ManuTheCoder
ManuTheCoder's Blog

ManuTheCoder's Blog

Really simple encryption in PHP!

Really simple encryption in PHP!

ManuTheCoder's photo
ManuTheCoder

Published on Nov 20, 2021

3 min read

Subscribe to my newsletter and never miss my upcoming articles

Table of contents

  • Step 1
  • Step 2
  • Step 3
  • Complete code
  • How to use
  • Credits

Have you ever wanted to improve your app's security by hiding everything in your database? Let's make a simple encryption and decryption script in PHP using the openssl_encrypt and openssl_decrypt functions

Step 1

Let's define some variables

<?php
define("encryption_method", "AES-128-CBC");
define("key", "your_amazing_key_here");

Obviously, change the encryption key

Step 2

Creating a function to encrypt data

<?php
function encrypt($data) {
    $key = key;
    $plaintext = $data;
    $ivlen = openssl_cipher_iv_length($cipher = encryption_method);
    $iv = openssl_random_pseudo_bytes($ivlen);
    $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
    $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
    $ciphertext = base64_encode($iv . $hmac . $ciphertext_raw);
    return $ciphertext;
}

Explained

  • openssl_random_pseudo_bytes - Generates a string of pseudo-random bytes, with the number of bytes determined by the length parameter.
  • openssl_cipher_iv_length - The cipher method, see openssl_get_cipher_methods() for a list of potential values
  • openssl_encrypt - PHP lacks a build-in function to encrypt and decrypt large files. openssl_encrypt() can be used to encrypt strings
  • hash_hmac - Returns a string containing the calculated message digest as lowercase hexits unless binary is set to true in which case the raw binary representation
  • base64_encode - Encodes the given string with base64

Step 3

Let's create a simple script to decrypt our encrypted string

function decrypt($data) {
    $key = key;
    $c = base64_decode($data);
    $ivlen = openssl_cipher_iv_length($cipher = encryption_method);
    $iv = substr($c, 0, $ivlen);
    $hmac = substr($c, $ivlen, $sha2len = 32);
    $ciphertext_raw = substr($c, $ivlen + $sha2len);
    $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
    $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
    if (hash_equals($hmac, $calcmac))
    {
        return $original_plaintext;
    }
}

Explained The only difference here is the openssl_decrypt function. Takes a raw or base64 encoded string and decrypts it using a given method and key.

Complete code

<?php
define("encryption_method", "AES-128-CBC");
define("key", "your_amazing_key_here");
function encrypt($data) {
    $key = key;
    $plaintext = $data;
    $ivlen = openssl_cipher_iv_length($cipher = encryption_method);
    $iv = openssl_random_pseudo_bytes($ivlen);
    $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
    $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
    $ciphertext = base64_encode($iv . $hmac . $ciphertext_raw);
    return $ciphertext;
}
function decrypt($data) {
    $key = key;
    $c = base64_decode($data);
    $ivlen = openssl_cipher_iv_length($cipher = encryption_method);
    $iv = substr($c, 0, $ivlen);
    $hmac = substr($c, $ivlen, $sha2len = 32);
    $ciphertext_raw = substr($c, $ivlen + $sha2len);
    $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
    $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
    if (hash_equals($hmac, $calcmac))
    {
        return $original_plaintext;
    }
}

echo encrypt("Hello World!");
echo "\n";
echo decrypt(encrypt("Hello World!"));
?>

How to use

To encrypt something

encrypt("Foo");

To decrypt something

decrypt("lF0wxjGE4H7bbSH/51+ihseCa7aT5hn2Wm0b4expCxqc/W9A38m37QXakG/i/hAjSrNzMpINfZWnh8/9Kd2nodHTiP0Vq0euQ4Z3BOO1vt0WP6dsGRR03po7e4dIlep/lMrwS341jzN+o+FPUtcPVPUr6BEc0RtHwFoUH6NNm+2mWXYLUVH4Ct86iuD8+6eBC1SG3IG21R1dWREGdLrsWQ==")

See if you can decrypt the following message. I'll post the encryption key in the comments section later! Hint: The key is a 3-letter programming language

Credits

This code was taken from my own app, Smartlist. Smartlist is a home inventory app that lets you keep track of what's in your home! We encrypt our items, tasks, and notes too!

 
Share this
Proudly part of