Skip to content

Instantly share code, notes, and snippets.

@joshhartman

joshhartman/crypt.class.php

Last active November 25, 2022 10:10
Show Gist options
  • Star 21 You must be signed in to star a gist
  • Fork 10 You must be signed in to fork a gist
  • Save joshhartman/10342187 to your computer and use it in GitHub Desktop.
Save joshhartman/10342187 to your computer and use it in GitHub Desktop.
Download ZIP
Rijndael 256-bit Encryption (CBC) Class
Raw
crypt.class.php
<?php
class Crypt {
private $key;
function __construct($key){
$this->setKey($key);
}
public function encrypt($encrypt){
$encrypt = serialize($encrypt);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM);
$key = pack('H*', $this->key);
$mac = hash_hmac('sha256', $encrypt, substr($this->key, -32));
$passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt . $mac, MCRYPT_MODE_CBC, $iv);
$encoded = base64_encode($passcrypt) . '|' . base64_encode($iv);
return $encoded;
}
public function decrypt($decrypt){
$decrypt = explode('|', $decrypt.'|');
$decoded = base64_decode($decrypt[0]);
$iv = base64_decode($decrypt[1]);
if(strlen($iv)!==mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC)){ return false; }
$key = pack('H*', $this->key);
$decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_CBC, $iv));
$mac = substr($decrypted, -64);
$decrypted = substr($decrypted, 0, -64);
$calcmac = hash_hmac('sha256', $decrypted, substr($this->key, -32));
if($calcmac !== $mac){
return false;
}
$decrypted = unserialize($decrypted);
return $decrypted;
}
public function setKey($key){
if(ctype_xdigit($key) && strlen($key) === 64){
$this->key = $key;
}else{
trigger_error('Invalid key. Key must be a 32-byte (64 character) hexadecimal string.', E_USER_ERROR);
}
}
}
$crypt = new Crypt('d0a7e7997b6d5fcd55f4b5c32611b87cd923e88837b63bf2941ef819dc8ca282');
echo '<h1>Rijndael 256-bit CBC Encryption Function</h1>';
$data = 'Super secret confidential string data.';
$encrypted_data = $crypt->encrypt($data);
echo '<h2>Example #1: String Data</h2>';
echo 'Data to be Encrypted: ' . $data . '<br/>';
echo 'Encrypted Data: ' . $encrypted_data . '<br/>';
echo 'Decrypted Data: ' . $crypt->decrypt($encrypted_data) . '</br>';
$data = array(1, 5, 8, new DateTime(), 22, 10, 61, array('apple' => array('red', 'green')));
$encrypted_data = $crypt->encrypt($data);
echo '<h2>Example #2: Non-String Data</h2>';
echo 'Data to be Encrypted: <pre>';
print_r($data);
echo '</pre><br/>';
echo 'Encrypted Data: ' . $encrypted_data . '<br/>';
echo 'Decrypted Data: <pre>';
print_r($crypt->decrypt($encrypted_data));
echo '</pre>';
@twicejr
Copy link

twicejr commented May 1, 2014

Is the hash_hmac necessary with CBC? I thought not, but correct me if I'm wrong.

@jamesaspence
Copy link

Do you have this in a repository somewhere? I'd love to have you included as a dependency (to ensure you get full credit!), but I currently have you linked in the PHPDoc at the top of the class.

@Harmond
Copy link

Harmond commented Sep 12, 2015

Do not roll your own crypto.
For all those considering using this class... DON'T! It is insecure. What is more, the author has, by means of this code, demonstrated that he is not equipped to not write crypto code.

So, how insecure is this code? Well, it featured on Crypto Fails.

@joshhartman, please don't try to fix this class, just scrape it. Use a well known, widely reviewed, standard implementation instead.

@xcount
Copy link

xcount commented Jun 1, 2017

The above class is deprecated in php 7.1
Could someone upgrade?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment