All geek questions in one place

How to encrypt plaintext with AES-256 CBC in PHP using OpenSSL?

I am trying to encrypt sensitive user data, such as private messages on my website with php, before entering the database. I did a bit of work on the Internet, and I found some important things to remember:

  • Never use mcrypt, it refuses programs.

  • AES is based on the Rijndael algorithm and has not yet changed.

  • AES was also recommended by the NSA and is used in encryption of US government data, but since the NSA recommends it, there is a chance that they can easily penetrate my user data.

  • Blowfish was also unbroken, but slow and less popular.

So, I decided to try first with AES-256 cbc. But I'm still not sure it is better not to consider Blowfish an option. Therefore, any recommendations are welcome.

And my main problem is how to encrypt data in php? I can't find a good guide on this in the php documentation. What is the correct way to implement it?

Any help is greatly appreciated.

+4
source share
1 answer

AES-256 (OpenSSL implementation)

You are in Good Luck.

The extension opensslhas some fairly easy to use methods for AES-256. The steps you need to take are basically ...

  • Create a 256-bit encryption key (this needs to be stored somewhere)
    • $encryption_key = openssl_random_pseudo_bytes(32);
  • " " ( , )
    • $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
  • openssl_encrypt()
    • openssl_encrypt($data, 'aes-256-cbc', $encryptionKey, $options, $initializationVector)
    • $options 0 OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING
    • $encrypted = $encrypted . ':' . $iv;
  • .
    • explode(':' , $encrypted);
  • openssl_decrypt()
    • openssl_decrypt($encryptedData, 'aes-256-cbc', $encryptionKey, $options, $initializationVector)

openssl

openssl_functions() , php.ini , . ;extension=php_openssl.dll, ;

PHP - .

http://phpfiddle.org/lite/code/9epi-j5v2

+11

Source: https://habr.com/ru/post/1624921/

More articles:


All Articles