<?php |
// DEFINE our cipher |
define('AES_256_CBC', 'aes-256-cbc'); |
// Generate a 256-bit encryption key |
// This should be stored somewhere instead of recreating it each time |
$encryption_key = openssl_random_pseudo_bytes(32); |
// Generate an initialization vector |
// This *MUST* be available for decryption as well |
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(AES_256_CBC)); |
// Create some data to encrypt |
$data = 'Encrypt me, please!'; |
echo'Before encryption: $datan'; |
// Encrypt $data using aes-256-cbc cipher with the given encryption key and |
// our initialization vector. The 0 gives us the default options, but can |
// be changed to OPENSSL_RAW_DATA or OPENSSL_ZERO_PADDING |
$encrypted = openssl_encrypt($data, AES_256_CBC, $encryption_key, 0, $iv); |
echo'Encrypted: $encryptedn'; |
// If we lose the $iv variable, we can't decrypt this, so: |
// - $encrypted is already base64-encoded from openssl_encrypt |
// - Append a separator that we know won't exist in base64, ':' |
// - And then append a base64-encoded $iv |
$encrypted = $encrypted . ':' . base64_encode($iv); |
// To decrypt, separate the encrypted data from the initialization vector ($iv). |
$parts = explode(':', $encrypted); |
// $parts[0] = encrypted data |
// $parts[1] = base-64 encoded initialization vector |
// Don't forget to base64-decode the $iv before feeding it back to |
//openssl_decrypt |
$decrypted = openssl_decrypt($parts[0], AES_256_CBC, $encryption_key, 0, base64_decode($parts[1])); |
echo'Decrypted: $decryptedn'; |
?> |
Encrypt using public key, decrypt using private key.
Use this to store stuff in your database: Unless someone
has your private key, the database contents are useless.
Also, use this for sending to a specific individual: Get
their public key, encrypt the message, only they can use
their private key to decode it.
<?php
echo 'Source: $source';
$fp=fopen('/path/to/certificate.crt','r');
$pub_key=fread($fp,8192);
fclose($fp);
openssl_get_publickey($pub_key);
/*
* NOTE: Here you use the $pub_key value (converted, I guess)
*/
openssl_public_encrypt($source,$crypttext,$pub_key);
echo 'String crypted: $crypttext';
$fp=fopen('/path/to/private.key','r');
$priv_key=fread($fp,8192);
fclose($fp);
// $passphrase is required if your key is encoded (suggested)
$res = openssl_get_privatekey($priv_key,$passphrase);
/*
* NOTE: Here you use the returned resource value
*/
openssl_private_decrypt($crypttext,$newsource,$res);
echo 'String decrypt : $newsource';
?>