PHP encryption

by
Content hide
1 Symmetric encryption
1.1 PHP encryption AES
1.2 PHP encryption file AES
2 Asymmetric encryption
2.1 PHP encryption RSA
2.2 PHP encryption file RSA

Symmetric encryption

Symmetric encryption is an encryption algorithm that uses the same cryptographic key to both encrypt and decrypt data. Let’s consider in PHP encryption of data using a symmetric method based on the AES (Advanced Encryption Standard) algorithm – a symmetric block encryption algorithm (block size 128 bits, key 128/192/256 bits). AES is one of the most widely used symmetric encryption algorithms.

PHP encryption AES

As stated earlier, an encryption key is required for encryption and decryption. It can be any string, but to get it, we will use a function that generates a string of pseudo-random bytes with a length of 40, and convert the resulting result to hexadecimal representation:

$bytes = openssl_random_pseudo_bytes(40);
$hex = bin2hex($bytes);

var_dump($hex);

The screen will display the following result:

string(80) "a26ae2d21d3742464613c65c196c0ddd591b1ad6a46b8aed254fd8854591b1a09dcad0427f43abfa"

We will use the resulting value as a secret key for encrypting and decrypting data (it must be kept secret). Let’s write it to the $key variable:

$key = "a26ae2d21d3742464613c65c196c0ddd591b1ad6a46b8aed254fd8854591b1a09dcad0427f43abfa";

Now let’s define what we are going to encoding. For the first example, let’s take a line:

$data = 'This string is encoded with symmetric AES encryption';

We will encrypt the data using the AES algorithm with a 192 bit key:

$method = "AES-192-CBC";

All available encryption methods can be viewed as follows:

var_dump(openssl_get_cipher_methods());

Having the data for encryption $data, the selected method $method and the secret key $key in PHP, we can perform symmetric data encryption using the openssl_encrypt function:

$encrypted = openssl_encrypt($data, $method, $key);

Let’s display the result using var_dump ($encrypted):

string(88) "N6n3bfw/I5711dSBniwxaoioKBUB9yNb3ecOn3B7z3Wsgfn45JrEfee1XddZmkKHqWB555xTZM+ii+Wc23tv7Q=="

To decrypt the resulting value, you must use the reverse function openssl_decrypt:

$decrypted = openssl_decrypt($encrypted, $method, $key);

Let’s use var_dump($decrypted) again:

string(52) "This string is encoded with symmetric AES encryption"

The final listing of an example of symmetric data encryption / decryption in PHP will be as follows:

<?php


// Encrypted data
$data = 'This string is encoded with symmetric AES encryption';
// Encryption key
$key = "a26ae2d21d3742464613c65c196c0ddd591b1ad6a46b8aed254fd8854591b1a09dcad0427f43abfa";
// 
Encryption method
$method = "AES-192-CBC";

// We encrypt data
$encrypted = openssl_encrypt($data, $method, $key);

// See the result
var_dump($encrypted);

// We decrypt data
$decrypted = openssl_decrypt($encrypted, $method, $key);

// See the result
var_dump($decrypted);

?>

PHP encryption file AES

In PHP encryption files from encrypting data differs only in that the contents of the file must first be read, performed the necessary operations with it, and then written.

Let’s create a plain text file in the current directory:

$ echo 'This file is encoded in PHP using the symmetric AES algorithm' > aes.txt

We will take the key and encryption method from the previous example, and get the data for encoding from the aes.txt file using the file_get_contents function:

$key = "a26ae2d21d3742464613c65c196c0ddd591b1ad6a46b8aed254fd8854591b1a09dcad0427f43abfa";
$method = "AES-192-CBC";
$file = 'aes.txt';

$contents = file_get_contents($file);

Let’s encode the contents of the file and write it to a new file aes-encrypted.txt using the file_put_contents function:

$contetsEncrypted = openssl_encrypt($contents, $method, $key);

$fileEncrypted = 'aes-encrypted.txt';
file_put_contents($fileEncrypted, $contetsEncrypted);

