OpenSSLEncryptDecrypt.php

/**
 * OpenSSL encrypt/decrypt for ProcessWire
 *
 * $encryptDecrypt = new \ProcessWire\OpenSSLencryptDecrypt();
 * $encrypted = $encryptDecrypt->encrypt('My Text');
 * $decrypted = $encryptDecrypt->decrypt($encrypted);
 */
class OpenSSLencryptDecrypt extends Wire {

	/**
	 * Encryption key
	 *
	 * @var string
	 */
	private $key;

	/**
	 * Maximum length of a variable that is allowed in the URL.
	 *
	 * @var integer
	 */
	private $maxVarLength = 512;

	/**
	 * Get the maximum length of a variable that is registered through the URL.
	 *
	 * @see Suhosin https://suhosin.org/stories/configuration.html#suhosin-get-max-value-length
	 * @return integer
	 */
	protected function maxGetVarLength() {
		if (extension_loaded("suhosin") && ini_get( "suhosin.get.max_value_length")) {
			return min($this->maxVarLength, ini_get( "suhosin.get.max_value_length" ));
		}
		return $this->maxVarLength;
	}

	/**
	 * Construct
	 *
	 * @param string $key
	 *
	 */
	public function __construct($key = '') {
		if (!$key) $key = $this->wire('config')->userAuthSalt;
		$this->key = $key;
	}

	/**
	 * Encrypt string
	 *
	 * @param string $text
	 * @param string $key Optional
	 * @return string
	 */
	public function encrypt($text, $key = '') {
		if (!$key) $key = $this->key;
		// Remove the base64 encoding from our key
		$encryption_key = base64_decode($key);
		// Generate an initialization vector
		$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
		// Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector.
		$encrypted = openssl_encrypt($text, 'aes-256-cbc', $key, 0, $iv);
		// The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)
		return strtr(base64_encode($encrypted . '::' . $iv), '+/=', '-_.');
	}

	/**
	 * Decrypt string
	 *
	 * @param string $text
	 * @param string $key Optional
	 * @return string
	 */
	public function decrypt($text, $key = '') {
		if (!$key) $key = $this->key;
		// Remove the base64 encoding from our key
		$encryption_key = base64_decode($key);
		// To decrypt, split the encrypted data from our IV - our unique separator used was "::"
		list($encrypted_data, $iv) = explode('::', base64_decode(strtr($text, '-_.', '+/=')), 2);
		return openssl_decrypt($encrypted_data, 'aes-256-cbc', $key, 0, $iv);
	}

	/**
	 * Encrypt text & convert to http query URL
	 *
	 * Allows huge text to be send encrypted using http_build_query(). Tested
	 * with a string with length of 180.000 characters.
	 *
	 * @param string $text
	 * @param string $key
	 * @return void
	 */
	public function encryptToGetVars($text, $key = '') {
		$text = $this->encrypt($text, $key);
		$step = $this->maxGetVarLength();
		$length = strlen($text);
		$steps = ceil($length / $step);
		$start = 0;
		$array = array();
		for ($i = 0; $i <= $steps; $i++) {
			$array['x' . dechex($i)] = substr($text, $i * $step, $step);
		}
		return http_build_query($array);
	}

	/**
	 * Decrypt from query string
	 *
	 * String formatted with http_build_query()
	 *
	 * @param string $text Query string
	 * @param string $key Optional
	 * @return string
	 */
	public function decryptFromGetVars($text, $key = '') {
		// Get vars from http query string
		parse_str($text, $array);
		return $this->decrypt(implode('', $array), $key);
	}
}