Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

A Guide to Cryptography in PHP : Page 2

This comprehensive guide discusses where to get, how to install, and how to use the various cryptography packages available to enhance the security of your PHP applications.


advertisement
Encrypting Large Data with MCrypt
MCrypt allows developers to encrypt files or data streams using any of a large number of encryption functions without having to be cryptographers. MCrypt supports a wide variety of block algorithms such as Blowfish, DES, TripleDES, SAFER-SK128, TWOFISH, TEA, RC2, 3-WAY, SAFER-SK64, and several "modes of operation." Normally a block chipper such as MCrypt operates on data blocks of fixed length, often 64 or 128 bits. But because messages may be of any length, and because encrypting the same plaintext using the same key always produces the same output, several solutions have been invented that allow block ciphers to provide confidentiality for messages of arbitrary length. These solutions are known as modes of operation. The modes supported by MCrypt include: CBC, CFB, CTR, ECB, OFB, and NCFB.

The companion library for MCrypt is Libmcrypt, which contains the actual encryption functions themselves. Windows users can download it here, while Linux users can get it here.

Author's Note: If you are using PHP 5.0.0 you will also need libmcrypt Version 2.5.6 or greater.

Installing Libmcrypt:

  1. Download libmcrypt.dll.
  2. Copy the libmcrypt.dll file to {php_home}/ext and {Windows_home}/System32.
  3. In php.ini activate the extension=php_mcrypt.dll line by deleting the comment mark (";").
  4. Save the updated php.ini file.
Author's Note: For Linux, you have to download the libmcrypt-x.x.tar.gz file and follow the included installation instructions.

MCrypt can operate with the four cipher modes CBC, OFB, CFB, and ECB. If you are using a libmcrypt-2.4.x version or higher, then MCrypt functions also operate with the nOFB and STREAM cipher modes. Table 2 shows the most commonly-used encryption modes, along with a short description of when to use each.

Table 2. Commonly-Used MCrypt Modes: These cipher modes all operate with MCrypt, and are useful in different situations.
Encryption Mode Description
MCRYPT_MODE_ECB Use with random data. You can use this mode to encrypt different keys.
MCRYPT_MODE_CBC Used for encrypting files.
MCRYPT_MODE_CFB Recommended for encrypting byte streams.
MCRYPT_MODE_OFB Used specifically in applications where error propagation is not accepted.
MCRYPT_MODE_NOFB Comparable with OFB, but more secure.
MCRYPT_MODE_STREAM Use when you need stream algorithms such as WAKE or RC4.

In addition to the modes listed in Table 2, MCrypt also currently supports these ciphers:

  • MCRYPT_3DES
  • MCRYPT_ARCFOUR
  • MCRYPT_BLOWFISH
  • MCRYPT_ENIGMA
  • MCRYPT_GOST
  • MCRYPT_IDEA (non-free)
  • MCRYPT_LOKI97
  • MCRYPT_MARS
  • MCRYPT_PANAMA
  • MCRYPT_RIJNDAEL_128
Author's Note: Because the list of supported ciphers can change over time, you should periodically check this list of the currently supported ciphers .

MCrypt Example
Here's an example that shows how to encrypt and decrypt the contents of a text file using MCrypt. Again, the example encrypts the contents of textfile.txt and stores the encrypted result in the file encrypted.txt. However, this example also decrypts that file and stores the unencrypted text in the file newfile.txt:

// Listing file_encrypt.php <?php $file = 'textfile.txt'; $initial_contents = file_get_contents($file); if($initial_contents){ //This function opens the module of the algorithm and the mode to be used $td = mcrypt_module_open('tripledes', '', 'ecb', ''); //Create an initialization vector (IV) from a random source $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND); //This function initializes all buffers needed for encryption mcrypt_generic_init($td, $initial_contents, $iv); //This function encrypts data $encrypted_data = mcrypt_generic($td, $initial_contents); $encrypted_file = @fopen('encrypted.txt','w'); $ok_encrypt = @fwrite($encrypted_file,$encrypted_data); if($ok_encrypt){ echo 'The encrypted code was succesfully created '. 'in encrypted_file.txt!!!'.'<br />'; } else{ echo ("The write of this file failed!"); } @fclose($encrypted_file); mcrypt_generic_init($td, $initial_contents, $iv); //This function decrypts data $p_t = mdecrypt_generic($td, $encrypted_data); $newfile = @fopen('newfile.txt','w'); $ok_decrypt = @fwrite($newfile,$p_t); if($ok_decrypt){ echo 'The decrypted code was succesfully created '. 'in newfile.txt!!!'.'<br />'; } else{ echo ("The write of this file failed!"); } @fclose($newfile); //This function deinitializes an encryption module mcrypt_generic_deinit($td); //Close the mcrypt module mcrypt_module_close($td); } ?>



Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap