Encrypting and decrypting in PHP

By: David Sklar Emailed: 1607 times Printed: 2075 times    

Latest comments
By: rohit kumar - how this program is work
By: Kirti - Hi..thx for the hadoop in
By: Spijker - I have altered the code a
By: ali mohammed - why we use the java in ne
By: ali mohammed - why we use the java in ne
By: mizhelle - when I exported the data
By: raul - no output as well, i'm ge
By: Rajesh - thanx very much...
By: Suindu De - Suppose we are executing

The mcrypt extension is an interface with mcrypt, a library that implements many different encryption algorithms. The data is encrypted and decrypted by mcrypt_encrypt( )and mcrypt_decrypt( ), respectively. They each take five arguments. The first is the algorithm to use. To find which algorithms mcrypt supports on your system, call mcrypt_list_algorithms( ). The full list of mcrypt algorithms is shown in Table below. The second argument is the encryption key; the third argument is the data to encrypt or decrypt. The fourth argument is the mode for the encryption or decryption (a list of supported modes is returned by mcrypt_list_modes( )). The fifth argument is an initialization vector (IV), used by some modes as part of the encryption or decryption process.

Using PHP's mcrypt extension:

$key  = 'That golden key that opes the palace of eternity.';
$data = 'The chicken escapes at dawn. Send help with Mr. Blue.';
$alg  = MCRYPT_BLOWFISH;
$mode = MCRYPT_MODE_CBC;

$iv = mcrypt_create_iv(mcrypt_get_iv_size($alg,$mode),MCRYPT_DEV_URANDOM);
$encrypted_data = mcrypt_encrypt($alg, $key, $data, $mode, $iv);
$plain_text = base64_encode($encrypted_data);

print $plain_text."\n";
$decoded = mcrypt_decrypt($alg,$key,base64_decode($plain_text),$mode,$iv);
print $decoded."\n";
NNB9WnuCYjyd3Y7vUh7XDfWFCWnQY0BsMehHNmBHbGOdJ3cM+yghABb/XyrJ+w3xz9tms74/a70=
The chicken escapes at dawn. Send help with Mr. Blue.

Table below lists all the possible mcrypt algorithms, including the constant value used to indicate the algorithm, the key and block sizes in bits, and whether the algorithm is supported  libmcrypt 2.2.x and 2.4.x.

 
mcrypt algorithm constants

Algorithm constant

Description

Key size

Block size

2.2.x

2.4.x

MCRYPT_3DES

Triple DES

168 (112 effective)

64

Yes

Yes

MCRYPT_TRIPLEDES

Triple DES

168 (112 effective)

64

No

Yes

MCRYPT_3WAY

3way (Joan Daemen)

96

96

Yes

No

MCRYPT_THREEWAY

3way

96

96

Yes

Yes

MCRYPT_BLOWFISH

Blowfish (Bruce Schneier)

Up to 448

64

No

Yes

MCRYPT_BLOWFISH_COMPAT

Blowfish with compatibility to other implementations

Up to 448

64

No

Yes

MCRYPT_BLOWFISH_128

Blowfish

128

64

Yes

No

MCRYPT_BLOWFISH_192

Blowfish

192

64

Yes

 

MCRYPT_BLOWFISH_256

Blowfish

256

64

Yes

No

MCRYPT_BLOWFISH_448

Blowfish

448

64

Yes

No

MCRYPT_CAST_128

CAST (Carlisle Adams and Stafford Tavares)

128

64

Yes

Yes

MCRYPT_CAST_256

CAST

256

128

Yes

Yes

MCRYPT_CRYPT

One-rotor Unix crypt

104

8

 

Yes

MCRYPT_ENIGNA

One-rotor Unix crypt

104

8

No

Yes

MCRYPT_DES

U.S. Data Encryption Standard

56

64

Yes

Yes

MCRYPT_GOST

Soviet Gosudarstvennyi Standard ("Government Standard")

256

64

Yes

Yes

MCRYPT_IDEA

International Data Encryption Algorithm

128

64

Yes

Yes

MCRYPT_LOKI97

LOKI97 (Lawrie Brown, Josef Pieprzyk)

128, 192, or 256

64

Yes

Yes

MCRYPT_MARS

MARS (IBM)

128-448

128

No

Yes

MCRYPT_PANAMA

PANAMA (Joan Daemen, Craig Clapp)