Let’s see the contents of the resulting file:

$ cat aes-encrypted.txt
zqQ9bLhvaDF26ZUN2uwmgMtHViQy15m/hWQ7uzzr4OqLcgJDWcExGXNwSYVMhGBI1kC+Ji0P2xCoYM3Ft3P+dw==

It remains to try to decrypt this file and write it:

$contents = file_get_contents($fileEncrypted);

$contentsDecrypted = openssl_decrypt($contents, $method, $key);

$fileDecrypted = 'aes-decrypted.txt';
file_put_contents($fileDecrypted, $contentsDecrypted);

Checking the result:

$ cat aes-decrypted.txt
This file is encoded in PHP using the symmetric AES algorithm

The final listing of symmetric file encryption in PHP using the AES algorithm:

<?php

// Encrypted key
$key = "5aa3c281e42ba7101f7227a7519d5e961c7bcf2b10a42914304bffc1afcebb1d2be98f53caa80d05";
// Encrypted method
$method = "AES-192-CBC";
// File for encryption
$file = 'aes.txt';

// Reading the contents of the file
$contents = file_get_contents($file);

// Encrypting file contents
$contetsEncrypted = openssl_encrypt($contents, $method, $key);

// Encrypted file
$fileEncrypted = 'aes-encrypted.txt';
// Writing encrypted data to a new file
file_put_contents($fileEncrypted, $contetsEncrypted);

// Reading the contents of the encrypted file
$contents = file_get_contents($fileEncrypted);

// Decrypting the content of the encrypted file
$contentsDecrypted = openssl_decrypt($contents, $method, $key);

// Decrypted file
$fileDecrypted = 'aes-decrypted.txt';
// Writing the decrypted data to a new file
file_put_contents($fileDecrypted, $contentsDecrypted);

?>

Asymmetric encryption

Asymmetric encryption differs from symmetric encryption in that not one shared key is used to encrypt and decrypt data, but two different ones. One of the most common asymmetric encryption algorithms is RSA (short for Rivest, Shamir and Adleman), a public key cryptographic algorithm. This algorithm uses a public key to encrypt data and a secret private key to decrypt data.

PHP encryption RSA

To work with this algorithm, we need a public public.crt and a private private.pem key. You can get them from the console using openssl. Let’s generate a rsa pair with a 2048 bit key for 365 days (“/C=US/ST=NY/L=NEW YORK/O=POCKETADMIN/TECH=XX/CN=pocketadmin.tech/emailAddress=”example@pocketadmin.tech – information about subject who issued the key):

$ openssl req -newkey rsa:2048 -nodes -keyout private.pem -out public.crt -x509 -days 365 -subj "/C=US/ST=NY/L=NEW YORK/O=POCKETADMIN/TECH=XX/CN=pocketadmin.tech/emailAddress="example@pocketadmin.tech

Generating a 2048 bit RSA private key
..................................................................+++
.+++
writing new private key to 'private.pem'
-----
Subject Attribute TECH has no known NID, skipped

Let’s declare the encrypted string and keys:

$data = 'This string was encrypted in PHP using the asymmetric RSA algorithm';

$filePublicKey = 'public.crt';
$filePrivateKey = 'private.pem';

Once again, I want to draw your attention to the fact that the private key itself must be kept secret! Directly for encryption to third parties, it is enough to transfer only the public key.

We get the contents of the file with the public key and extract the key itself:

$contentsPublicKey = file_get_contents($filePublicKey);
$publicKey  = openssl_get_publickey($contentsPublicKey);

Using the openssl_public_encrypt function, we encrypt the $data with the public key $publicKey. The encryption result will be placed in the $encrypted variable:

openssl_public_encrypt($data, $encrypted, $publicKey);

Further, for decryption, we need a private key:

$contentsPrivateKey = file_get_contents($filePrivateKey);
$privateKey  = openssl_get_privatekey($contentsPrivateKey);

