Encryption and Decryption of a string is possible using one of the Cryptography Extensions called OpenSSL function for encrypt and decrypt.
String encryption functionality is used to make sensitive information safe in the web application. With the encryption feature, the original string is encrypted with Salt/Key and stored. Later the encrypted string is decrypted by the Salt/Key that is used at the time of encryption. The encryption and decryption algorithm can be implemented with a salt key using PHP.
Generate Salt Key:
Create a random key and secure key with PHP openssl_random_pseudo_bytes() function.
$bytes = openssl_random_pseudo_bytes(16);
$key = bin2hex($bytes);Keep this key safe and use it later in the encryption and decryption operations.
Encrypt String using PHP:
Use PHP openssl_encrypt() function to convert plaintext to ciphertext with a key using an encryption algorithm.
$key = 'YOUR_SALT_KEY'; // Previously generated safely, ie: openssl_random_pseudo_bytes
$plaintext = "String to be encrypted";
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
// Encrypted string
$ciphertext = base64_encode($iv.$hmac.$ciphertext_raw);Decrypt String using PHP:
Transform ciphertext back to original plaintext with key using openssl_decrypt() function in PHP.
$key = 'YOUR_SALT_KEY'; // Previously used in encryption
$c = base64_decode($ciphertext);
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len=32);
$ciphertext_raw = substr($c, $ivlen+$sha2len);
$original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
if(hash_equals($hmac, $calcmac)){ //PHP 5.6+ Timing attack safe string comparison
echo 'Original String: '.$original_plaintext;
}else{
echo 'Decryption failed!';
}
Complete Source Code :-
Generate Salt Key, Text Encrypt, Text Decrypt Script.
<?php
$bytes = openssl_random_pseudo_bytes(16);
$key = bin2hex($bytes);
$plaintext = "I am name is naresh";
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
// Encrypted string
$ciphertext = base64_encode($iv.$hmac.$ciphertext_raw);
$c = base64_decode($ciphertext);
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len=32);
$ciphertext_raw = substr($c, $ivlen+$sha2len);
$original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
if(hash_equals($hmac, $calcmac)){ //PHP 5.6+ Timing attack safe string comparison
echo 'Original String: '.$original_plaintext;
}else{
echo 'Decryption failed!';
}
?>