Author: John Conde
Updated on: 2020-06-19
Posted on: 2020-06-19
Package: PHP Simple Encryption and Decryption
When done incorrectly it can result in stolen data or unrecoverable information.
Read this tutorial article to learn how to use the PHP Simple Encryption and Decryption package to choose the right cryptography cipher and generating a secure IV, so you do not need to be an expert in cryptography.
In this article you will learn:
How to Secure Sensitive Data Using Cryptography?
How to Choose an Encryption Algorithm Cipher?
How to Generate the Initialization Vector (IV)?
How to use the PHP Simple Encryption and Decryption Class?
How to Avoid Inconvenient Cryptography Algorithm Ciphers?
Downloading All Package Files
Installing the Package with Composer
How to Secure Sensitive Data Using Cryptography?
When you have identified data that is considered sensitive, and should be encrypted when placed in storage, before you can encrypt that data you need to:
Choose an encryption algorithm cipher
Generate a secure random initialization vector (IV)
Use a secure network data transmission method like https or permanent storage container like a database or file storage.
How to Choose an Encryption Algorithm Cipher?
In PHP you can use the OpenSSL extension to encrypt your data. When using OpenSSL there are over 100 encryption ciphers available to choose from. So which do you choose? How do you know which algorithm is the safest? Or which ones are obsolete?
To take the guesswork away from choosing a secure encryption algorithm, the PHP Simple Encryption and Decryption package uses AES-256-CBC, a strong encryption algorithm by default.
If this encryption algorithm ever becomes compromised, the class will default to a newer and stronger algorithm.
You will still be able to decrypt existing data, but new data you encrypt will automatically gain the use of the latest in crypto ciphers. All you will need to do is update your PHP Simple Encryption library.
How to Generate the Initialization Vector (IV)?
Initialization vectors (IVs) are a critical element to generating truly secure encrypted data. The more random your IV is, the probability for an attacker to determine relationships between sets of encrypted data is lower.
A common mistake when attempting to use cryptography is generating a IV that is not really random.
In fact, it is not uncommon to see developers use the same IV over and over again, or even going so far as to hard code a specific IV into their projects.
The PHP Simple Encryption and Decryption class can generate a strong IV with only one line of code that ensures your IVs are strong and your encrypted data is secure.
How to use the PHP Simple Encryption and Decryption Class?
Using PHP Simple Encryption is as simple as:Including your vendor autoload script file into your project
Creating your PHP Simple Encryption and Decryption class object
Generating your IV
Encrypting your data
Example code for Encryption
use Encryption\Encryption; $text = 'The quick brown fox jumps over the lazy dog'; $key = 'secretkey'; $encryption = Encryption::getEncryptionObject(); $iv = $encryption->generateIv(); $encryptedText = $encryption->encrypt($text, $key, $iv); printf('Cipher : %s%s', $encryption->getName(), PHP_EOL); printf('IV : %s%s', base64_encode($iv), PHP_EOL); printf('Encrypted: %s%s', $encryptedText, PHP_EOL);
Sample output for encryption
Cipher : AES-256-CBC IV : QCLaYQ/+jUErSHzaq0ki6w== Encrypted: JmJDbHRd+4LfndWs7noGLz4JaUDx9jt8yBCeNNu5vBw4vU5EtFpHs3AAeDviyk8wNR28ZL0OcGis4ph5bKRKcA==
Note: Here we have encoded the IV using base64. Otherwise it would look like a bunch of gibberish on your screen.
Example Code for Decryption
As long you have stored your secret key and IV, you can easily decrypt your encrypted data like this:
use Encryption\Encryption; // $key and $IV were created when you encrypted the data $decryptedText = $encryption->decrypt($encryptedText, $key, $iv) printf('Decrypted: %s%s', $decryptedText, PHP_EOL);
How to Avoid Inconvenient Cryptography Algorithm Ciphers?
The PHP Simple Encryption and Decryption class library supports 127 crypto ciphers. However, not all of these are considered to be best practice to use.
Any cipher that uses ECB mode is considered not very safe to use. The Triple DES (3DES) algorithm is also obsolete as it can be compromised.
PHP Simple Encryption and Decryption class supports these ciphers to be compatible with any software project that may already be using these ciphers. It is not recommended that you use them in new projects.
Tips
- Make sure you choose a good secret key. It doesn't have to be as random as the IV, but that would help.
- Always generate a new IV for every piece of data you encrypt. Reusing IVs defeat the purpose of generating a strong, random IV.
- Do not generate your own IV. PHP Simple Encrypt uses the best options currently available in PHP. Anything you choose to create on your own will not be as strong.
Downloading All Package Files
If you want to use this package files in your development computer, you can just go here and download all package files in a single compressed archive in ZIP or tar.gz formats.
Installing the Package with Composer
If you want to use install this package files in your development or even in the production environment, you can just go here and find instructions to add this package to your projects' composer.json file.
You need to be a registered user or login to post a comment
1,558,385 PHP developers registered to the PHP Classes site.
Be One of Us!
Login Immediately with your account on:
Comments:
2. Unclear text - Sam Spickle (2020-06-19 12:41)
Some of the text is unclear (misleading?)... - 1 reply
Read the whole comment and replies
1. Storing the IV - Tofser (2020-06-19 07:04)
What's the best way to store the IV?... - 1 reply
Read the whole comment and replies