· 9 years ago · Aug 21, 2016, 06:26 AM
1function encrypt($string) {
2 $key = "mastermind";
3 $enc = encryptfunc($string, $key);
4
5 return $enc;
6}
7
8$methods = openssl_get_cipher_methods();
9
10var_dump($methods);
11
12$textToEncrypt = "he who doesn't do anything, doesn't go wrong -- Zeev Suraski";
13$secretKey = "glop";
14
15echo '<pre>';
16foreach ($methods as $method) {
17 $encrypted = openssl_encrypt($textToEncrypt, $method, $secretKey);
18 $decrypted = openssl_decrypt($encrypted, $method, $secretKey);
19 echo $method . ' : ' . $encrypted . ' ; ' . $decrypted . "n";
20}
21echo '</pre>';
22
23bf-ecb : /nyRYCzQPE1sunxSBclxXBd7p7gl1fUnE80gBCS1NM4s3wS1Eho6rFHOOR73V9UtnolYW+flbiCwIKa/DYh5CQ== ; he who doesn't do anything, doesn't go wrong -- Zeev Suraski
24bf-ofb : M9wwf140zhwHo98k8sj2MEXdogqXEQ+TjN81pebs2tmhNOsfU3jvMy91MBM76dWM7GVjeh95p8oDybDt ; he who doesn't do anything, doesn't go wrong -- Zeev Suraski
25cast5-cbc : xKgdC1y654PFYW1rIjdevu8MsQOegvJoZx0KmMwb8aCHFmznxIQVy1yvAWR3bZztvGCGrM84WkpbG33pZcxUiQ== ; he who doesn't do anything, doesn't go wrong -- Zeev Suraski
26cast5-cfb : t8ABR9mPvocRikrX0Kblq2rUXHiVnA/OnjR/mDJDq8+/nn6Z9yfPbpcpRat0lYqfVAcwlypT4A4KNq4S ; he who doesn't do anything, doesn't go wrong -- Zeev Suraski
27cast5-ecb : xKgdC1y654NIzRl9gJqbhYKtmJoXBoFpgLhwgdtPtYB7VZ1tRHLX0MjErtfREMJBAonp48zngSiTKlsKV0/WhQ== ; he who doesn't do anything, doesn't go wrong -- Zeev Suraski
28cast5-ofb : t8ABR9mPvofCv9+AKTcRO4Q0doYlavn8zRzLvV3dZk0niO7l20KloA4nUll4VN1B5n89T/IuGh9piPte ; he who doesn't do anything, doesn't go wrong -- Zeev Suraski
29des-cbc : WrCiOVPU1ipF+0trwXyVZ/6cxiNVft+TK2+vAP0E57b9smf9x/cZlQQ4531aDX778S3YJeP/5/YulADXoHT/+Q== ; he who doesn't do anything, doesn't go wrong -- Zeev Suraski
30des-cfb : cDDlaifQN+hGOnGJ2xvGna7y8+qRxwQG+1DJBwQm/4abKgdZYUczC4+aOPGesZM1nKXjgoqB4+KTxGNo ; he who doesn't do anything, doesn't go wrong -- Zeev Suraski
31
32/**
33 * Implements AES-256 encryption/decryption in CBC mode.
34 *
35 * PBKDF2 is used for creation of encryption key.
36 * HMAC is used to authenticate the encrypted message.
37 *
38 * Requires PHP 5.3 and higher
39 *
40 * Gist: https://gist.github.com/eugef/3d44b2e0a8a891432c65
41 */
42class McryptCipher
43{
44 const PBKDF2_HASH_ALGORITHM = 'SHA256';
45 const PBKDF2_ITERATIONS = 64000;
46 const PBKDF2_SALT_BYTE_SIZE = 32;
47 // 32 is the maximum supported key size for the MCRYPT_RIJNDAEL_128
48 const PBKDF2_HASH_BYTE_SIZE = 32;
49
50 /**
51 * @var string
52 */
53 private $password;
54
55 /**
56 * @var string
57 */
58 private $secureEncryptionKey;
59
60 /**
61 * @var string
62 */
63 private $secureHMACKey;
64
65 /**
66 * @var string
67 */
68 private $pbkdf2Salt;
69
70 public function __construct($password)
71 {
72 $this->password = $password;
73 }
74
75 /**
76 * Compares two strings.
