0

How to encrypt and decrypt data in php?

My code so far is:-

function encrypter($plaintext)
{
    $plaintext = strtolower($plaintext);
    $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256,FLENCKEY,$plaintext,MCRYPT_MODE_ECB);    
    return trim(base64_encode($crypttext));
}

function decrypter($crypttext)
{
    $crypttext = base64_decode($crypttext);    
    $plaintext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256,FLENCKEY,$crypttext,MCRYPT_MODE_ECB);    
    return trim($crypttext);
}

$test = "abc@gmail.com";

echo encrypter(test);

Output is 

iLmUJHKPjPmA9vY0jfQ51qGpLPWC/5bTYWFDOj7Hr08=

echo decrypter(test);

Output is 

��-
kotAPI
  • 387
  • 1
  • 7
  • 20
user2818254
  • 87
  • 2
  • 8
  • 5
    wouldn't you be wanting to decrypt the encrypted data, as opposed to trying to decrpt `$test` which is already decrypted? – mulllhausen Sep 26 '13 at 06:54
  • Do not encrypt anything if you are not good at it. I know barely enough about encryption to know that if you fail at it, no hacker will point it out to you. While it might be a good idea to use Rijndael 256, which is basically AES 256 you obviously do not know the importance of encryption mode as ECB is very bad. (However this is mitigated by the short length of your data) – Samuel Sep 26 '13 at 06:55
  • Possible duplicate of [How do you Encrypt and Decrypt a PHP String?](https://stackoverflow.com/questions/16600708/how-do-you-encrypt-and-decrypt-a-php-string) – wp78de Mar 31 '18 at 15:19

5 Answers5

2

In your decrypter() function, you return the wrong data.

You should return $plaintext instead of $crypttext:

function decrypter($crypttext)
{
    $crypttext = base64_decode($crypttext);    
    $plaintext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256,FLENCKEY,$crypttext,MCRYPT_MODE_ECB);    
    //return trim($crypttext);
    return trim($plaintext);
}
srain
  • 8,944
  • 6
  • 30
  • 42
2

The other code samples on this page (including the question) are not secure.

To be secure:

  1. Don't use mcrypt.
  2. Use authenticated encryption.
  3. Never use ECB mode (a.k.a. MCRYPT_MODE_ECB).

See this answer for secure encryption in PHP.

Scott Arciszewski
  • 33,610
  • 16
  • 89
  • 206
1

This is what I use. Super simple.

function encrypt_decrypt($action, $string) {
   $output = false;
   $key = '$b@bl2I@?%%4K*mC6r273~8l3|6@>D';
   $iv = md5(md5($key));
   if( $action == 'encrypt' ) {
       $output = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, $iv);
       $output = base64_encode($output);
   }
   else if( $action == 'decrypt' ){
       $output = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($string), MCRYPT_MODE_CBC, $iv);
       $output = rtrim($output, "");
   }
   return $output;
}

You can change $key to whatever you want, or leave it. (this is not my key, btw)

encrypt_decrypt('encrypt', $str) to encrypt

encrypt_decrypt('decrypt', $str) to decrypt

I wrestled a bear once.
  • 22,983
  • 19
  • 69
  • 116
0

Inside the decrypter function, change the 

return trim($crypttext);

to

return trim($plaintext);

But looking at your function, I am not quite sure whether it will return exactly the same string, because of the strtolower function. You can't just do a strtoupper function as the original text may not be all in capital letters.

rcs
  • 6,713
  • 12
  • 53
  • 75
0

Warning mcrypt_encrypt has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged. Use openssl_encrypt instead.

Harshal Sharma
  • 1
  • 3