Encrypt a string in PHP where the output is URL safe

Question

I have a requirement where I need to move a string from one place to another via GET. e.g. example.com?string=ENCRYPTED_STRING

Is there a algorithm or some other method to encrypt the string so it is URL safe?

By that I mean it will not have characters like = or & ...

I have tried openssl with AES-256-CBC but no luck.

The data is not overly very sensitive but I would prefer to obfuscate it in someway.

php.net/manual/en/function.urlencode.php after encrypt?

AbraCadaver
– AbraCadaver

2015-10-22 20:45:50 +00:00
Commented Oct 22, 2015 at 20:45 — AbraCadaver
– AbraCadaver, Commented Oct 22, 2015 at 20:45
Spot on AbraCadaver. Thank you.

Cynapsys
– Cynapsys

2015-10-22 21:42:55 +00:00
Commented Oct 22, 2015 at 21:42 — Cynapsys
– Cynapsys, Commented Oct 22, 2015 at 21:42

Community · Accepted Answer · 2017-05-23 12:29:55Z

2

Oh hey, I've actually done this in one of my applications. My code looks a lot different (because of my custom tools, it's a one-liner), but works basically like this (uses defuse/php-encryption):

use \Defuse\Crypto\Crypto;

$url = "/my/endpoint?".http_build_query([
    'something' => base64_encode(
        Crypto::encrypt('my_secret_info', CRYPTO_SECRET_KEY)
    )
]);
// Then you can either use $url in header('Location: '.$url) or in an HTML link safely.

Further reading:

base64_encode()
http_build_query()
urlencode() (if you don't want to use http_build_query())
Why you want authenticated encryption (which defuse/php-encryption provides) rather than just encryption (which OpenSSL's AES-CBC provides)

Footnote: If you (or anyone else) want a short encrypted URL parameter, read this answer instead. (I know what's not what you were asking for, but just in case someone finds this question years down the line...)

edited May 23, 2017 at 12:29

CommunityBot

11 silver badge

answered Oct 22, 2015 at 21:42

Scott Arciszewski

34.3k17 gold badges94 silver badges212 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Cédric · Accepted Answer · 2015-10-22 21:09:03Z

-1

The code below allow you to encrypt (alpha/num) and decrypt a string. But you need Mcrypt php module installed to make it run.

static public function encrypt($text){
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);                                                                           
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $key = "useasuperkey";

    return (bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv)));
}

static public function decrypt($text){
    $len = strlen($text);  
    $text = pack("H" . $len, $text);
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);                                                                           
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $key = "useasuperkey";

    return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv));
}

answered Oct 22, 2015 at 21:09

Cédric

4113 silver badges9 bronze badges

1 Comment

Scott Arciszewski Over a year ago

stackoverflow.com/a/32930299/2224584 + stackoverflow.com/a/32889090/2224584

Arthur Gelcer · Accepted Answer · 2020-10-06 20:17:56Z

-1

I had to do exactly same thing.

My solution was encrypting string with openssl_encrypt($str, "AES-128-CBC", $key).

Then sending the URL using url_encode($str).

Destination page decodes data with openssl_decrypt($str, "AES-128-CBC", $key)

answered Oct 6, 2020 at 20:17

Arthur Gelcer

792 silver badges8 bronze badges

Collectives™ on Stack Overflow

Encrypt a string in PHP where the output is URL safe

3 Answers 3

Comments

1 Comment

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

3 Answers 3

Comments

1 Comment

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related