I am trying to encrypt sensitive user data like personal messages in my php powered website before entering into the database. I have researched a bit on the internet and I have found the few important things to remember:
Never use mcrypt, it's abandonware.
AES is based on the Rijndael algorithm and has been unbroken till now.
AES has also been recommended by NSA and used in US Government data encryption, but since the NSA is recommending it, there's a chance they might sneak upon my user data easily.
Blowfish has been unbroken as well, but slow and less popular.
So, I decided I will give it a try first with AES-256 cbc. But I am still not sure if I should not consider Blowfish a better option. So any recommendations are welcome.
And my primary concern is, how to encrypt the data in php? I don't find a good manual about this in the php documentation. What is the correct way to implement it?
Any help is heavily appreciated.
To get a list of available ciphers you can use the list -cipher-algorithms command $ openssl list -cipher-algorithms. The output gives you a list of ciphers with its variations in key size and mode of operation. For example AES-256-CBC for AES with key size 256 bits in CBC-mode.
AES-256, which has a key length of 256 bits, supports the largest bit size and is practically unbreakable by brute force based on current computing power, making it the strongest encryption standard. The following table shows that possible key combinations exponentially increase with the key size.
The Advanced Encryption Standard is the most commonly used encryption algorithm in use on computers and over the internet. To encrypt a string, select the green Encrypt button, enter the text you want to encrypt in the upper Plaintext box, and enter the key or password that it should be encrypted with in the Key box.
You're in Luck.
The openssl
extension has some pretty easy to use methods for AES-256. The steps you need to take are basically...
$encryption_key = openssl_random_pseudo_bytes(32);
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
openssl_encrypt()
openssl_encrypt($data, 'aes-256-cbc', $encryptionKey, $options, $initializationVector)
$options
can be set to 0
for default options or changed to OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING
$encrypted = $encrypted . ':' . $iv;
explode(':' , $encrypted);
openssl_decrypt()
openssl_decrypt($encryptedData, 'aes-256-cbc', $encryptionKey, $options, $initializationVector)
openssl_functions()
won't be available by default, you can enable this extension in your php.ini
file by uncommenting the line. ;extension=php_openssl.dll
by removing the leading ;
http://phpfiddle.org/lite/code/9epi-j5v2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With