Encrypting and Decrypting Data in PHP

Data security is a critical aspect of software development. One of the ways to ensure data security is by encrypting sensitive information before storing or transmitting it. In this article, we'll walk through a simple yet effective way to encrypt and decrypt data in PHP using the AES-256-CBC algorithm.

Generating an Encryption Key

First, we need a key to use for the encryption and decryption process. In a production environment, you should generate a secure key and store it safely. For this example, we'll use a hardcoded key:
function generate_key() {    return "Rb4M6eV19mQNCDihyjqH/0KGYchk/YlXpxXV3fSnE6w="; }
This function returns a predefined key. This key should be kept secret and never exposed in your code.

Encrypting Data

To encrypt data, we need to create an initialization vector (IV) and then use the openssl_encrypt function. Here's the encrypt function:
function encrypt($data, $key) {    $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));    $encrypted = openssl_encrypt($data, 'aes-256-cbc', $key, 0, $iv);    $encrypted_data = $iv . $encrypted;    $encrypted_base64 = base64_encode($encrypted_data);    return $encrypted_base64; }
  • Initialization Vector (IV): The IV is a random value used along with the key to ensure that the same plaintext encrypted multiple times will produce different ciphertexts. We generate the IV using openssl_random_pseudo_bytes.
  • Encrypting the Data: The openssl_encrypt function encrypts the data using the AES-256-CBC algorithm, the key, and the IV.
  • Concatenating IV and Encrypted Data: The IV is concatenated with the encrypted data because it is needed for decryption.
  • Encoding to Base64: The concatenated string is then encoded in base64 to ensure safe transmission and storage.

Decrypting Data

To decrypt the data, we need to reverse the encryption process. Here's the decrypt function:
function decrypt($encrypted_base64, $key) {
   $encrypted_data = base64_decode($encrypted_base64);
   $iv_length = openssl_cipher_iv_length('aes-256-cbc');
   $iv = substr($encrypted_data, 0, $iv_length);
   $encrypted = substr($encrypted_data, $iv_length);
   $decrypted = openssl_decrypt($encrypted, 'aes-256-cbc', $key, 0, $iv);
   return $decrypted;
}
  • Decoding from Base64: First, we decode the base64 encoded string.
  • Extracting the IV: The IV is extracted from the beginning of the decoded string.
  • Extracting the Encrypted Data: The remaining part of the string is the actual encrypted data.
  • Decrypting the Data: The openssl_decrypt function decrypts the data using the AES-256-CBC algorithm, the key, and the IV.

Example Usage

Here’s how you can use the encrypt and decrypt functions:
$key = generate_key(); $original_data = "Hello, world!"; // Encrypt the data $encrypted_data = encrypt($original_data, $key); echo "Encrypted data: " . $encrypted_data . "\n"; // Decrypt the data $decrypted_data = decrypt($encrypted_data, $key); echo "Decrypted data: " . $decrypted_data . "\n";
  • Generating the Key: We use the generate_key function to get our encryption key.
  • Encrypting the Data: The encrypt function encrypts the original data.
  • Decrypting the Data: The decrypt function decrypts the encrypted data back to its original form.

Output

When you run the script, you should see something like this:
Encrypted data: U2FsdGVkX1++UgYmxv52N8PS1JlI5mLQpFl0Duo5N1g=
Decrypted data: Hello, world!
The exact encrypted data will vary because of the random IV, but the decrypted data will always be "Hello, world!".

Conclusion

By following the steps outlined in this article, you can securely encrypt and decrypt data in PHP using the AES-256-CBC algorithm. Remember to handle your encryption keys securely and avoid exposing them in your source code. This approach ensures that your sensitive data remains protected against unauthorized access.