To decrypt the data $encrypted with the private key $privateKey, use the openssl_private_decrypt function. The result is placed in the $decrypted variable:

openssl_private_decrypt($encrypted, $decrypted, $privateKey);

Let’s check the result with var_dump($decrypted):

string(67) "This string was encrypted in PHP using the asymmetric RSA algorithm"

Here is all the PHP code for encrypting data using the RSA algorithm:

<?php

// 
Encrypted data
$data = 'This string was encrypted in PHP using the asymmetric RSA algorithm';

// Public and private encryption keys obtained with openssl
$filePublicKey = 'public.crt';
$filePrivateKey = 'private.pem';

// Extracting the public key for encryption
$contentsPublicKey = file_get_contents($filePublicKey);
$publicKey  = openssl_get_publickey($contentsPublicKey);

// We encrypt data
openssl_public_encrypt($data, $encrypted, $publicKey);

// 
Retrieving the private key
$contentsPrivateKey = file_get_contents($filePrivateKey);
$privateKey  = openssl_get_privatekey($contentsPrivateKey);

// 
We decrypt data using a private key
openssl_private_decrypt($encrypted, $decrypted, $privateKey);

// 
Checking the result
var_dump($decrypted);

?>

PHP encryption file RSA

Let’s create a simple text file that we will encrypt:

$ echo 'This file was encrypted in PHP using the asymmetric RSA algorithm' > rsa.txt

We use the public and private keys from the previous example. Let’s declare the file to be encrypted, encrypted and decrypted:

$filePublicKey = 'public.crt';
$filePrivateKey = 'private.pem';

$file = 'rsa.txt';
$fileEncrypted = 'rsa-encrypted.txt';
$fileDecrypted = 'rsa-decrypted.txt';

By analogy with the previous examples: we get the public key $publicKey and use it to encrypt the contents of the file $file. We write the result to $fileEncrypted:

$contentsPublicKey = file_get_contents($filePublicKey);
$publicKey  = openssl_get_publickey($contentsPublicKey);

$contents = file_get_contents($file);
openssl_public_encrypt($contents, $contentsEncrypted, $publicKey);
file_put_contents($fileEncrypted, $contentsEncrypted);

To decrypt this file: get the private key $privateKey, decrypt the contents of the file $fileEncrypted. We write the data to the file $fileDecrypted:

$contentsPrivateKey = file_get_contents($filePrivateKey);
$privateKey  = openssl_get_privatekey($contentsPrivateKey);

$contentsEncrypted = file_get_contents($fileEncrypted);
openssl_private_decrypt($contentsEncrypted, $contentsDecrypted, $privateKey);
file_put_contents($fileDecrypted, $contentsDecrypted);

Let’s check the created file:

$ cat rsa-decrypted.txt
This file was encrypted in PHP using the asymmetric RSA algorithm

Let’s put together all the code:

<?php

// Declaring files with public and private keys
$filePublicKey = 'public.crt';
$filePrivateKey = 'private.pem';

// We declare files: encrypted, encrypted and decrypted
$file = 'rsa.txt';
$fileEncrypted = 'rsa-encrypted.txt';
$fileDecrypted = 'rsa-decrypted.txt';

// Get the public key from the file
$contentsPublicKey = file_get_contents($filePublicKey);
$publicKey  = openssl_get_publickey($contentsPublicKey);

// 
We get the contents of the file, encrypt it and write it to a new file
$contents = file_get_contents($file);
openssl_public_encrypt($contents, $contentsEncrypted, $publicKey);
file_put_contents($fileEncrypted, $contentsEncrypted);

// Get the private key from the file
$contentsPrivateKey = file_get_contents($filePrivateKey);
$privateKey  = openssl_get_privatekey($contentsPrivateKey);

// We decrypt the contents of the encrypted file using the private key. Writing the decrypted file
$contentsEncrypted = file_get_contents($fileEncrypted);
openssl_private_decrypt($contentsEncrypted, $contentsDecrypted, $privateKey);
file_put_contents($fileDecrypted, $contentsDecrypted);

?>

Leave a Comment