Early versions of PHP included mcrypt extension, that provided encryption/decryption capabilities. Due to lack of maintenance, the mycrypt extension has been deprecated and removed from PHP 7.2 version onwards. PHP now includes OpenSSL library that has an extensive functionality to support encryption and decryption features.
OpenSSL supports various encryption algorithms such as AES (Advanced Encryption Standard). All the supported algorithms can be obtained by invoking openssl_get_cipher_methods() function.
The two important functions in OpenSSL extension are −
- openssl_encrypt() − Encrypts data
- openssl_decrypt() − Decrypts data
The openssl_encrypt() Function
This function encrypts the given data with given method and key, and returns a raw or base64 encoded string −
openssl_encrypt(string$data,string$cipher_algo,string$passphrase,int$options=0,string$iv="",string&$tag=null,string$aad="",int$tag_length=16):string|falseThe function has the following parameters −
| Sr.No | Parameter & Description |
|---|---|
| 1 | dataThe plaintext message data to be encrypted. |
| 2 | cipher_algoThe cipher method. |
| 3 | passphraseThe passphrase. If the passphrase is shorter than expected, padded with NULL characters; if the passphrase is longer than expected, it is truncated. |
| 4 | optionsoptions is a bitwise disjunction of the flags OPENSSL_RAW_DATA and OPENSSL_ZERO_PADDING. |
| 5 | ivA non-NULL Initialization Vector. |
| 6 | tagThe authentication tag passed by reference when using AEAD cipher mode (GCM or CCM). |
| 7 | aadAdditional authenticated data. |
| 8 | tag_lengthThe length of the authentication tag. Its value can be between 4 and 16 for GCM mode. |
The function returns the encrypted string on success or false on failure.
The openssl_decrypt() Function
This function takes a raw or base64 encoded string and decrypts it using a given method and key.
openssl_decrypt(string$data,string$cipher_algo,string$passphrase,int$options=0,string$iv="",?string$tag=null,string$aad=""):string|falseThe openssl_decrypt() function uses the same parameters as the openssl_encrypt function.
This function returns the decrypted string on success or false on failure.
Example
Take a look at the following example −
<?php
function sslencrypt($source, $algo, $key, $opt, $iv) {
$encstring = openssl_encrypt($source, $algo, $key, $opt, $iv);
return $encstring;
}
function ssldecrypt($encstring, $algo, $key, $opt, $iv) {
$decrstring = openssl_decrypt($encstring, $algo, $key, $opt, $iv);
return $decrstring;
}
// string to be encrypted
$source = "PHP: Hypertext Preprocessor";
// Display the original string
echo "Before encryption: " . $source . "\n";
$algo = "BF-CBC";
$opt=0;
$ivlength = openssl_cipher_iv_length($algo);
$iv = random_bytes($ivlength);
$key = "abcABC123!@#";
// Encryption process
$encstring = sslencrypt($source, $algo, $key, $opt, $iv);
// Display the encrypted string
echo "Encrypted String: " . $encstring . "\n";
// Decryption process
$decrstring = ssldecrypt($encstring, $algo, $key, $opt, $iv);
// Display the decrypted string
echo "Decrypted String: " . $decrstring;
?>It will produce the following output −
Before encryption: PHP: Hypertext Preprocessor
Encrypted String:
Decrypted String:
Leave a Reply