77 *
78 * This method implements a constant-time algorithm to compare strings.
79 * Regardless of the used implementation, it will leak length information.
80 *
81 * @param string $knownHash The string of known length to compare against
82 * @param string $userHash The string that the user can control
83 *
84 * @return bool true if the two strings are the same, false otherwise
85 *
86 * @see https://github.com/symfony/security-core/blob/master/Util/StringUtils.php
87 */
88 private function equalHashes($knownHash, $userHash)
89 {
90 if (function_exists('hash_equals')) {
91 return hash_equals($knownHash, $userHash);
92 }
93
94 $knownLen = strlen($knownHash);
95 $userLen = strlen($userHash);
96
97 if ($userLen !== $knownLen) {
98 return false;
99 }
100
101 $result = 0;
102 for ($i = 0; $i < $knownLen; $i++) {
103 $result |= (ord($knownHash[$i]) ^ ord($userHash[$i]));
104 }
105
106 // They are only identical strings if $result is exactly 0...
107 return 0 === $result;
108 }
109
110 /**
111 * PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt
112 *
113 * Test vectors can be found here: https://www.ietf.org/rfc/rfc6070.txt
114 * This implementation of PBKDF2 was originally created by https://defuse.ca
115 * With improvements by http://www.variations-of-shadow.com
116 *
117 * @param string $algorithm The hash algorithm to use. Recommended: SHA256
118 * @param string $password The password
119 * @param string $salt A salt that is unique to the password
120 * @param int $count Iteration count. Higher is better, but slower. Recommended: At least 1000
121 * @param int $key_length The length of the derived key in bytes
122 * @param bool $raw_output If true, the key is returned in raw binary format. Hex encoded otherwise
123 * @return string A $key_length-byte key derived from the password and salt
124 *
125 * @see https://defuse.ca/php-pbkdf2.htm
126 */
127 private function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false)
128 {
129 $algorithm = strtolower($algorithm);
130 if (!in_array($algorithm, hash_algos(), true)) {
131 trigger_error('PBKDF2 ERROR: Invalid hash algorithm.', E_USER_ERROR);
132 }
133 if ($count <= 0 || $key_length <= 0) {
134 trigger_error('PBKDF2 ERROR: Invalid parameters.', E_USER_ERROR);
135 }
136
137 if (function_exists('hash_pbkdf2')) {
138 // The output length is in NIBBLES (4-bits) if $raw_output is false!
139 if (!$raw_output) {
140 $key_length *= 2;
141 }
142 return hash_pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output);
143 }
144
145 $hash_length = strlen(hash($algorithm, '', true));
146 $block_count = ceil($key_length / $hash_length);
147
148 $output = '';
149 for ($i = 1; $i <= $block_count; $i++) {
150 // $i encoded as 4 bytes, big endian.
151 $last = $salt . pack('N', $i);
152 // first iteration
153 $last = $xorsum = hash_hmac($algorithm, $last, $password, true);
154 // perform the other $count - 1 iterations
155 for ($j = 1; $j < $count; $j++) {
156 $xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true));
157 }
158 $output .= $xorsum;
159 }
160
161 if ($raw_output) {
162 return substr($output, 0, $key_length);
163 } else {
164 return bin2hex(substr($output, 0, $key_length));
165 }
166 }
167
168 /**
169 * Creates secure PBKDF2 derivatives out of the password.
170 *
171 * @param null $pbkdf2Salt
172 */
173 private function derivateSecureKeys($pbkdf2Salt = null)
174 {
175 if ($pbkdf2Salt) {
176 $this->pbkdf2Salt = $pbkdf2Salt;
177 }
178 else {
179 $this->pbkdf2Salt = mcrypt_create_iv(self::PBKDF2_SALT_BYTE_SIZE, MCRYPT_DEV_URANDOM);
180 }
181
182 list($this->secureEncryptionKey, $this->secureHMACKey) = str_split(
183 $this->pbkdf2(self::PBKDF2_HASH_ALGORITHM, $this->password, $this->pbkdf2Salt, self::PBKDF2_ITERATIONS, self::PBKDF2_HASH_BYTE_SIZE * 2, true),
184 self::PBKDF2_HASH_BYTE_SIZE
185 );
186 }
187
188 /**
189 * Calculates HMAC for the message.
