How to generate random password and IV for openssl encryption

Question

I'm encrpyting my web application file download system with openssl (openssl_encrypt and openssl_decrypt) and I want to generate random password and IV for that. Encryption method will be AES-256-CBC. I'm newbie with cryptography and found very little information about the issue.

function encryptString($str) {
    $encryptionMethod = "AES-256-CBC";  
    $secretHash = "gererated random secret openssl key here";
    $encryptedStr = openssl_encrypt($str, $encryptionMethod, $secretHash, false, "generated random IV here");
    return $encryptedStr;
}

I tried openssl_pkey_new(); but it returned me boolean false. Is this the right way?

I got the tip from here: Two-way encryption in PHP

as test environment im running WAMP localhost.

Answer 1

Since it was problematic to do this programmatically with php in windows environment, I generated the passwords in Linux.

openssl enc -d -a -md sha1 -aes-256-cbc -nosalt -p

Installation instruction for windows was found here: php.net/manual/en/openssl.installation.php but I still couldn't get it working.

I also needed to change the function a bit to make it work properly:

function encryptUrl($url) {
    $encryptionMethod = "AES-256-CBC";  
    $pass = "Generated Pass";
    $iv = "Generated IV";
    $encryptedUrl = base64_encode(openssl_encrypt($url, $encryptionMethod, $pass, false, $iv));
    return $encryptedUrl;
}