Last active
July 27, 2024 02:51
-
-
Save turret-io/957e82d44fd6f4493533 to your computer and use it in GitHub Desktop.
AES encryption/decryption in PHP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// DEFINE our cipher | |
define('AES_256_CBC', 'aes-256-cbc'); | |
// Generate a 256-bit encryption key | |
// This should be stored somewhere instead of recreating it each time | |
$encryption_key = openssl_random_pseudo_bytes(32); | |
// Generate an initialization vector | |
// This *MUST* be available for decryption as well | |
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length(AES_256_CBC)); | |
// Create some data to encrypt | |
$data = "Encrypt me, please!"; | |
echo "Before encryption: $data\n"; | |
// Encrypt $data using aes-256-cbc cipher with the given encryption key and | |
// our initialization vector. The 0 gives us the default options, but can | |
// be changed to OPENSSL_RAW_DATA or OPENSSL_ZERO_PADDING | |
$encrypted = openssl_encrypt($data, AES_256_CBC, $encryption_key, 0, $iv); | |
echo "Encrypted: $encrypted\n"; | |
// If we lose the $iv variable, we can't decrypt this, so: | |
// - $encrypted is already base64-encoded from openssl_encrypt | |
// - Append a separator that we know won't exist in base64, ":" | |
// - And then append a base64-encoded $iv | |
$encrypted = $encrypted . ':' . base64_encode($iv); | |
// To decrypt, separate the encrypted data from the initialization vector ($iv). | |
$parts = explode(':', $encrypted); | |
// $parts[0] = encrypted data | |
// $parts[1] = base-64 encoded initialization vector | |
// Don't forget to base64-decode the $iv before feeding it back to | |
//openssl_decrypt | |
$decrypted = openssl_decrypt($parts[0], AES_256_CBC, $encryption_key, 0, base64_decode($parts[1])); | |
echo "Decrypted: $decrypted\n"; | |
?> |
thanks a lot 👍
Hi! Please give advice on how to make it into AES 256 GCM?
thank you so much it working fine
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
function decrypt($data, $key) {
return openssl_decrypt(base64_decode($data), 'aes-128-ecb', $key, OPENSSL_PKCS1_PADDING);
}