I need a PHP function, AES256_encode($dataToEcrypt)
to encrypt the $data
into AES-256 and another one AES256_decode($encryptedData)
do the opposite. Does anyone know what code should this functions have?
Secret Key Encryption. The Secret Key Encryption of the PHP usually uses one single key to both encryption and decryption data. It is also known as symmetric encryption. For this, if you are running an old version of the PHP Programming Language then install sodium of PHP Programming Language via PECL.
What is 256-bit AES encryption? 256-bit AES encryption refers to the process of concealing plaintext data using the AES algorithm and an AES key length of 256 bits. In addition, 256 bits is the largest AES key length size, as well as its most mathematically complex. It is also the most difficult to crack.
Secret Key Encryption is also called Symmetric encryption, The Secret Key Encryption of the PHP uses just one key, called a shared secret, for both encrypting and decrypting. To encrypt the data, Here one same key is used by the sender (for encryption) and the receiver (for decryption). So the key is shared.
Look at the mcrypt module
AES-Rijndael example taken from here
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); $iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM); $key = pack('H*', "bcb04b7e103a0cd8b54763051cef08bc55abe029fdebae5e1d417e2ffb2a00a3"); # show key size use either 16, 24 or 32 byte keys for AES-128, 192 # and 256 respectively $key_size = strlen($key); echo "Key size: " . $key_size . "\n"; $text = "Meet me at 11 o'clock behind the monument."; echo strlen($text) . "\n"; $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $text, MCRYPT_MODE_CBC, $iv); echo strlen($crypttext) . "\n";
This is the decrypt function
I need a PHP function,
AES256_encode($dataToEcrypt)
to encrypt the$data
into AES-256 and another oneAES256_decode($encryptedData)
do the opposite. Does anyone know what code should this functions have?
There is a difference between encrypting and encoding.
Do you really need AES-256? The security of AES-256 versus AES-128 isn't that significant; you're more likely to screw up at the protocol layer than get hacked because you used a 128-bit block cipher instead of a 256-bit block cipher.
If you're interested in building your own not for the sake of deploying it in production but rather for the sake of your own education, I've included a sample AES256
/** * This is a quick and dirty proof of concept for StackOverflow. * * @ref http://stackoverflow.com/q/6770370/2224584 * * Do not use this in production. */ abstract class ExperimentalAES256DoNotActuallyUse { /** * Encrypt with AES-256-CTR + HMAC-SHA-512 * * @param string $plaintext Your message * @param string $encryptionKey Key for encryption * @param string $macKey Key for calculating the MAC * @return string */ public static function encrypt($plaintext, $encryptionKey, $macKey) { $nonce = random_bytes(16); $ciphertext = openssl_encrypt( $plaintext, 'aes-256-ctr', $encryptionKey, OPENSSL_RAW_DATA, $nonce ); $mac = hash_hmac('sha512', $nonce.$ciphertext, $macKey, true); return base64_encode($mac.$nonce.$ciphertext); } /** * Verify HMAC-SHA-512 then decrypt AES-256-CTR * * @param string $message Encrypted message * @param string $encryptionKey Key for encryption * @param string $macKey Key for calculating the MAC */ public static function decrypt($message, $encryptionKey, $macKey) { $decoded = base64_decode($message); $mac = mb_substr($message, 0, 64, '8bit'); $nonce = mb_substr($message, 64, 16, '8bit'); $ciphertext = mb_substr($message, 80, null, '8bit'); $calc = hash_hmac('sha512', $nonce.$ciphertext, $macKey, true); if (!hash_equals($calc, $mac)) { throw new Exception('Invalid MAC'); } return openssl_decrypt( $ciphertext, 'aes-256-ctr', $encryptionKey, OPENSSL_RAW_DATA, $nonce ); } }
First, generate two keys (yes, two of them) and store them somehow.
$eKey = random_bytes(32); $aKey = random_bytes(32);
Then to encrypt/decrypt messages:
$plaintext = 'This is just a test message.'; $encrypted = ExperimentalAES256DoNotActuallyUse::encrypt($plaintext, $eKey, $aKey); $decrypted = ExperimentalAES256DoNotActuallyUse::decrypt($encrypted, $eKey, $aKey);
If you don't have random_bytes()
, get random_compat.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With