190 *
191 * @param string $message
192 * @return string
193 */
194 private function hmac($message)
195 {
196 return hash_hmac(self::PBKDF2_HASH_ALGORITHM, $message, $this->secureHMACKey, true);
197 }
198
199 /**
200 * Encrypts the input text
201 *
202 * @param string $input
203 * @return string Format: hmac:pbkdf2Salt:iv:encryptedText
204 */
205 public function encrypt($input)
206 {
207 $this->derivateSecureKeys();
208
209 $mcryptIvSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
210
211 // By default mcrypt_create_iv() function uses /dev/random as a source of random values.
212 // If server has low entropy this source could be very slow.
213 // That is why here /dev/urandom is used.
214 $iv = mcrypt_create_iv($mcryptIvSize, MCRYPT_DEV_URANDOM);
215
216 $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->secureEncryptionKey, $input, MCRYPT_MODE_CBC, $iv);
217
218 $hmac = $this->hmac($this->pbkdf2Salt . $iv . $encrypted);
219
220 return implode(':', array(
221 base64_encode($hmac),
222 base64_encode($this->pbkdf2Salt),
223 base64_encode($iv),
224 base64_encode($encrypted)
225 ));
226 }
227
228 /**
229 * Decrypts the input text.
230 *
231 * @param string $input Format: hmac:pbkdf2Salt:iv:encryptedText
232 * @return string
233 */
234 public function decrypt($input)
235 {
236 list($hmac, $pbkdf2Salt, $iv, $encrypted) = explode(':', $input);
237
238 $hmac = base64_decode($hmac);
239 $pbkdf2Salt = base64_decode($pbkdf2Salt);
240 $iv = base64_decode($iv);
241 $encrypted = base64_decode($encrypted);
242
243 $this->derivateSecureKeys($pbkdf2Salt);
244
245 $calculatedHmac = $this->hmac($pbkdf2Salt . $iv . $encrypted);
246
247 if (!$this->equalHashes($calculatedHmac, $hmac)) {
248 trigger_error('HMAC ERROR: Invalid HMAC.', E_USER_ERROR);
249 }
250
251 // mcrypt_decrypt() pads the *RETURN STRING* with nulls ('�') to fill out to n * blocksize.
252 // rtrim() is used to delete them.
253 return rtrim(
254 mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->secureEncryptionKey, $encrypted, MCRYPT_MODE_CBC, $iv),
255 "�"
256 );
257 }
258
259}
260
261$c = new McryptCipher('secret key goes here');
262$encrypted = $c->encrypt('secret message');
263
264$decrypted = $c->decrypt($encrypted);
265
266function crypt($dataToEncrypt){
267 $appKey = '%39d15#13P0£df458asdc%/dfr_A!8792*dskjfzaesdfpopdfo45s4dqd8d4fsd+dfd4s"Z1';
268 $td = mcrypt_module_open(MCRYPT_SERPENT, '', MCRYPT_MODE_CBC, '');
269 // Creates IV and gets key size
270 $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
271 $ks = mcrypt_enc_get_key_size($td);
272
273 // Creates key from application key
274 $key = substr($appKey, 0, $ks);
275
276 // Initialization
277 mcrypt_generic_init($td, $key, $iv);
278
279 // Crypt data
280 $encrypted = mcrypt_generic($td, $dataToEncrypt);
281
282 // Close
283 mcrypt_generic_deinit($td);
284 mcrypt_module_close($td);
285 return array($encrypted, $iv);
286}
287
288function decrypt($encryptedData, $iv){
289 $appKey = '%39d15#13P0£df458asdc%/dfr_A!8792*dskjfzaesdfpopdfo45s4dqd8d4fsd+dfd4s"Z1';
290 $td = mcrypt_module_open(MCRYPT_SERPENT, '', MCRYPT_MODE_CBC, '');
291 // Gets key size
292 $ks = mcrypt_enc_get_key_size($td);
293
294 // Creates key from application key
295 $key = substr($appKey, 0, $ks);
296
297 // Initialization
