Last active
February 5, 2025 23:28
-
-
Save kmuenkel/0677faf29f97e4be4c2c7010b2607904 to your computer and use it in GitHub Desktop.
AES Encryption: Handle encryption in the same manor as MySQL's AES_ENCRYPT() and AES_DECRYPT() functions, using openssl instead of the deprecated mcrypt.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if (!function_exists('mysql_aes_key')) { | |
| /** | |
| * Produce a version of the AES key in the same manor as MySQL | |
| * | |
| * @param string $key | |
| * @return string | |
| * @see https://www.smashingmagazine.com/2012/05/replicating-mysql-aes-encryption-methods-with-php/ | |
| */ | |
| function mysql_aes_key($key) | |
| { | |
| $bytes = 16; | |
| $newKey = str_repeat(chr(0), $bytes); | |
| $length = strlen($key); | |
| for ($i = 0; $i < $length; $i++) { | |
| $index = $i % $bytes; | |
| $newKey[$index] = $newKey[$index] ^ $key[$i]; | |
| } | |
| return $newKey; | |
| } | |
| } | |
| if (!function_exists('aes_encrypt')) { | |
| /** | |
| * Programmatically mimic a MySQL AES_ENCRYPT() action as a way of avoiding unnecessary database calls | |
| * | |
| * @param string $decrypted | |
| * @param string $cypher | |
| * @param bool $mySqlKey | |
| * @return string | |
| */ | |
| function aes_encrypt($decrypted, $cypher = null, $mySqlKey = true) | |
| { | |
| static $encryptedValues = []; //Avoid encrypting a previously encrypted value | |
| if (array_key_exists($decrypted, $encryptedValues)) { | |
| return $encryptedValues[$decrypted]; | |
| } elseif (in_array($decrypted, $encryptedValues)) { | |
| return $decrypted; | |
| } | |
| if (!($salt = getenv('SALT'))) { | |
| throw new \LogicException('Missing encryption salt.'); | |
| } | |
| $key = $mySqlKey ? mysql_aes_key($salt) : $salt; | |
| $cypher = $cypher ?: 'aes-128-ecb'; | |
| $encrypted = openssl_encrypt($decrypted, $cypher, $key, OPENSSL_RAW_DATA); | |
| $encryptedValues[$decrypted] = $encrypted; | |
| return $encrypted; | |
| } | |
| } | |
| if (!function_exists('aes_decrypt')) { | |
| /** | |
| * Programmatically mimic a MySQL AES_DECRYPT() action as a way of avoiding unnecessary database calls | |
| * | |
| * @param string $encrypted | |
| * @param string $cypher | |
| * @param bool $mySqlKey | |
| * @return string | |
| */ | |
| function aes_decrypt($encrypted, $cypher = null, $mySqlKey = true) | |
| { | |
| static $decryptedValues = []; //Avoid decrypting a previously decrypted value | |
| if (array_key_exists($encrypted, $decryptedValues)) { | |
| return $decryptedValues[$encrypted]; | |
| } elseif (in_array($encrypted, $decryptedValues)) { | |
| return $encrypted; | |
| } | |
| if (!($salt = getenv('SALT'))) { | |
| throw new \LogicException('Missing encryption salt.'); | |
| } | |
| $key = $mySqlKey ? mysql_aes_key($salt) : $salt; | |
| $cypher = $cypher ?: 'aes-128-ecb'; | |
| $decrypted = openssl_decrypt($encrypted, $cypher, $key, OPENSSL_RAW_DATA); | |
| $decryptedValues[$encrypted] = $decrypted; | |
| return $decrypted; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment