PHP Function OpenSSL Encrypts and Decrypts Strings

Encryption is a critical component of any modern application that handles sensitive data, especially when it deals with passwords. It uses mathematics-based algorithms to scramble information into gibberish ciphertext that can only be decoded by those with the encryption key, allowing sensitive data to be stored safely. This is particularly important for businesses, where data leaks could lead to lawsuits and even dissolution.

PHP supports a number of different methods to encrypt and decrypt string data, with two of the most widely used being the openssl_encrypt() and openssl_decrypt() functions. These both rely on the open source cryptography library, OpenSSL, and allow you to choose from a variety of encryption algorithms, modes, and options.

The php function openssl_encrypt() takes a string of data, an encryption algorithm, and an encryption key as input. It encrypts the string and returns it as an output value on success, or FALSE if it fails. The openssl_decrypt() function takes the encrypted data, a decryption algorithm, and the encryption key as input. It then decrypts the data and returns it as an output value on success, and FALSE if it fails.

Both of these functions support AEAD modes, notably GCM and CCM, which are more secure than standard DES-based encryption. They also require a salt to help prevent attackers from guessing the encryption keys. For these reasons, it is best to use a strong salt when using crypt() and openssl_encrypt(). The salt can be generated with a random number generator or one of the constants provided by the crypt() function.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

openssl_encrypt example

if (empty($this->key)) {
            throw EncryptionException::forNeedsStarterKey();
        }

        // derive a secret key         $encryptKey = \hash_hkdf($this->digest, $this->key, 0, $this->encryptKeyInfo);

        // basic encryption         $iv = ($ivSize = \openssl_cipher_iv_length($this->cipher)) ? \openssl_random_pseudo_bytes($ivSize) : null;

        $data = \openssl_encrypt($data$this->cipher, $encryptKey, OPENSSL_RAW_DATA, $iv);

        if ($data === false) {
            throw EncryptionException::forEncryptionFailed();
        }

        $result = $this->rawData ? $iv . $data : base64_encode($iv . $data);

        // derive a secret key         $authKey = \hash_hkdf($this->digest, $this->key, 0, $this->authKeyInfo);

        $hmacKey = \hash_hmac($this->digest, $result$authKey$this->rawData);

        
throw new SodiumException('Nonce must be CRYPTO_AEAD_AES256GCM_NPUBBYTES long');
        }
        if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_AEAD_AES256GCM_KEYBYTES) {
            throw new SodiumException('Key must be CRYPTO_AEAD_AES256GCM_KEYBYTES long');
        }

        if (!is_callable('openssl_encrypt')) {
            throw new SodiumException('The OpenSSL extension is not installed, or openssl_encrypt() is not available');
        }

        $authTag = '';
        $ciphertext = openssl_encrypt(
            $plaintext,
            'aes-256-gcm',
            $key,
            OPENSSL_RAW_DATA,
            $nonce,
            $authTag,
            $assocData
        );
        return $ciphertext . $authTag;
    }

    
Home | Imprint | This part of the site doesn't use cookies.