Encrypting strings in PHP

Question

Currently im using

$key="pass";
$val="secret";
$encp=mcrypt_encrypt(MCRYPT_DES, $key, $val, MCRYPT_MODE_ECB);

But when i call printf($encp) No value is displayed,im using PHP version 5.2.17

Is there a better way to do it.Please help.

EDIT:

<?PHP

    define('SECURE_KEY','Somekey');

    function encrypt($value){
        $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
        $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
        return mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SECURE_KEY, $value, MCRYPT_MODE_ECB, $iv);
    }

    function decrypt($value){
        $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
        $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
        return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, SECURE_KEY, $value, MCRYPT_MODE_ECB, $iv));
    }
    $temp=encrypt("teststring");
    printf($temp);
    ?>

Add a complete code please ... missing $hash , $key and '$val` ... — Baba
– Baba, Commented Apr 14, 2012 at 15:48
see these different approaches in encryptoin...php.net/manual/en/function.mcrypt-encrypt.php — Computer_Engineer
– Computer_Engineer, Commented Apr 14, 2012 at 15:51

Lawrence Cherone · Accepted Answer · 2017-09-27 01:50:47Z

5

Update (27/09/17):

Since mcrypt_encrypt is DEPRECATED as of PHP 7.1.0. Ive added a simple encrypt/decrypt using openssl.

function encrypt($string, $key = 'PrivateKey', $secret = 'SecretKey', $method = 'AES-256-CBC') {
    // hash
    $key = hash('sha256', $key);
    // create iv - encrypt method AES-256-CBC expects 16 bytes
    $iv = substr(hash('sha256', $secret), 0, 16);
    // encrypt
    $output = openssl_encrypt($string, $method, $key, 0, $iv);
    // encode
    return base64_encode($output);
}

function decrypt($string, $key = 'PrivateKey', $secret = 'SecretKey', $method = 'AES-256-CBC') {
    // hash
    $key = hash('sha256', $key);
    // create iv - encrypt method AES-256-CBC expects 16 bytes
    $iv = substr(hash('sha256', $secret), 0, 16);
    // decode
    $string = base64_decode($string);
    // decrypt
    return openssl_decrypt($string, $method, $key, 0, $iv);
}

$str = 'Encrypt this text';
echo "Plain: " .$str. "\n";

// encrypt
$encrypted_str = encrypt($str);
echo "Encrypted: " .$encrypted_str. "\n";

// decrypt
$decrypted_str = decrypt($encrypted_str);
echo "Decrypted: " .$decrypted_str. "\n";

Try these: (PHP < 7.1.0) If your using > PHP 7.1.0 see above.

define('SECURE_KEY','Somekey');//Assigned within a config, pref outside of root dir

function encrypt($value){
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    return mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SECURE_KEY, $value, MCRYPT_MODE_ECB, $iv);
}

function decrypt($value){
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, SECURE_KEY, $value, MCRYPT_MODE_ECB, $iv));
}
//Simple usage
$encryptedString = encrypt('This String Will Be encrypted');
echo decrypt($encryptedString);

Edited from source - http://php.net/manual/en/function.mcrypt-encrypt.php

edited Sep 27, 2017 at 1:50

answered Apr 14, 2012 at 15:50

Lawrence Cherone

46.7k7 gold badges66 silver badges107 bronze badges

Sign up to request clarification or add additional context in comments.

12 Comments

techno Over a year ago

How to assign values to SECURE_KEY and Somekey

Lawrence Cherone Over a year ago

define('SECURE_KEY','SomeOtherKeyOrSecretCodeNotGreaterThen32Chars');

techno Over a year ago

How to give values to SECURE_KEY and SomeKey

Lawrence Cherone Over a year ago

@techno not sure what you mean, once a constant is defined then its usable to full scope

techno Over a year ago

I mean if want to assign 'password; to SECURE_KEY.How to do it?

|

atiruz · Accepted Answer · 2014-03-25 20:24:35Z

0

Try these PHP functions convert_uuencode and convert_uudecode:

function encrypt_decrypt ($data, $encrypt) {
    if ($encrypt == true) {
        $output = base64_encode (convert_uuencode ($data));
    } else {
        $output = convert_uudecode (base64_decode ($data));
    }
    return $output;
}

$enc_txt = encrypt_decrypt ("PASSWORD TEXT", true);
echo $enc_txt."\n";
// LTQkJTM0VT0vNEQwQDUkNTg1YGBgCmAK
echo encrypt_decrypt ($enc_txt, false);
// PASSWORD TEXT

This is much simpler and does not depend on libraries installed in PHP

answered Mar 25, 2014 at 20:24

atiruz

2,87830 silver badges37 bronze badges

2 Comments

ejfrancis Over a year ago

I wouldn't recommend this unless we know what the situation is. This alters the text, but it's essentially as secure as plaintext

ejfrancis Over a year ago

for passwords you should use mcrypt and your choice of cipher although Bcrypt is popular for a reason. PHP 5.5+ has built in functionality for this with unique salts for each password, if you want backwards compatibility in php 5.4 you can use this library github.com/ircmaxell/password_compat

Collectives™ on Stack Overflow

Encrypting strings in PHP

2 Answers 2

Update (27/09/17):

12 Comments

2 Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

2 Answers 2

Update (27/09/17):

12 Comments

2 Comments

Your Answer

Sign up or log in

Post as a guest

Related