Encrypt and decrypt in php
Before you do anything further, seek to understand the difference between encryption and authentication, and why you probably want authenticated encryption rather than just encryption. Show
To implement authenticated encryption, you want to Encrypt then MAC. The order of encryption and authentication is very important! One of the existing answers to this question made this mistake; as do many cryptography libraries written in PHP. You should avoid implementing your own cryptography, and instead use a secure library written by and reviewed by cryptography experts.
Use libsodium if you have PECL access (or
sodium_compat if you want libsodium without PECL); otherwise... Both of the libraries linked above make it easy and painless to implement authenticated encryption into your own libraries. If you still want to write and deploy your own cryptography library, against the conventional wisdom of every cryptography expert on the Internet, these are the steps you would have to take. Encryption:
Decryption:
Other Design Considerations:
Even if you follow the advice given here, a lot can go wrong with cryptography. Always have a cryptography expert review your implementation. If you are not fortunate enough to be personal friends with a cryptography student at your local university, you can always try the Cryptography Stack Exchange forum for advice. If you need a professional analysis of your implementation, you can always hire a reputable team of security consultants to review your PHP cryptography code (disclosure: my employer). Important: When to Not Use EncryptionDon't encrypt passwords. You want to hash them instead, using one of these password-hashing algorithms:
Never use a general-purpose hash function (MD5, SHA256) for password storage. Don't encrypt URL Parameters. It's the wrong tool for the job. PHP String Encryption Example with LibsodiumIf you are on PHP < 7.2 or otherwise do not have libsodium installed, you can use sodium_compat to accomplish the same result (albeit slower).
Then to test it out:
Halite - Libsodium Made EasierOne of the projects I've been working on is an encryption library called Halite, which aims to make libsodium easier and more intuitive.
All of the underlying cryptography is handled by libsodium. Example with defuse/php-encryption
Note: Encryption Key ManagementIf you're tempted to use a "password", stop right now. You need a random 128-bit encryption key, not a human memorable password. You can store an encryption key for long-term use like so:
And, on demand, you can retrieve it like so:
I strongly recommend just storing a randomly generated key for long-term use instead of any sort of password as the key (or to derive the key). If you're using Defuse's library:
"But I really want to use a password."That's a bad idea, but okay, here's how to do it safely. First, generate a random key and store it in a constant.
Note that you're adding extra work and could just use this constant as the key and save yourself a lot of heartache! Then use PBKDF2 (like so) to derive a suitable encryption key from your password rather than encrypting with your password directly.
Don't just use a 16-character password. Your encryption key will be comically broken. What are the encryption techniques in PHP?Types of PHP Encryption. Hashing. The Hashing Algorithm of the PHP Programming Language usually takes one input value and then transforms it into one message digest. ... . Secret Key Encryption. The Secret Key Encryption of the PHP usually uses one single key to both encryption and decryption data. ... . Envelope Encryption.. Can I encrypt my PHP code?Yes, you can definitely hide/encode/encrypt the php source code and 'others' can install it on their machine.
Can you decrypt hash password PHP?Decryption of the password: To decrypt a password hash and retrieve the original string, we use the password_verify() function. The password_verify() function verifies that the given hash matches the given password, generated by the password_hash() function.
Which encryption is best for PHP?Secret key encryption (or symmetric encryption as it's also known) uses a single key to both encrypt and decrypt data. In the past PHP relied on mcrypt and openssl for secret key encryption. PHP 7.2 introduced Sodium, which is more modern and widely considered more secure.
|