search

Home >Backend Development >PHP Tutorial >How Can I Implement Simple Two-Way Encryption and Authentication in PHP?

How Can I Implement Simple Two-Way Encryption and Authentication in PHP?

Mary-Kate Olsen
Mary-Kate OlsenOriginal
2024-12-24 02:10:13221browse

How Can I Implement Simple Two-Way Encryption and Authentication in PHP?

Simplest Two-Way Encryption using PHP

Background

Caution: Avoid encrypting passwords using these methods; instead, employ password hashing algorithms for safe password storage.

Portable Data Encryption in PHP

When using PHP 5.4 or later and desiring code portability, utilize an existing library providing authenticated encryption. Openssl methods, such as openssl_encrypt() and openssl_decrypt(), can be employed once you've selected an encryption method.

Encryption and Decryption

Consider using the Advanced Encryption Standard (AES) in CTR mode for encryption. This method offers the best balance between security and performance. Consult openssl_get_cipher_methods() for a list of supported methods.

Simple Encryption/Decryption Wrapper using OpenSSL

The following PHP class provides a simple encryption/decryption wrapper using OpenSSL:

class UnsafeCrypto
{
    const METHOD = 'aes-256-ctr';

    public static function encrypt($message, $key, $encode = false)
    {
        // ...
        if ($encode) {
            return base64_encode($nonce.$ciphertext);
        }
        return $nonce.$ciphertext;
    }

    public static function decrypt($message, $key, $encoded = false)
    {
        // ...
        $plaintext = openssl_decrypt(
            $ciphertext,
            self::METHOD,
            $key,
            OPENSSL_RAW_DATA,
            $nonce
        );
        
        return $plaintext;
    }
}

Simple Authentication Wrapper

For enhanced security, implement authentication to verify encrypted data's integrity:

class SaferCrypto extends UnsafeCrypto
{
    const HASH_ALGO = 'sha256';

    public static function encrypt($message, $key, $encode = false)
    {
        // ...
        if ($encode) {
            return base64_encode($mac.$ciphertext);
        }
        // Prepend MAC to the ciphertext and return to caller
        return $mac.$ciphertext;
    }

    public static function decrypt($message, $key, $encoded = false)
    {
        // ...
        $calculated = hash_hmac(
            self::HASH_ALGO,
            $ciphertext,
            $authKey,
            true
        );
        
        if (!self::hashEquals($mac, $calculated)) {
            throw new Exception('Encryption failure');
        }
        
        // Pass to UnsafeCrypto::decrypt
        $plaintext = parent::decrypt($ciphertext, $encKey);
        
        return $plaintext;
    }
}

The above is the detailed content of How Can I Implement Simple Two-Way Encryption and Authentication in PHP?. For more information, please follow other related articles on the PHP Chinese website!

php for using class this
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:How Can We Prevent PHP Session Fixation and Hijacking?Next article:How Can We Prevent PHP Session Fixation and Hijacking?

Related articles

See more