DEV Community

Cover image for Really simple encryption in PHP!
manu
manu

Posted on

Really simple encryption in PHP!

Have you ever wanted to improve your app's security by hiding everything in your database? Let's make a simple encryption and decryption script in PHP using the openssl_encrypt and openssl_decrypt functions

Step 1

Let's define some variables

<?php
define("encryption_method", "AES-128-CBC");
define("key", "your_amazing_key_here");
Enter fullscreen mode Exit fullscreen mode

Obviously, change the encryption key

Step 2

Creating a function to encrypt data

<?php
function encrypt($data) {
    $key = key;
    $plaintext = $data;
    $ivlen = openssl_cipher_iv_length($cipher = encryption_method);
    $iv = openssl_random_pseudo_bytes($ivlen);
    $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
    $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
    $ciphertext = base64_encode($iv . $hmac . $ciphertext_raw);
    return $ciphertext;
}

Enter fullscreen mode Exit fullscreen mode

Explained

  • openssl_random_pseudo_bytes - Generates a string of pseudo-random bytes, with the number of bytes determined by the length parameter.
  • openssl_cipher_iv_length - The cipher method, see openssl_get_cipher_methods() for a list of potential values
  • openssl_encrypt - PHP lacks a build-in function to encrypt and decrypt large files. openssl_encrypt() can be used to encrypt strings
  • hash_hmac - Returns a string containing the calculated message digest as lowercase hexits unless binary is set to true in which case the raw binary representation
  • base64_encode - Encodes the given string with base64

Step 3

Let's create a simple script to decrypt our encrypted string

function decrypt($data) {
    $key = key;
    $c = base64_decode($data);
    $ivlen = openssl_cipher_iv_length($cipher = encryption_method);
    $iv = substr($c, 0, $ivlen);
    $hmac = substr($c, $ivlen, $sha2len = 32);
    $ciphertext_raw = substr($c, $ivlen + $sha2len);
    $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
    $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
    if (hash_equals($hmac, $calcmac))
    {
        return $original_plaintext;
    }
}
Enter fullscreen mode Exit fullscreen mode

Explained
The only difference here is the openssl_decrypt function. Takes a raw or base64 encoded string and decrypts it using a given method and key.

Complete code

<?php
define("encryption_method", "AES-128-CBC");
define("key", "your_amazing_key_here");
function encrypt($data) {
    $key = key;
    $plaintext = $data;
    $ivlen = openssl_cipher_iv_length($cipher = encryption_method);
    $iv = openssl_random_pseudo_bytes($ivlen);
    $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
    $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
    $ciphertext = base64_encode($iv . $hmac . $ciphertext_raw);
    return $ciphertext;
}
function decrypt($data) {
    $key = key;
    $c = base64_decode($data);
    $ivlen = openssl_cipher_iv_length($cipher = encryption_method);
    $iv = substr($c, 0, $ivlen);
    $hmac = substr($c, $ivlen, $sha2len = 32);
    $ciphertext_raw = substr($c, $ivlen + $sha2len);
    $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
    $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
    if (hash_equals($hmac, $calcmac))
    {
        return $original_plaintext;
    }
}

echo encrypt("Hello World!");
echo "\n";
echo decrypt(encrypt("Hello World!"));
?>
Enter fullscreen mode Exit fullscreen mode

How to use

To encrypt something

encrypt("Foo");
Enter fullscreen mode Exit fullscreen mode

To decrypt something

decrypt("lF0wxjGE4H7bbSH/51+ihseCa7aT5hn2Wm0b4expCxqc/W9A38m37QXakG/i/hAjSrNzMpINfZWnh8/9Kd2nodHTiP0Vq0euQ4Z3BOO1vt0WP6dsGRR03po7e4dIlep/lMrwS341jzN+o+FPUtcPVPUr6BEc0RtHwFoUH6NNm+2mWXYLUVH4Ct86iuD8+6eBC1SG3IG21R1dWREGdLrsWQ==")
Enter fullscreen mode Exit fullscreen mode

See if you can decrypt the following message. I'll post the encryption key in the comments section later!
Hint: The key is a 3-letter programming language

Credits

This code was taken from my own app, Smartlist. Smartlist is a home inventory app that lets you keep track of what's in your home! We encrypt our items, tasks, and notes too!

Top comments (0)