0

Is there a simple function in PHP other than mcrypt() that can encrypt and decrypt a string.

I was trying out the code below, but that's too much for what I'm trying to do.

I'm trying to encrypt page numbers that are sent with a URL, so users will not be able to access a page simply by making changes to the page number in the browsers location bar. My page number has some other data too, that I do not want visible to users.

Example: http://www.example.com/p10:05 to http://www.example.com/895f852d22d558esc23

I don't need such high level encryption and decryption like in the code below. Just something that can do like in my example is sufficient.

Another reason I do not like using mcrypt, is because of the 2 == it adds to the end of a string.

$salt ='iodine';

    function simple_encrypt($text)
    {
        global $salt;
        return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
    }

    function simple_decrypt($text)
    {
        global $salt;
        return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $salt, base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
    }

    echo simple_encrypt('Hello')
Improve this question
9
  • In my opinion it's go big or go home. But I can see your point. Is the base64 encryption alone not enough? Commented Jun 21, 2014 at 15:15
  • 1
    The == is nothing to do with mcrypt, it's how base64 pads a string out to a multiple of 3 bytes. Commented Jun 21, 2014 at 15:17
  • 1
    @Matt base64 isn't an encryption, it's an encoding Commented Jun 21, 2014 at 15:17
  • yeah, sorry, i just saw that. My bad Commented Jun 21, 2014 at 15:18
  • 1
    One alternative would be to have a lookup table (an array in the user's session, or a permanent list in your DB) with completely random tokens mapped to whatever data you want. Instead of sending the user data they're not allowed to understand, just don't send that data at all. Commented Jun 21, 2014 at 15:20

1 Answer 1

Reset to default
2

MCrypt does not add those == characters to the string, the base 64 encoding does. It is possible to simply remove them. Just make sure that the base64 string is a multiple of 4 characters by adding them back again when the string is received.

Base 64 can contain the '/' and '+' characters by default (depending on the input). Replace them with URL safe - and _ characters.

The code shows MCRYPT_RIJNDAEL_256 which is not AES; it is Rijndael with a 256 bit block size. Using MCRYPT_RIJNDAEL_128 - which is AES - would be better. This still allows the code to encrypt up to 16 character number values and it will decrease the output size.

There is no need to generate an IV if ECB mode is used, so remove that part of the method. There is no need to add unnecessary work for the system random number generator.

The $salt value is actually the key value, better name it as such to avoid confusion.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Does this solve your question? If so, please indicate by accepting or by indicating why it doesn't, of course.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.