We will see how to encrypt information in PHP in order to store and exchange it safely. But first, we’ll do a little reminder on symmetric cryptography.
Encryption is an operation which is to alter the information to make it unreadable, but reversibly only to a specific person, who is able to decrypt that information by restoring its original form.
How did you decrypt and therefore access this information?
The answer is simple: when encrypts the information, we will use an encryption key. And this encryption key also allows you to do the opposite: to do decrypt the information.
AES encryption with PHP
After this little essential reminder on cryptography, we will be able to attack the practice.
We’ll see how encrypt and decrypt with the algorithm Rijndael , which is used for standard AES, thanks to the bookstore libmcrypt .
To do this properly, we will put everything in a class that will serve as a “Namespace” (although it is not object oriented programming because all the members are static)
<?php class Chiffrement { private static $cipher = MCRYPT_RIJNDAEL_128; // Algorithm used for the encryption blocks private static $key = 'use a encryption key you like'; // Encryption Key private static $mode = 'cbc'; // Procedure (processing blocks) public static function crypt($data){ $keyHash = md5(self::$key); $key = substr($keyHash, 0, mcrypt_get_key_size(self::$cipher, self::$mode) ); $iv = substr($keyHash, 0, mcrypt_get_block_size(self::$cipher, self::$mode) ); $data = mcrypt_encrypt(self::$cipher, $key, $data, self::$mode, $iv); return base64_encode($data); } public static function decrypt($data){ $keyHash = md5(self::$key); $key = substr($keyHash, 0, mcrypt_get_key_size(self::$cipher, self::$mode) ); $iv = substr($keyHash, 0, mcrypt_get_block_size(self::$cipher, self::$mode) ); $data = base64_decode($data); $data = mcrypt_decrypt(self::$cipher, $key, $data, self::$mode, $iv); return rtrim($data); } } ?>
And this is how it is used:
<?php $clair = "Salut !"; $crypt = Chiffrement::crypt($clair); $decrypt = Chiffrement::decrypt($crypt); ?> <pre> clair : <?php echo $clair; ?> crypt : <?php echo $crypt; ?> raw crypt : <?php echo base64_decode($crypt); ?> decrypt : <?php echo $decrypt; ?> </pre>
The operation is very simple: to encrypt and decrypt with mcrypt, just use the functions mcrypt_encrypt
and mcrypt_decrypt
.
My these functions take a lot of parameters, which are most always the same for encryption and decryption, except $data
of course (which contains the variable to encrypt).
So far pooling all in static variables within a class:
- cipher
This setting tells how mcrypt encryption algorithm used. Indeed, libmcrypt offers many encryption algorithms (just over 40), you will find the list here: mcrypt.ciphers.php - Key
This parameter is simply the encryption key which I mentioned above, which is used to encrypt and decrypt the message.
And that’s not entirely true, you can not use any any string in key size is fixed and depends on the algorithm used.
Rather than directly using a key, which look like this:a7af2934b9c8ca2e346314bea5cf3a8f
a string is used much easier to remember, making office word password .
Then a valid key you will generate from this password with a simple hash function,md5
in this case. You have to choose your password features, and it must remain secret - Mode
The procedure, another key concept (dare I say) cryptography.
We will see below what it is.
Also, I used functions base64_encode
and base64_decode
to “encapsulate” the encrypted data (and same for decrypt, inevitably, since it is the reciprocal). It is not mandatory, and it is by no means an additional security measure. This is just to avoid encoding problems (character) because special characters. Base64 produces character strings that only use 64 ASCII characters that are compatible with all charset (latin1, utf8 …).
It avoids trashing the encrypted data by storing it in a mysql database or a mismatched file.