298 mcrypt_generic_init($td, $key, $iv);
299
300 // Decrypt data
301 $decrypted = mdecrypt_generic($td, $encryptedData);
302
303 // Close
304 mcrypt_generic_deinit($td);
305 mcrypt_module_close($td);
306
307 return trim($decrypted);
308}
309
310class Cipher
311{
312
313 /**
314 ----------------------------------------------
315 Original Code by Eugene Fidelin
316 ----------------------------------------------
317 **/
318
319
320 private $key;
321 private $salt;
322 private $iv;
323
324 function __construct()
325 {
326
327 }
328
329 function set_salt( $salt )
330 {
331 $this->salt = $salt;
332 }
333
334 function generate_salt()
335 {
336 $this->salt = mcrypt_create_iv( 32, MCRYPT_DEV_RANDOM ); // abuse IV function for random salt
337 }
338
339 function set_iv( $iv )
340 {
341 $this->iv = $iv;
342 }
343
344 function generate_iv()
345 {
346 $this->iv = mcrypt_create_iv( mcrypt_get_iv_size( MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC ) );
347 }
348
349 function generate_key( $passphrase, $iterations = 10000, $length = 32 )
350 {
351 $this->key = hash_pbkdf2 ( 'sha256', $passphrase, $this->salt, $iterations, $length );
352 }
353
354 function get_key()
355 {
356 echo $this->key;
357 }
358
359 function encrypt( $plaintext )
360 {
361
362 $ciphertext = mcrypt_encrypt( MCRYPT_RIJNDAEL_128, $this->key, $plaintext, MCRYPT_MODE_CBC, $this->iv );
363
364 $data_return = array();
365 $data_return['iv'] = base64_encode( $this->iv );
366 $data_return['salt'] = base64_encode( $this->salt );
367 $data_return['ciphertext'] = base64_encode( $ciphertext );
368
369 return json_encode( $data_return );
370
371 }
372
373 function decrypt( $data_enciphered, $passphrase )
374 {
375
376 $data_decoded = json_decode( $data_enciphered, TRUE );
377
378 $this->set_iv( base64_decode( $data_decoded['iv'] ) );
379 $this->set_salt( base64_decode( $data_decoded['salt'] ) );
380 $this->generate_key( $passphrase );
381
382 $ciphertext = base64_decode( $data_decoded['ciphertext'] );
383
384 return trim( mcrypt_decrypt( MCRYPT_RIJNDAEL_128, $this->key, $ciphertext, MCRYPT_MODE_CBC, $this->iv ) );
385
386 }
387
388}
389
390
391$cipher = new Cipher();
392
393$cipher->generate_salt();
394$cipher->generate_iv();
395$cipher->generate_key( '123' ); // the key will be generated from the passphrase "123"
396// echo $cipher->get_key();
397
398$data_encrypted = $cipher->encrypt( 'hello' );
399
400
401echo 'encrypted:';
402echo '<pre>';
403print_r( $data_encrypted );
404echo '</pre>';
405
406
407unset( $cipher );
408
409echo 'decrypted:';
410
411$cipher = new Cipher();
412$decrypted = $cipher->decrypt( $data_encrypted, '123' );
413
414echo '<pre>';
415print_r( $decrypted );
416echo '</pre>';
417
418
419die();
420
421<?php
422
423require 'vendor/autoload.php';
424
425use CoreprocCryptoGuardCryptoGuard;
426
427// This passphrase should be consistent and will be used as your key to encrypt/decrypt
428// your string
429$passphrase = 'whatever-you-want';
430
431// Instantiate the CryptoGuard class
432$cryptoGuard = new CryptoGuard($passphrase);
433
434$stringToEncrypt = 'test';
435
436// This will spit out the encrypted text
437$encryptedText = $cryptoGuard->encrypt($stringToEncrypt);
438
439// This should give you back the string you encrypted
440echo $cryptoGuard->decrypt($encryptedText);