This class provides encryption and decryption possibilities to store sensitive data or personal information in a secure way.

UserShield.php

<?php
declare(strict_types=1);

namespace Dragonbe\Utility;

use Exception;

/**
 * This class provides two-way encryption and decryption
 * possibilities to store sensitive data or personal
 * information in a secure way.
 *
 * Based on the code provided by Meridian Outpost, LLC
 * @link https://www.meridianoutpost.com/resources/articles/programming/PHP-how-to-encrypt-decrypt-data.php
 */
final class UserShield
{
    /**
     * The cypher algorithm to be used for encryption and
     * decryption of data.
     */
    private const CYPHER_ALGO = 'AES-256-CBC';

    /**
     * The delimiter used to separate the cypher text from
     * the initialization vector.
     */
    private const CYPHER_DELIMITER = '::';

    /**
     * The default key length to use when generating
     * a private key
     */
    public const PRIVATE_KEY_LENGTH = 24;

    /**
     * The user provided encryption key to encrypt and decrypt
     * the data stored.
     *
     * @var string
     */
    private string $encryptionKey;

    /**
     * Constructor for this class
     *
     * @param string $encryptionKey
     */
    public function __construct(string $encryptionKey)
    {
        $this->encryptionKey = $encryptionKey;
    }

    /**
     * Class method to encrypt clear text information, which is
     * provided as an argument.
     *
     * @param string $clearText
     * @return string
     */
    public function encrypt(string $clearText): string
    {
        return self::encryptIt($this->encryptionKey, $clearText);
    }

    /**
     * Class method to decrypt cypher text, which is provided
     * as an argument.
     *
     * @param string $cypherText
     * @return string
     */
    public function decrypt(string $cypherText): string
    {
        return self::decryptIt($this->encryptionKey, $cypherText);
    }

    /**
     * Method to encrypt clear text string using a private
     * key and returns the cypher text.
     *
     * @param string $privateKey
     * @param string $clearText
     * @return string
     * @static
     */
    public static function encryptIt(string $privateKey, string $clearText): string
    {
        $encryptionKey = base64_encode($privateKey);
        $initVector = openssl_random_pseudo_bytes(openssl_cipher_iv_length(self::CYPHER_ALGO));
        $cypherText = openssl_encrypt($clearText, self::CYPHER_ALGO, $encryptionKey, 0, $initVector);
        return base64_encode($cypherText . self::CYPHER_DELIMITER . $initVector);
    }

    /**
     * Method to decrypt cypher text data using a private
     * key and returns the clear text value.
     *
     * @param string $privateKey
     * @param string $cypherText
     * @return string
     * @static
     */
    public static function decryptIt(string $privateKey, string $cypherText): string
    {
        $decryptionKey = base64_decode($privateKey);
        list($encryptedData, $initVector ) = array_pad(explode(self::CYPHER_DELIMITER, base64_decode($cypherText), 2), 2, null);
        return openssl_decrypt($encryptedData, self::CYPHER_ALGO, $decryptionKey, 0, $initVector);
    }

    /**
     * Generates a strong, random generated private key, with
     * a provided key length
     *
     * @param int $keyLength
     * @return string
     * @throws Exception
     * @static 
     */
    public static function generatePrivateKey(int $keyLength = UserShield::PRIVATE_KEY_LENGTH): string
    {
        return bin2hex(random_bytes($keyLength));
    }
}