Skip to content

Instantly share code, notes, and snippets.

@joshhartman

joshhartman/crypt.class.php

Last active Feb 19, 2019
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Rijndael 256-bit Encryption (CBC) Class
Raw
crypt.class.php
<?php
class Crypt {
private $key;
function __construct($key){
$this->setKey($key);
}
public function encrypt($encrypt){
$encrypt = serialize($encrypt);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM);
$key = pack('H*', $this->key);
$mac = hash_hmac('sha256', $encrypt, substr($this->key, -32));
$passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt . $mac, MCRYPT_MODE_CBC, $iv);
$encoded = base64_encode($passcrypt) . '|' . base64_encode($iv);
return $encoded;
}
public function decrypt($decrypt){
$decrypt = explode('|', $decrypt.'|');
$decoded = base64_decode($decrypt[0]);
$iv = base64_decode($decrypt[1]);
if(strlen($iv)!==mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC)){ return false; }
$key = pack('H*', $this->key);
$decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_CBC, $iv));
$mac = substr($decrypted, -64);
$decrypted = substr($decrypted, 0, -64);
$calcmac = hash_hmac('sha256', $decrypted, substr($this->key, -32));
if($calcmac !== $mac){
return false;
}
$decrypted = unserialize($decrypted);
return $decrypted;
}
public function setKey($key){
if(ctype_xdigit($key) && strlen($key) === 64){
$this->key = $key;
}else{
trigger_error('Invalid key. Key must be a 32-byte (64 character) hexadecimal string.', E_USER_ERROR);
}
}
}
$crypt = new Crypt('d0a7e7997b6d5fcd55f4b5c32611b87cd923e88837b63bf2941ef819dc8ca282');
echo '<h1>Rijndael 256-bit CBC Encryption Function</h1>';
$data = 'Super secret confidential string data.';
$encrypted_data = $crypt->encrypt($data);
echo '<h2>Example #1: String Data</h2>';
echo 'Data to be Encrypted: ' . $data . '<br/>';
echo 'Encrypted Data: ' . $encrypted_data . '<br/>';
echo 'Decrypted Data: ' . $crypt->decrypt($encrypted_data) . '</br>';
$data = array(1, 5, 8, new DateTime(), 22, 10, 61, array('apple' => array('red', 'green')));
$encrypted_data = $crypt->encrypt($data);
echo '<h2>Example #2: Non-String Data</h2>';
echo 'Data to be Encrypted: <pre>';
print_r($data);
echo '</pre><br/>';
echo 'Encrypted Data: ' . $encrypted_data . '<br/>';
echo 'Decrypted Data: <pre>';
print_r($crypt->decrypt($encrypted_data));
echo '</pre>';
@twicejr

This comment has been minimized.

Sign in to view
Copy link

@twicejr twicejr commented May 1, 2014

Is the hash_hmac necessary with CBC? I thought not, but correct me if I'm wrong.
@jamesaspence

This comment has been minimized.

Sign in to view
Copy link

@jamesaspence jamesaspence commented Jul 13, 2015

Do you have this in a repository somewhere? I'd love to have you included as a dependency (to ensure you get full credit!), but I currently have you linked in the PHPDoc at the top of the class.
@Harmond

This comment has been minimized.

Sign in to view
Copy link

@Harmond Harmond commented Sep 12, 2015

Do not roll your own crypto.
For all those considering using this class... DON'T! It is insecure. What is more, the author has, by means of this code, demonstrated that he is not equipped to not write crypto code.

So, how insecure is this code? Well, it featured on Crypto Fails.

@joshhartman, please don't try to fix this class, just scrape it. Use a well known, widely reviewed, standard implementation instead.
@ghost

This comment has been minimized.

Sign in to view
Copy link

@ghost ghost commented Jun 1, 2017

The above class is deprecated in php 7.1
Could someone upgrade?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.