14

I need two functions/methods, one to encode, one to decode. This is not for storing passwords. Each user will have a specific key/salt to encode the data.

This is how I would like it to work:

function encode($str, $key) {
    // something fancy
}

function decode($str, $key) {
    // something fancy
}

$key = $logged_in_user->get_key();
$plain = 'abc abc 123 123';
$encoded_data = encode($plain, $key);
// some_fancy_encrypted_data_that_is_really_cooooool
$decoded_data = decode($encoded_data, $key);
// abc abc 123 123

Another thing is that every time I use this function it needs to return the same thing every time I use the encode function with the same user key.

How would I do this??

Improve this question
5
  • 4
    So have you looked at mcrypt (php.net/manual/en/mcrypt.examples.php) at all? And drop the hash tag, because you say you don't want a hash
    – Mark Baker
    Commented Apr 8, 2013 at 16:27
  • I have a small class that can do what you need, but the real question is why you feel the need to individually encrypt each user's data independently. It is generally assumed that once an attacked can see your stored data they can also see your source code which invalidates most uses of internal encryption, as well-intentioned as they might be.
    – Sammitch
    Commented Apr 8, 2013 at 16:37
  • @Sammitch In some cases it's useful if the key used to encrypt/decrypt the data cannot be found anywhere (and only belongs to the user). I'm pretty sure that LastPass does this as well.
    – h2ooooooo
    Commented Apr 8, 2013 at 16:39
  • @Sammitch Because it is not for the user, but for messages between users. So on the database it is not plain text data.
    – Jason Silberman
    Commented Apr 8, 2013 at 16:41
  • @MarkBaker I have, but even with the same key, every time the output is different.
    – Jason Silberman
    Commented Apr 8, 2013 at 16:42

2 Answers 2

Reset to default
48 
$myVarIWantToEncodeAndDecode

Define key (salt, broth etc..): $key = "#&$sdfdfs789fs7d";

To encode:

$encoded = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $myVarIWantToEncodeAndDecode, MCRYPT_MODE_CBC, md5(md5($key))));

To decode:

$decoded = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encoded), MCRYPT_MODE_CBC, md5(md5($key))), "\0");

Note: mcrypt_decrypt has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged.

Improve this answer
8
  • hmm.. This seems to work, but the data I am getting back from decoding the string is A”·fµŒ”÷Óÿ‰Zvÿ“õE¥‰¬DõØ&Hå§. What's wrong?
    – Jason Silberman
    Commented Apr 8, 2013 at 16:48
  • So it decodes and encodes right? What are you encoding? plain text? encoded data should look something like this: VXHE0iM0bMXQecCAKYAzYZjy4gbctqLGQHYvW2cFhaE=
    – rinchik
    Commented Apr 8, 2013 at 16:54
  • I am encoding just "abc abc 123 123"
    – Jason Silberman
    Commented Apr 9, 2013 at 0:40
  • 2
    Sweet, simple, one liner. Thanks a ton!! Cheers!! +1 :)
    – Parag Tyagi
    Commented Jan 19, 2015 at 17:23
  • 2
    mcrypt_encrypt / _decode are deprecated. Use openssl_encrypt / _decrypt instead. php.net/manual/en/function.openssl-encrypt.php
    – Zbigniew Ledwoń
    Commented Jun 26, 2017 at 9:18
1

Use openssl_encrypt instead of mcrypt_encrypt

mcrypt_encrypt DEPRECATED as of PHP 7.1.0 and REMOVED as of PHP 7.2.0.

So, Try this..

function encrypt_decrypt($string, $action = 'encrypt')
{
    $encrypt_method = "AES-256-CBC";
    $secret_key = 'AA74CDCC2BBRT935136HH7B63C27'; // user define private key
    $secret_iv = '5fgf5HJ5g27'; // user define secret key
    $key = hash('sha256', $secret_key);
    $iv = substr(hash('sha256', $secret_iv), 0, 16); // sha256 is hash_hmac_algo
    if ($action == 'encrypt') {
        $output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
        $output = base64_encode($output);
    } else if ($action == 'decrypt') {
        $output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
    }
    return $output;
}
 
echo "Your Encrypted password is = ". $pwd = encrypt_decrypt('spaceo', 'encrypt');
echo "Your Decrypted password is = ". encrypt_decrypt($pwd, 'decrypt');
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.