES is easily breakable and not secure anymore.Lumber
comment referring 2) if the data is truly sensitive: can you link a crypto library? what services are there to which I can "ship responsibility" to? I've googled but I seems I can't hit the correct keywords to get good results.Reneta
mcrypt_ecb has been DEPRECATED as of PHP 5.5.0 Relying on this function is highly discouraged. php.net/manual/en/function.mcrypt-ecb.phpVanward
@Hafez And so is everything else in this answer, so in that sense it's OK.Jillion
I have updated this 2+ year-old answer as it still gets both up-votes and down-votes. I hope this answers some issues people have had, while at the same time I will not attempt to provide an answer outside my actual confidence and knowledge.Namhoi
@BrianDHall The reason this still gets down-votes is because ECB mode isn't safe (use CBC, CTR, GCM, or Poly1305), DES is weak (you want AES, which is MCRYPT_RIJNDAEL_128), and ciphertexts should be authenticated (hash_hmac(), verified with hash_equals()).Ruttger
hey @Patashu, how to include the base64 into that code? sorry i never used before.Jarrettjarrid
V
1

In PHP, Encryption and Decryption of a string is possible using one of the Cryptography Extensions called OpenSSL function for encrypt and decrypt.

openssl_encrypt() Function: The openssl_encrypt() function is used to encrypt the data.

Syntax is as follows :

string openssl_encrypt( string $data, string $method, string $key, $options = 0, string $iv, string $tag= NULL, string $aad, int $tag_length = 16 )

Parameters are as follows :

$data: It holds the string or data which need to be encrypted.

$method: The cipher method is adopted using openssl_get_cipher_methods() function.

$key: It holds the encryption key.

$options: It holds the bitwise disjunction of the flags OPENSSL_RAW_DATA and OPENSSL_ZERO_PADDING.

$iv: It holds the initialization vector which is not NULL.

$tag: It holds the authentication tag which is passed by reference when using AEAD cipher mode (GCM or CCM).

$aad: It holds the additional authentication data.

$tag_length: It holds the length of the authentication tag. The length of authentication tag lies between 4 to 16 for GCM mode.

Return Value: It returns the encrypted string on success or FALSE on failure.

openssl_decrypt() Function The openssl_decrypt() function is used to decrypt the data.

Syntax is as follows :

string openssl_decrypt( string $data, string $method, string $key, int $options = 0, string $iv, string $tag, string $aad)

Parameters are as follows :

$data: It holds the string or data which need to be encrypted.

$method: The cipher method is adopted using openssl_get_cipher_methods() function.

$key: It holds the encryption key.

$options: It holds the bitwise disjunction of the flags OPENSSL_RAW_DATA and OPENSSL_ZERO_PADDING.

$iv: It holds the initialization vector which is not NULL.

$tag: It holds the authentication tag using AEAD cipher mode (GCM or CCM). When authentication fails openssl_decrypt() returns FALSE.

$aad: It holds the additional authentication data.

Return Value: It returns the decrypted string on success or FALSE on failure.

Approach: First declare a string and store it into variable and use openssl_encrypt() function to encrypt the given string and use openssl_decrypt() function to descrypt the given string.

You can find the examples at : https://www.geeksforgeeks.org/how-to-encrypt-and-decrypt-a-php-string/

Vegetation answered 18/9, 2020 at 8:30 Comment(0)
P
0

Below code work in php for all string with special character 

   // Encrypt text --

    $token = "9611222007552";

      $cipher_method = 'aes-128-ctr';
      $enc_key = openssl_digest(php_uname(), 'SHA256', TRUE);  
      $enc_iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($cipher_method));  
      $crypted_token = openssl_encrypt($token, $cipher_method, $enc_key, 0, $enc_iv) . "::" . bin2hex($enc_iv);
    echo    $crypted_token;
    //unset($token, $cipher_method, $enc_key, $enc_iv);

    // Decrypt text  -- 

    list($crypted_token, $enc_iv) = explode("::", $crypted_token);  
      $cipher_method = 'aes-128-ctr';
      $enc_key = openssl_digest(php_uname(), 'SHA256', TRUE);
      $token = openssl_decrypt($crypted_token, $cipher_method, $enc_key, 0, hex2bin($enc_iv));
    echo   $token;
    //unset($crypted_token, $cipher_method, $enc_key, $enc_iv);
Pantywaist answered 19/7, 2019 at 13:54 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.