A Guide to Cryptography in PHP : Page 2

This comprehensive guide discusses where to get, how to install, and how to use the various cryptography packages available to enhance the security of your PHP applications.

by Octavia Andreea Anghel

May 2, 2008

Page 2 of 5

Encrypting Large Data with MCrypt
MCrypt allows developers to encrypt files or data streams using any of a large number of encryption functions without having to be cryptographers. MCrypt supports a wide variety of block algorithms such as Blowfish, DES, TripleDES, SAFER-SK128, TWOFISH, TEA, RC2, 3-WAY, SAFER-SK64, and several "modes of operation." Normally a block chipper such as MCrypt operates on data blocks of fixed length, often 64 or 128 bits. But because messages may be of any length, and because encrypting the same plaintext using the same key always produces the same output, several solutions have been invented that allow block ciphers to provide confidentiality for messages of arbitrary length. These solutions are known as modes of operation. The modes supported by MCrypt include: CBC, CFB, CTR, ECB, OFB, and NCFB.

The companion library for MCrypt is Libmcrypt, which contains the actual encryption functions themselves. Windows users can download it here, while Linux users can get it here.

Author's Note: If you are using PHP 5.0.0 you will also need libmcrypt Version 2.5.6 or greater.

Installing Libmcrypt:

Download libmcrypt.dll.
Copy the libmcrypt.dll file to {php_home}/ext and {Windows_home}/System32.
In php.ini activate the extension=php_mcrypt.dll line by deleting the comment mark (";").
Save the updated php.ini file.

Author's Note: For Linux, you have to download the libmcrypt-x.x.tar.gz file and follow the included installation instructions.

MCrypt can operate with the four cipher modes CBC, OFB, CFB, and ECB. If you are using a libmcrypt-2.4.x version or higher, then MCrypt functions also operate with the nOFB and STREAM cipher modes. Table 2 shows the most commonly-used encryption modes, along with a short description of when to use each.

Table 2. Commonly-Used MCrypt Modes: These cipher modes all operate with MCrypt, and are useful in different situations.

Encryption Mode	Description
MCRYPT_MODE_ECB	Use with random data. You can use this mode to encrypt different keys.
MCRYPT_MODE_CBC	Used for encrypting files.
MCRYPT_MODE_CFB	Recommended for encrypting byte streams.
MCRYPT_MODE_OFB	Used specifically in applications where error propagation is not accepted.
MCRYPT_MODE_NOFB	Comparable with OFB, but more secure.
MCRYPT_MODE_STREAM	Use when you need stream algorithms such as WAKE or RC4.

In addition to the modes listed in Table 2, MCrypt also currently supports these ciphers:

MCRYPT_3DES
MCRYPT_ARCFOUR
MCRYPT_BLOWFISH
MCRYPT_ENIGMA
MCRYPT_GOST
MCRYPT_IDEA (non-free)
MCRYPT_LOKI97
MCRYPT_MARS
MCRYPT_PANAMA
MCRYPT_RIJNDAEL_128

Author's Note: Because the list of supported ciphers can change over time, you should periodically check this list of the currently supported ciphers .

MCrypt Example
Here's an example that shows how to encrypt and decrypt the contents of a text file using MCrypt. Again, the example encrypts the contents of textfile.txt and stores the encrypted result in the file encrypted.txt. However, this example also decrypts that file and stores the unencrypted text in the file newfile.txt:

   // Listing file_encrypt.php
   <?php
    
   $file = 'textfile.txt';
   $initial_contents = file_get_contents($file);  
   
   if($initial_contents){
   
      //This function opens the module of the algorithm and the mode to be used
      $td = mcrypt_module_open('tripledes', '', 'ecb', '');
   
      //Create an initialization vector (IV) from a random source
      $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
   
      //This function initializes all buffers needed for encryption
      mcrypt_generic_init($td, $initial_contents, $iv);
   
      //This function encrypts data
      $encrypted_data = mcrypt_generic($td, $initial_contents); 
   
      $encrypted_file = @fopen('encrypted.txt','w');
      $ok_encrypt = @fwrite($encrypted_file,$encrypted_data);
      if($ok_encrypt){
         echo 'The encrypted code was succesfully created '.
         'in encrypted_file.txt!!!'.'<br />';
      }
      else{
         echo ("The write of this file failed!");
      }
      
      @fclose($encrypted_file);
   
      mcrypt_generic_init($td, $initial_contents, $iv);
   
      //This function decrypts data
      $p_t = mdecrypt_generic($td, $encrypted_data);
   
      $newfile = @fopen('newfile.txt','w');
      $ok_decrypt = @fwrite($newfile,$p_t);
      if($ok_decrypt){
         echo 'The decrypted code was succesfully created '.
         'in newfile.txt!!!'.'<br />';
      }
      else{
         echo ("The write of this file failed!");
      }
      @fclose($newfile);
    
      //This function deinitializes an encryption module
      mcrypt_generic_deinit($td);
   
      //Close the mcrypt module
      mcrypt_module_close($td);  
      } 
   
   ?>

« Previous Page 123 4 5 Next Page »

0 Comments (click to add your comment)

Comment and Contribute