Last active
November 25, 2022 10:10
-
-
Save joshhartman/10342187 to your computer and use it in GitHub Desktop.
Rijndael 256-bit Encryption (CBC) Class
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
class Crypt { | |
private $key; | |
function __construct($key){ | |
$this->setKey($key); | |
} | |
public function encrypt($encrypt){ | |
$encrypt = serialize($encrypt); | |
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM); | |
$key = pack('H*', $this->key); | |
$mac = hash_hmac('sha256', $encrypt, substr($this->key, -32)); | |
$passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt . $mac, MCRYPT_MODE_CBC, $iv); | |
$encoded = base64_encode($passcrypt) . '|' . base64_encode($iv); | |
return $encoded; | |
} | |
public function decrypt($decrypt){ | |
$decrypt = explode('|', $decrypt.'|'); | |
$decoded = base64_decode($decrypt[0]); | |
$iv = base64_decode($decrypt[1]); | |
if(strlen($iv)!==mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC)){ return false; } | |
$key = pack('H*', $this->key); | |
$decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_CBC, $iv)); | |
$mac = substr($decrypted, -64); | |
$decrypted = substr($decrypted, 0, -64); | |
$calcmac = hash_hmac('sha256', $decrypted, substr($this->key, -32)); | |
if($calcmac !== $mac){ | |
return false; | |
} | |
$decrypted = unserialize($decrypted); | |
return $decrypted; | |
} | |
public function setKey($key){ | |
if(ctype_xdigit($key) && strlen($key) === 64){ | |
$this->key = $key; | |
}else{ | |
trigger_error('Invalid key. Key must be a 32-byte (64 character) hexadecimal string.', E_USER_ERROR); | |
} | |
} | |
} | |
$crypt = new Crypt('d0a7e7997b6d5fcd55f4b5c32611b87cd923e88837b63bf2941ef819dc8ca282'); | |
echo '<h1>Rijndael 256-bit CBC Encryption Function</h1>'; | |
$data = 'Super secret confidential string data.'; | |
$encrypted_data = $crypt->encrypt($data); | |
echo '<h2>Example #1: String Data</h2>'; | |
echo 'Data to be Encrypted: ' . $data . '<br/>'; | |
echo 'Encrypted Data: ' . $encrypted_data . '<br/>'; | |
echo 'Decrypted Data: ' . $crypt->decrypt($encrypted_data) . '</br>'; | |
$data = array(1, 5, 8, new DateTime(), 22, 10, 61, array('apple' => array('red', 'green'))); | |
$encrypted_data = $crypt->encrypt($data); | |
echo '<h2>Example #2: Non-String Data</h2>'; | |
echo 'Data to be Encrypted: <pre>'; | |
print_r($data); | |
echo '</pre><br/>'; | |
echo 'Encrypted Data: ' . $encrypted_data . '<br/>'; | |
echo 'Decrypted Data: <pre>'; | |
print_r($crypt->decrypt($encrypted_data)); | |
echo '</pre>'; |
Do you have this in a repository somewhere? I'd love to have you included as a dependency (to ensure you get full credit!), but I currently have you linked in the PHPDoc at the top of the class.
Do not roll your own crypto.
For all those considering using this class... DON'T! It is insecure. What is more, the author has, by means of this code, demonstrated that he is not equipped to not write crypto code.
So, how insecure is this code? Well, it featured on Crypto Fails.
@joshhartman, please don't try to fix this class, just scrape it. Use a well known, widely reviewed, standard implementation instead.
The above class is deprecated in php 7.1
Could someone upgrade?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is the hash_hmac necessary with CBC? I thought not, but correct me if I'm wrong.