-

Stream

No

Yes

MCRYPT_RC2

Rivest Cipher 2

8-1024

64

No

Yes

MCRYPT_RC2_1024

Rivest Cipher 2

1024

64

Yes

No

MCRYPT_RC2_128

Rivest Cipher 2

128

64

Yes

No

MCRYPT_RC2_256

Rivest Cipher 2

256

64

Yes

No

MCRYPT_RC4

Rivest Cipher 4

Up to 2048

Stream

Yes

No

MCRYPT_ARCFOUR

Non-trademarked RC4 compatible

Up to 2048

Stream

No

Yes

MCRYPT_ARCFOUR_IV

Arcfour with Initialization Vector

Up to 2048

Stream

No

Yes

MCRYPT_RC6

Rivest Cipher 6

128, 192, or 256

128

No

Yes

MCRYPT_RC6_128

Rivest Cipher 6

128

128

Yes

No

MCRYPT_RC6_192

Rivest Cipher 6

192

128

Yes

No

MCRYPT_RC6_256

Rivest Cipher 6

256

128

Yes

No

MCRYPT_RIJNDAEL_128

Rijndael (Joan Daemen, Vincent Rijmen)

128

128

Yes

Yes

MCRYPT_RIJNDAEL_192

Rijndael

192

192

Yes

Yes

MCRYPT_RIJNDAEL_256

Rijndael

256

256

Yes

Yes

MCRYPT_SAFERPLUS

SAFER+ (based on SAFER)

128, 192, or 256

128

Yes

Yes

MCRYPT_SAFER_128

Secure And Fast Encryption Routine with strengthened key schedule

128

64

Yes

Yes

MCRYPT_SAFER_64

Secure And Fast Encryption Routine with strengthened key

64

64

Yes

Yes

MCRYPT_SERPENT

Serpent (Ross Anderson, Eli Biham, Lars Knudsen)

128, 192, or 256

128

No

Yes

MCRYPT_SERPENT_128

Serpent

128

128

Yes

No

MCRYPT_SERPENT_192

Serpent

192

128

Yes

No

MCRYPT_SERPENT_256

Serpent

256

128

Yes

No

MCRYPT_SKIPJACK

U.S. NSA Clipper Escrowed Encryption Standard

80

64

No

Yes

MCRYPT_TWOFISH

Twofish (Counterpane Systems)

128, 192, or 256

128

No

Yes

MCRYPT_TWOFISH_128

Twofish

128

128

Yes

No

MCRYPT_TWOFISH_192

Twofish

192

128

Yes

No

MCRYPT_TWOFISH_256

Twofish

256

128

Yes

No

MCRYPT_WAKE

Word Auto Key Encryption (David Wheeler)

256

32

No

Yes

MCRYPT_XTEA

Extended Tiny Encryption Algorithm (David Wheeler, Roger Needham)

128

64

Yes

Yes

Except for the data to encrypt or decrypt, all the other arguments must be the same when encrypting and decrypting. If you're using a mode that requires an initialization vector, it's okay to pass the initialization vector in the clear with the encrypted text.

The different modes are appropriate in different circumstances. Cipher Block Chaining (CBC) mode encrypts the data in blocks, and uses the encrypted value of each block (as well as the key) to compute the encrypted value of the next block. The initialization vector affects the encrypted value of the first block. Cipher Feedback (CFB) and Output Feedback (OFB) also use an initialization vector, but they encrypt data in units smaller than the block size. Note that OFB mode has security problems if you encrypt data in smaller units than its block size. Electronic Code Book (ECB) mode encrypts data in discreet blocks that don't depend on each other. ECB mode doesn't use an initialization vector. It is also less secure than other modes for repeated use, because the same plaintext with a given key always produces the same ciphertext. Constants to set each mode are listed in table below.

 
 mcrypt mode constants

Mode constant

Description

MCRYPT_MODE_ECB

Electronic Code Book mode

MCRYPT_MODE_CBC

Cipher Block Chaining mode

MCRYPT_MODE_CFB

Cipher Feedback mode

MCRYPT_MODE_OFB

Output Feedback mode with 8 bits of feedback

MCRYPT_MODE_NOFB

Output Feedback mode with n bits of feedback, where n is the block size of the algorithm used (libmcrypt 2.4 and higher only)

MCRYPT_MODE_STREAM

Stream Cipher mode, for algorithms such as RC4 and WAKE (libmcrypt 2.4 and higher only)

Different algorithms have different block sizes. You can retrieve the block size for a particular algorithm with mcrypt_get_block_size( ). Similarly, the initialization vector size is determined by the algorithm and the mode. mcrypt_create_iv( )and mcrypt_get_iv_size( ) make it easy to create an appropriate random initialization vector:

$iv = mcrypt_create_iv(mcrypt_get_iv_size($alg,$mode),MCRYPT_DEV_URANDOM);

The first argument to mcrypt_create_iv( ) is the size of the vector, and the second is a source of randomness. You have three choices for the source of randomness. MCRYPT_DEV_RANDOM reads from the pseudodevice /dev/random, MCRYPT_DEV_URANDOM reads from the pseudo-device /dev/urandom, and MCRYPT_RAND uses an internal random number generator. Not all operating systems support random-generating pseudo-devices. Make sure to call srand( ) before using MCRYPT_RAND in order to get a nonrepeating random number stream.

