Mcrypt php crypto library:
- documentation
- Mcrypt Functions
- wiky
- crypto-js php version (Server side encryption / decryption)
- test php version (Server side encryption / decryption)
- Encrypt / Decrypt Between Android and PHP
- libraries
Example:
/*-----------------------------------------------------------* * AES: PHP implementation * *-----------------------------------------------------------*/ # init $keySizeInBits = 128; $keySize = ($keySizeInBits / 8); $passphrase = "Secret Passphrase"; $salt = _getRandomBytes(8); $mode = MCRYPT_MODE_NOFB; $str = strtoupper($mode); $rijndael = getRIJNDAEL($keySize); # get the cipher key $key = pbkdf2($passphrase, $salt, 1000, $keySize); /*-----------------------------------------------------------* * ENCRYPT: AES 128 bit, NOFB * *-----------------------------------------------------------*/ # initialise mcrypt $td = mcrypt_module_open($rijndael, '', $mode, ''); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); $iv64 = base64_encode($iv); # do encryption mcrypt_generic_init($td, $key, $iv); $ciphertext = base64_encode(mcrypt_generic($td, $plaintext)); mcrypt_generic_deinit($td); # shutdown mcrypt mcrypt_module_close($td); /*-----------------------------------------------------------* * DECRYPT: AES 128 bit, NOFB * *-----------------------------------------------------------*/ # get the IV $iv = base64_decode($iv64); # initialise mcrypt $td = mcrypt_module_open($rijndael, '', $mode, ''); # do decryption $input = base64_decode($ciphertext); mcrypt_generic_init($td, $key, $iv); $plain = trim(mdecrypt_generic($td, $input)); mcrypt_generic_deinit($td); # shutdown mcrypt mcrypt_module_close($td);
another implementation:
/*-----------------------------------------------------------* * AES: PHP implementation * *-----------------------------------------------------------*/ // options $json = array('mode' => MCRYPT_MODE_CBC, 'padding' => "", 'KeySize' => MCRYPT_RIJNDAEL_128); $json_string = json_encode($json); /*-----------------------------------------------------------* * ENCRYPT: AES 128 bit, CBC * *-----------------------------------------------------------*/ $json_ciphertext = _encrypt("plaintext", "Secret Passphrase", $json_string); $obj = json_decode($json_ciphertext); $ciphertext = base64_decode($obj->{'ciphertext'}); /*-----------------------------------------------------------* * DECRYPT: AES 128 bit, CBC * *-----------------------------------------------------------*/ $plaintext = _decrypt($json_ciphertext, "Secret Passphrase"); /******************************************************************** IMPLEMENTING FUNCTIONS... ********************************************************************/ function _encrypt($plaintext, $passphrase, $json) { $obj = json_decode($json); $mode = $obj->{'mode'}; $padding = $obj->{'padding'}; $keySize = $obj->{'keySize'}; $keySizeInt = parseKeyInt($keySize); # get the cipher key $salt = _getRandomBytes(8); $key = pbkdf2($passphrase, $salt, 1, $keySizeInt); // key # get IV $iv = generate_iv($keySize, $mode); try { $ciphertext = mcrypt_encrypt($keySize, $key, $plaintext, $mode, $iv); } catch (Exception $e) { echo 'Caught exception: ', $e->getMessage(), "\n"; } $json = array('iv' => base64_encode($iv), 'mode' => $mode, 'padding' => $padding, 'keySize' => $keySize, 'cipher' => "aes", 'salt' => base64_encode($salt), 'ciphertext' => base64_encode($ciphertext) ); $json_string = json_encode($json); return $json_string; } function _decrypt($json_ciphertext, $passphrase) { $obj = json_decode($json_ciphertext); $iv = base64_decode($obj->{'iv'}); // IV $salt = base64_decode($obj->{'salt'}); $mode = $obj->{'mode'}; $padding = $obj->{'padding'}; $keySize = $obj->{'keySize'}; $keySizeInt = parseKeyInt($keySize); $ciphertext = base64_decode($obj->{'ciphertext'}); # get the cipher key $key = pbkdf2($passphrase, $salt, 1, $keySizeInt); // key try { $plaintext = mcrypt_decrypt($keySize, $key, $ciphertext, $mode, $iv); } catch (Exception $e) { echo 'Caught exception: ', $e->getMessage(), "\n"; } return trim($plaintext); } function pbkdf2( $p, $s, $c, $kl, $a = 'sha256' ) { $hl = strlen( hash( $a, null, true ) ); $kb = ceil( $kl / $hl ); $dk = ''; # Create key for ( $block = 1; $block <= $kb; $block++ ) { # Initial hash for this block $ib = $b = hash_hmac( $a, $s . pack( 'N', $block ), $p, true ); # Perform block iterations for ( $i = 1; $i < $c; $i++ ) { # XOR each iterate $ib ^= ( $b = hash_hmac( $a, $b, $p, true ) ); } # Append iterated block $dk .= $ib; } # Return derived key of correct length return substr( $dk, 0, $kl ); } function generate_iv($keySize, $mode) { $iv_size = mcrypt_get_iv_size($keySize, $mode); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); return ($iv); } function parseKeyInt($keySize) { $key=""; if ($keySize == MCRYPT_RIJNDAEL_128) { $key=16; } else if ($keySize == MCRYPT_RIJNDAEL_192) { $key=24; } else if ($keySize == MCRYPT_RIJNDAEL_256) { $key=32; } return $key; } function getRIJNDAEL($keySize) { $rijndael=""; if ($keySize == 16) { $rijndael = MCRYPT_RIJNDAEL_128; } else if ($keySize == 24) { $rijndael = MCRYPT_RIJNDAEL_192; } else if ($keySize == 32) { $rijndael = MCRYPT_RIJNDAEL_256; } return $rijndael; } function _getRandomBytes($length = 8) { if (function_exists('openssl_random_pseudo_bytes')) { $bytes = base64_encode(openssl_random_pseudo_bytes($length, $strong)); if($strong == TRUE) { return substr($bytes, 0, $length); } } //fallback to mt_rand if php < 5.3 or no openssl available $characters = '0123456789'; $characters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz/+'; $charactersLength = strlen($characters)-1; $bytes = ''; //select some random characters for ($i = 0; $i < $length; $i++) { $bytes .= $characters[mt_rand(0, $charactersLength)]; } return $bytes; }
The modes of operation currently available are:
- ECB
- CBC
- CFB
- OFB
- NOFB
And the padding schemes currently available are:
- ZeroPadding