Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AES-256 encryption in PHP

I need a PHP function, AES256_encode($dataToEcrypt) to encrypt the $data into AES-256 and another one AES256_decode($encryptedData) do the opposite. Does anyone know what code should this functions have?

like image 352
mariannnn Avatar asked Jul 21 '11 01:07

mariannnn


People also ask

Which encryption is best for PHP?

Secret Key Encryption. The Secret Key Encryption of the PHP usually uses one single key to both encryption and decryption data. It is also known as symmetric encryption. For this, if you are running an old version of the PHP Programming Language then install sodium of PHP Programming Language via PECL.

What is AES 256-bit encryption?

What is 256-bit AES encryption? 256-bit AES encryption refers to the process of concealing plaintext data using the AES algorithm and an AES key length of 256 bits. In addition, 256 bits is the largest AES key length size, as well as its most mathematically complex. It is also the most difficult to crack.

Which encryption is used in PHP?

Secret Key Encryption is also called Symmetric encryption, The Secret Key Encryption of the PHP uses just one key, called a shared secret, for both encrypting and decrypting. To encrypt the data, Here one same key is used by the sender (for encryption) and the receiver (for decryption). So the key is shared.


2 Answers

Look at the mcrypt module

AES-Rijndael example taken from here

$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); $iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM); $key = pack('H*', "bcb04b7e103a0cd8b54763051cef08bc55abe029fdebae5e1d417e2ffb2a00a3"); # show key size use either 16, 24 or 32 byte keys for AES-128, 192 # and 256 respectively $key_size =  strlen($key); echo "Key size: " . $key_size . "\n"; $text = "Meet me at 11 o'clock behind the monument."; echo strlen($text) . "\n";  $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $text, MCRYPT_MODE_CBC, $iv); echo strlen($crypttext) . "\n"; 

This is the decrypt function

like image 80
Fabio Avatar answered Oct 11 '22 14:10

Fabio


I need a PHP function, AES256_encode($dataToEcrypt) to encrypt the $data into AES-256 and another one AES256_decode($encryptedData) do the opposite. Does anyone know what code should this functions have?

There is a difference between encrypting and encoding.

Do you really need AES-256? The security of AES-256 versus AES-128 isn't that significant; you're more likely to screw up at the protocol layer than get hacked because you used a 128-bit block cipher instead of a 256-bit block cipher.

Important - Use A Library

A flowchart for PHP users

  • defuse/php-encryption
  • PECL libsodium
  • Halite (libsodium wrapper, now stable)

A Quick and Dirty AES-256 Implementation

If you're interested in building your own not for the sake of deploying it in production but rather for the sake of your own education, I've included a sample AES256

/**  * This is a quick and dirty proof of concept for StackOverflow.  *   * @ref http://stackoverflow.com/q/6770370/2224584  *   * Do not use this in production.  */ abstract class ExperimentalAES256DoNotActuallyUse {     /**      * Encrypt with AES-256-CTR + HMAC-SHA-512      *       * @param string $plaintext Your message      * @param string $encryptionKey Key for encryption      * @param string $macKey Key for calculating the MAC      * @return string      */     public static function encrypt($plaintext, $encryptionKey, $macKey)     {         $nonce = random_bytes(16);         $ciphertext = openssl_encrypt(             $plaintext,             'aes-256-ctr',             $encryptionKey,             OPENSSL_RAW_DATA,             $nonce         );         $mac = hash_hmac('sha512', $nonce.$ciphertext, $macKey, true);         return base64_encode($mac.$nonce.$ciphertext);     }      /**      * Verify HMAC-SHA-512 then decrypt AES-256-CTR      *       * @param string $message Encrypted message      * @param string $encryptionKey Key for encryption      * @param string $macKey Key for calculating the MAC      */     public static function decrypt($message, $encryptionKey, $macKey)     {         $decoded = base64_decode($message);         $mac = mb_substr($message, 0, 64, '8bit');         $nonce = mb_substr($message, 64, 16, '8bit');         $ciphertext = mb_substr($message, 80, null, '8bit');          $calc = hash_hmac('sha512', $nonce.$ciphertext, $macKey, true);         if (!hash_equals($calc, $mac)) {             throw new Exception('Invalid MAC');         }         return openssl_decrypt(             $ciphertext,             'aes-256-ctr',             $encryptionKey,             OPENSSL_RAW_DATA,             $nonce         );     } } 

Usage

First, generate two keys (yes, two of them) and store them somehow.

$eKey = random_bytes(32); $aKey = random_bytes(32); 

Then to encrypt/decrypt messages:

$plaintext = 'This is just a test message.'; $encrypted = ExperimentalAES256DoNotActuallyUse::encrypt($plaintext, $eKey, $aKey); $decrypted = ExperimentalAES256DoNotActuallyUse::decrypt($encrypted, $eKey, $aKey); 

If you don't have random_bytes(), get random_compat.

like image 36
Scott Arciszewski Avatar answered Oct 11 '22 15:10

Scott Arciszewski