The code and examples in this recipe are compatible with mcrypt 2.4. PHP's mcrypt interface supports both mcrypt 2.2 and mcrypt 2.4, but there are differences between the two. With mcrypt 2.2, PHP supports only the following mcrypt functions: mcrypt_ecb( ), mcrypt_cbc( ), mcrypt_cfb( ), mcrypt_ofb( ), mcrypt_get_key_size( ), mcrypt_get_block_size( ), mcrypt_get_cipher_name( ), and mcrypt_create_iv( ). To encrypt or decrypt data with mcrypt 2.2, call the appropriate mcrypt_MODE( ) function, based on what mode you want to use, and pass it an argument that instructs it to encrypt or decrypt. The following code is the mcrypt 2.2-compatible version of the code in the Solution:

$key  = 'That golden key that opes the palace of eternity.';
$data = 'The chicken escapes at dawn. Send help with Mr. Blue.';
$alg = MCRYPT_BLOWFISH;

$iv = mcrypt_create_iv(mcrypt_get_block_size($alg),MCRYPT_DEV_URANDOM);
$encrypted_data = mcrypt_cbc($alg,$key,$data,MCRYPT_ENCRYPT);
$plain_text = base64_encode($encrypted_data);

print $plain_text."\n";

$decoded = mcrypt_cbc($alg,$key,base64_decode($plain_text),MCRYPT_DECRYPT);

print $decoded."\n";

PHP Home | All PHP Tutorials | Latest PHP Tutorials

Sponsored Links

If this tutorial doesn't answer your question, or you have a specific question, just ask an expert here. Post your question to get a direct answer.



Bookmark and Share

Comments(1)


1. View Comment

Great explanations! I looked for other guides and this was the most detailed one. I can't believe that at the PHP site they don't describe the modes or when to use them. I definitely have it for reference. Thank you!

View Tutorial          By: A.Lepe at 2010-09-15 21:36:42

Your name (required):


Your email(required, will not be shown to the public):


Your sites URL (optional):


Your comments:



More Tutorials by David Sklar
Find Difference between two dates in PHP
Reading .CSV file in PHP
Appending One Array to Another in PHP
Removing Duplicate Elements from an Array in PHP
Sorting an Array in PHP
Iterating Through an Array in PHP
Password protecting a page in PHP
Deleting Cookies in PHP
Reading Cookie Values in PHP
Setting cookies in PHP
Encrypting and decrypting in PHP
GDBM, NDBM, DB2, DB3, DBM, and CDB Databases in PHP
Using Text-File Databases in PHP
Upload and Download files with FTP in PHP
Extract files from a .zip file using PHP

More Tutorials in PHP
PHP code to import from CSV file to MySQL
PHP code to write to a CSV file from MySQL query
PHP code to write to a CSV file for Microsoft Applications
Convert XML to CSV in PHP
Password must include both numeric and alphabetic characters - Magento
PHP file upload (Large Files)
PHP file upload prompts authentication for anonymous users
PHP file upload with IIS on windows XP/2000 etc
Error: Length parameter must be greater than 0
Multiple File Upload in PHP using IFRAME
Resume or Pause File Uploads in PHP
Exception in module wampmanager.exe at 000F15A0 in Windows 8
Handling file locks in PHP
HTML table output using Nested for loops in PHP
Count occurrences of a character in a String in PHP

More Latest News
Most Viewed Articles (in PHP )
Locking files in PHP
use() in PHP
Password must include both numeric and alphabetic characters - Magento
PHP code to write to a CSV file from MySQL query
Different versions of PHP - History and evolution of PHP
Traversing Arrays Using list() and each() in PHP
public, protected, and private Properties in PHP
parent:: AND self:: in PHP
Using HMAC Verification in PHP
Handling BLOB in PHP and MySQL
Reading contents of a File into a String in PHP
Encrypting and decrypting in PHP
Parent: child process exited with status 3221225477 -- Restarting
Function to return number of digits of an integer in PHP
PHP code to import from CSV file to MySQL
Most Emailed Articles (in PHP)
preg_split() and explode() in PHP
Cannot load /usr/local/apache/libexec/libphp4.so into server: ld.so.1:......
Handling BLOB in PHP and MySQL
Where does the PHP run?
Exception in module wampmanager.exe at 000F15A0 in Windows 8
Password must include both numeric and alphabetic characters - Magento
Convert XML to CSV in PHP
History and origin of PHP
Traversing Arrays Using foreach in PHP
Reading word by word from a file in PHP
Upload and Download files with FTP in PHP
Encrypting and decrypting in PHP
Parent: child process exited with status 3221225477 -- Restarting
Handling file locks in PHP
PHP code to import from CSV file to MySQL