2

I need to decrypt encrypted POST value strings with the aid of a secret static key.

I have had a look into crypt() (but it's only one-way) and Mcrypt, GnuPG,... but I'm not happy with them. I think they are to complex for my simple issue. What should I use? I don't need IV shapes or super safe algorithms. Is there any basic PHP function, that I don't know yet?

I just need to hide image pathes from users like that: ImageJPEG(ImageCreateFromJPEG( decode($_REQUEST['encryptedImage'],'secret Key') ));

Improve this question
1
  • simple Mcrypt solution: function simple_encrypt($text, $salt) { return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)))); } function simple_decrypt($text, $salt) { return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $salt, base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))); } Commented May 10, 2012 at 15:09

3 Answers 3

Reset to default
4

Update (27/09/17):

Since mcrypt_encrypt is DEPRECATED as of PHP 7.1.0. Ive added a simple encrypt/decrypt using openssl.

function encrypt($string, $key = 'PrivateKey', $secret = 'SecretKey', $method = 'AES-256-CBC') {
    // hash
    $key = hash('sha256', $key);
    // create iv - encrypt method AES-256-CBC expects 16 bytes
    $iv = substr(hash('sha256', $secret), 0, 16);
    // encrypt
    $output = openssl_encrypt($string, $method, $key, 0, $iv);
    // encode
    return base64_encode($output);
}

function decrypt($string, $key = 'PrivateKey', $secret = 'SecretKey', $method = 'AES-256-CBC') {
    // hash
    $key = hash('sha256', $key);
    // create iv - encrypt method AES-256-CBC expects 16 bytes
    $iv = substr(hash('sha256', $secret), 0, 16);
    // decode
    $string = base64_decode($string);
    // decrypt
    return openssl_decrypt($string, $method, $key, 0, $iv);
}

$str = 'Encrypt this text';
echo "Plain: " .$str. "\n";

// encrypt
$encrypted_str = encrypt($str);
echo "Encrypted: " .$encrypted_str. "\n";

// decrypt
$decrypted_str = decrypt($encrypted_str);
echo "Decrypted: " .$decrypted_str. "\n";

Original Answer:

Cant get simpler then this: (PHP < 7.1.0):

<?php 
define('SECRET',md5('Some secret key'));

function encrypt($value){
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    return mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SECRET, $value, MCRYPT_MODE_ECB, $iv);
}

function decrypt($value){
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, SECRET, $value, MCRYPT_MODE_ECB, $iv));
}

?>
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Also can't get much more vulnerable than it either. Let's see. Using ECB (big no-no). Using Rijndael 256 instead of 128 (which would be AES). Not authenticating. Not padding. Yeah. So no... Don't do this. Just use a library (Zend\Crypt\BlockCipher is a great choice).
Decrypt this: U09DUlR5TllGbXNKdVRWVHg2ZnNCQT09 using the above functions.
0

You could just wrap up the built in functions to make them more friendly. Like in the second user post on the doc page for mcrypt_cbc:

<?php
$stuff="String to enc/enc/dec/dec =,=,";
$key="XiTo74dOO09N48YeUmuvbL0E";

function nl() {
    echo "<br/> \n";
}
$iv = mcrypt_create_iv (mcrypt_get_block_size (MCRYPT_TripleDES, MCRYPT_MODE_CBC), MCRYPT_DEV_RANDOM);

// Encrypting
function encrypt($string, $key) {
    $enc = "";
    global $iv;
    $enc=mcrypt_cbc (MCRYPT_TripleDES, $key, $string, MCRYPT_ENCRYPT, $iv);

  return base64_encode($enc);
}

// Decrypting
function decrypt($string, $key) {
    $dec = "";
    $string = trim(base64_decode($string));
    global $iv;
    $dec = mcrypt_cbc (MCRYPT_TripleDES, $key, $string, MCRYPT_DECRYPT, $iv);
  return $dec;
}

$encrypted = encrypt($stuff, $key);
$decrypted = decrypt($encrypted, $key);

echo "Encrypted is ".$encrypted . nl();
echo "Decrypted is ".$decrypted . nl();
?>
Improve this answer

Comments

0

This is the only basic built in function I know of. 

$string = "/path/img.jpg";

$scramble = str_rot13($string);

echo "<p>Scrambled: ".$scramble;

echo "<p>Unscrambled: ".str_rot13($scramble);
Improve this answer

1 Comment

@Tom yes I only suggested it as the OP wanted to hide the image paths, I dont think from just looking at a string you'd instantly know it was passed through str_rot13. I would suggest writing own rotation function but thought I'd suggest the most basic option.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.