Created
October 26, 2019 20:22
-
-
Save jfcherng/20fa1fd0032590a979240584e6ebeb5e to your computer and use it in GitHub Desktop.
Yet another simple encryption/decryption wrapper.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| declare(strict_types=1); | |
| namespace App\Core; | |
| use RuntimeException; | |
| class SimpleCrypto | |
| { | |
| const METHOD = 'aes-256-ctr'; | |
| /** | |
| * Encrypts (but does not authenticate) a message. | |
| * | |
| * @param string $message plaintext message | |
| * @param string $key encryption key (raw binary expected) | |
| * @param bool $encode set to TRUE to return a base64-encoded | |
| * | |
| * @return string (raw binary) | |
| */ | |
| public static function encrypt(string $message, string $key, bool $encode = true): string | |
| { | |
| $nonceSize = \openssl_cipher_iv_length(self::METHOD); | |
| $nonce = \openssl_random_pseudo_bytes($nonceSize); | |
| $ciphertext = \openssl_encrypt($message, self::METHOD, $key, \OPENSSL_RAW_DATA, $nonce); | |
| // Now let's pack the IV and the ciphertext together | |
| // Naively, we can just concatenate | |
| if ($encode) { | |
| return \base64_encode($nonce . $ciphertext); | |
| } | |
| return $nonce . $ciphertext; | |
| } | |
| /** | |
| * Encrypts a message with $_ENV['APP_SECRET'] as the key. | |
| * | |
| * @param string $message plaintext message | |
| * @param bool $encode set to TRUE to return a base64-encoded | |
| * | |
| * @return string (raw binary) | |
| */ | |
| public static function appEncrypt(string $message, bool $encode = true): string | |
| { | |
| return self::encrypt($message, \getenv('APP_SECRET'), $encode); | |
| } | |
| /** | |
| * Decrypts (but does not verify) a message. | |
| * | |
| * @param string $message ciphertext message | |
| * @param string $key encryption key (raw binary expected) | |
| * @param bool $encoded are we expecting an encoded string? | |
| * | |
| * @return string | |
| */ | |
| public static function decrypt(string $message, string $key, bool $encoded = true): string | |
| { | |
| if ($encoded) { | |
| $message = \base64_decode($message, true); | |
| if ($message === false) { | |
| throw new RuntimeException('Encryption failure'); | |
| } | |
| } | |
| $nonceSize = \openssl_cipher_iv_length(self::METHOD); | |
| $nonce = \mb_substr($message, 0, $nonceSize, '8bit'); | |
| $ciphertext = \mb_substr($message, $nonceSize, null, '8bit'); | |
| return \openssl_decrypt($ciphertext, self::METHOD, $key, \OPENSSL_RAW_DATA, $nonce); | |
| } | |
| /** | |
| * Decrypts a message with $_ENV['APP_SECRET'] as the key. | |
| * | |
| * @param string $message ciphertext message | |
| * @param bool $encoded are we expecting an encoded string? | |
| * | |
| * @return string | |
| */ | |
| public static function appDecrypt(string $message, bool $encoded = true): string | |
| { | |
| return self::decrypt($message, \getenv('APP_SECRET'), $encoded); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment