This comprehensive guide discusses where to get, how to install, and how to use the various cryptography packages available to enhance the security of your PHP applications.
Building Hashes with MHash
MHash is a free library that lets developers choose from a large number of hash algorithms. These algorithms can be used to compute checksums, message digests, and create other signatures.
Copy the libmhash.dll file to {php_home}/ext and to {Windows_home}/System32.
In php.ini, activate the extension=php_mhash.dll line by deleting the comment mark (";").
Save the updated php.ini file.
Supported Hashes
The hashes currently supported by MHash are:
MHASH_ADLER32
MHASH_CRC32
MHASH_CRC32B
MHASH_GOST
MHASH_HAVAL128
MHASH_HAVAL160
MHASH_HAVAL192
MHASH_HAVAL256
MHASH_MD4
MHASH_MD5
MHASH_RIPEMD160
MHASH_SHA1
MHASH_SHA256
MHASH_TIGER
MHASH_TIGER128
MHASH_TIGER160
The following example uses MHash to encrypt the contents of texfile.txt and write the encrypted result to encrypted.txt:
<?php
$file = 'textfile.txt';
$initial_contents = file_get_contents($file);
if($initial_contents){
//mhash() applies a hash function specified by MHASH_MD5
//to the $initial_contents
$encrypted = mhash(MHASH_MD5, $initial_contents);
// get current Unix timestamp
$current = time();
$salt = $current;
$password = "Octavia";
//mhash_keygen_s2k generates a key according to the hash function
//given and the password provided by the user.
$hash = mhash_keygen_s2k(MHASH_GOST, $password, $salt, 20);
//concatenate the $salt with the $hash
$key = $salt . "|" . bin2hex($hash);
$encrypted_file = @fopen('encrypted.txt','w');
$ok_encrypt = @fwrite($encrypted_file,
'mhash: '.bin2hex($encrypted).' mhash_keygen_s2k:
'.$key);
if($ok_encrypt){
echo 'The encrypted code was succesfully created '.
'in encrypted_file.txt !!!'.'<br />';
}
else{
echo ("The write of this file failed!");
}
@fclose($encrypted_file);
}
?>
Secret Keys and Crypt_Blowfish
Secret-key cryptography uses a single key for both encryption and decryption—also called a symmetric key. For example, the commonly-used DES algorithm is a secret key algorithm. The Crypt_Blowfish PEAR package is based on the Blowfish block cipher and supports two-way encryption, either with or without a secret key. The package doesn't require MCrypt, but Crypt_Blowfish can use MCrypt if it's installed. The latest released version is 1.0.1 (stable), and you install it like any other PEAR package:
> pear install pear_package_name
This package uses two classes defined in the Blowfish.php file, which you must include in all scripts that use the Crypt_Blowfish package:
require_once 'Crypt/Blowfish.php';
Here's the code for the by-now-familiar encryption example program using Crypt_Blowfish:
<?php
require_once 'Crypt/Blowfish.php';
$file = 'textfile.txt';
$initial_contents = file_get_contents($file);
if($initial_contents){
$bf = new Crypt_Blowfish('some secret key!');
// Encrypts a string
$encrypted = $bf->encrypt($initial_contents);
$encrypted_file = @fopen('encrypted.txt','w');
$ok_encrypt = @fwrite($encrypted_file,$encrypted);
if($ok_encrypt){
echo 'The encrypted code was succesfully created '.
'in encrypted_file.txt!!!'.'<br />';
}
else{
echo ("The write of this file failed!");
}
@fclose($encrypted_file);
// Decrypts an encrypted string
$plaintext = $bf->decrypt($encrypted);
$newfile = @fopen('newfile.txt','w');
$ok_decrypt = @fwrite($newfile,$plaintext);
if($ok_decrypt){
echo 'The decrypted code was succesfully created '.
'in newfile.txt!!!'.'<br />';
}
else{
echo ("The write of this file failed!");
}
@fclose($newfile);
}
?>
Previous Page
