Rijndael 256-bit Encryption (CBC) Class
<?php | |
class Crypt { | |
private $key; | |
function __construct($key){ | |
$this->setKey($key); | |
} | |
public function encrypt($encrypt){ | |
$encrypt = serialize($encrypt); | |
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM); | |
$key = pack('H*', $this->key); | |
$mac = hash_hmac('sha256', $encrypt, substr($this->key, -32)); | |
$passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt . $mac, MCRYPT_MODE_CBC, $iv); | |
$encoded = base64_encode($passcrypt) . '|' . base64_encode($iv); | |
return $encoded; | |
} | |
public function decrypt($decrypt){ | |
$decrypt = explode('|', $decrypt.'|'); | |
$decoded = base64_decode($decrypt[0]); | |
$iv = base64_decode($decrypt[1]); | |
if(strlen($iv)!==mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC)){ return false; } | |
$key = pack('H*', $this->key); | |
$decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_CBC, $iv)); | |
$mac = substr($decrypted, -64); | |
$decrypted = substr($decrypted, 0, -64); | |
$calcmac = hash_hmac('sha256', $decrypted, substr($this->key, -32)); | |
if($calcmac !== $mac){ | |
return false; | |
} | |
$decrypted = unserialize($decrypted); | |
return $decrypted; | |
} | |
public function setKey($key){ | |
if(ctype_xdigit($key) && strlen($key) === 64){ | |
$this->key = $key; | |
}else{ | |
trigger_error('Invalid key. Key must be a 32-byte (64 character) hexadecimal string.', E_USER_ERROR); | |
} | |
} | |
} | |
$crypt = new Crypt('d0a7e7997b6d5fcd55f4b5c32611b87cd923e88837b63bf2941ef819dc8ca282'); | |
echo '<h1>Rijndael 256-bit CBC Encryption Function</h1>'; | |
$data = 'Super secret confidential string data.'; | |
$encrypted_data = $crypt->encrypt($data); | |
echo '<h2>Example #1: String Data</h2>'; | |
echo 'Data to be Encrypted: ' . $data . '<br/>'; | |
echo 'Encrypted Data: ' . $encrypted_data . '<br/>'; | |
echo 'Decrypted Data: ' . $crypt->decrypt($encrypted_data) . '</br>'; | |
$data = array(1, 5, 8, new DateTime(), 22, 10, 61, array('apple' => array('red', 'green'))); | |
$encrypted_data = $crypt->encrypt($data); | |
echo '<h2>Example #2: Non-String Data</h2>'; | |
echo 'Data to be Encrypted: <pre>'; | |
print_r($data); | |
echo '</pre><br/>'; | |
echo 'Encrypted Data: ' . $encrypted_data . '<br/>'; | |
echo 'Decrypted Data: <pre>'; | |
print_r($crypt->decrypt($encrypted_data)); | |
echo '</pre>'; |
This comment has been minimized.
This comment has been minimized.
Do you have this in a repository somewhere? I'd love to have you included as a dependency (to ensure you get full credit!), but I currently have you linked in the PHPDoc at the top of the class. |
This comment has been minimized.
This comment has been minimized.
Do not roll your own crypto. So, how insecure is this code? Well, it featured on Crypto Fails. @joshhartman, please don't try to fix this class, just scrape it. Use a well known, widely reviewed, standard implementation instead. |
This comment has been minimized.
This comment has been minimized.
The above class is deprecated in php 7.1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Is the hash_hmac necessary with CBC? I thought not, but correct me if I'm wrong.