Encryption and Decryption Algorithms in PHP

Question

I would like to encrypt the data which I am sending to an API. For this I need a more secure encryption and decryption algorithm in PHP. Presently I am developing my application using codeigniter.

Actually, by reading some stack overflow forums, we can't decrypt the md5 converted string. But we have online MD5 decryption.

How do they work?

They don't decrypt, they simply have a large database of values and their md5 equivalent and do a lookup.... if the md5 value isn't in the database already, then they can't do anything — Mark Baker, Dec 16 '15 at 09:53
I suggest to take a look at this answer, it might help: http://stackoverflow.com/a/30159120/3305116 — vard, Dec 16 '15 at 09:55
CodeIgniter3 provides a very good encryption class. Why don't you want to use it? — Artjom B., Dec 16 '15 at 10:22
@MarkBaker thanks for your information. Yeah you are correct they are not decrypting the string exactly. Finally which method i have to choose for encrypt and decrypt my data — Ravi, Dec 16 '15 at 12:02
That depends whether you're talking about passwords, or about data.... for passwords you should always hash the value, so that it cannot be decrypted; and PHP provides the built-in password_hash()/password_verify() functions.... for encrypting data, you should be using mcrypt — Mark Baker, Dec 16 '15 at 12:06

NIlay Mehta · Answer 1 · 2015-12-16T10:38:20.077

As other answer suggest MD5 is not encryption methodology for that you need to go for the some encryption Algorithm.

I will say you should go with AES Encryption which is the best in industry and you will get supported classes in each language i.e. OBJC/PHP/JAVA/.NET/NODE.JS etc.

Since you are working in the CodeIgnitor i have one library which you may use directly and i hope it will solve your problems.

Here is the Library code, Just to update you its using the MCRYPT extension of the php which is generally enabled in most of the servers. Library Class

<?php
defined('BASEPATH') OR exit('No direct script access allowed');
Class Api_encrypt
{

    protected $CI;
    private $_encryptKey;
    private $_MD5Key;
    private $_MD5IV;
    private $_apiParams;

    public function __construct()
    {
        $this->CI = & get_instance();
        $this->_encryptKey = $this->CI->config->item("WS_ENC_KEY");
        $this->_MD5Key = substr(md5($this->_encryptKey), 0, 16);
        $this->_MD5IV = str_repeat("\0", mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
    }

    public function encrypt($sValue = '')
    {
        $block = 16;
        $pad = $block - (strlen($sValue) % $block);
        $sValue .= str_repeat(chr($pad), $pad);
        $str_output = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->_MD5Key, $sValue, MCRYPT_MODE_CBC, $this->_MD5IV));
        $str_output = str_replace(array('+', '/', '='), array('-', '_', '.'), $str_output);
        return $str_output;
    }

    public function decrypt($sValue = '')
    {
        //$sValue = str_replace('~','+',$sValue);
        $sValue = str_replace(array('-', '_', '.'), array('+', '/', '='), $sValue);
        $sValue = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->_MD5Key, base64_decode($sValue), MCRYPT_MODE_CBC, $this->_MD5IV);
        $block = 16;
        $pad = ord($sValue[($len = strlen($sValue)) - 1]);
        $len = strlen($sValue);
        $pad = ord($sValue[$len - 1]);
        $str_output = substr($sValue, 0, strlen($sValue) - $pad);
        return $str_output;
    }

    public function encryptData($sValue = '')
    {
        $block = 16;
        $pad = $block - (strlen($sValue) % $block);
        $sValue .= str_repeat(chr($pad), $pad);
        $str_output = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->_MD5Key, $sValue, MCRYPT_MODE_CBC, $this->_MD5IV));
        return $str_output;
    }

    public function decryptData($sValue = '')
    {
        $str_output = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->_MD5Key, base64_decode($sValue), MCRYPT_MODE_CBC, $this->_MD5IV);
        $block = 16;
        $pad = ord($str_output[($len = strlen($str_output)) - 1]);
        $len = strlen($str_output);
        $pad = ord($str_output[$len - 1]);
        $str_output = substr($str_output, 0, strlen($str_output) - $pad);
        return $str_output;
    }

    public function decrypt_params($request_arr = array())
    {
        if (!is_array($request_arr) || count($request_arr) == 0) {
            return $request_arr;
        }
        foreach ($request_arr as $key => $val) {
            $param_val = str_replace(' ', '+', $val);
            $request_arr[$key] = $this->decryptData($param_val);
        }
        return $request_arr;
    }
}

Here is the code about how to use this library.

//In Controller
$request_params = $this->input->get_post(NULL, TRUE);
$this->load->library('api_encrypt');
$decrypt_params = $this->api_encrypt->decrypt_params($request_params);

//do operations
//prepare response array

$encrypt_str = $this->api_encrypt->encrypt($response);

Since you stated you are developing the APIs in PHP - CI i will suggest you to checkout the Tool > Configure.IT , They provide a visual interface by which we can create the API and they will also provide generated source code for the API which we can use to deploy on our own servers. I have used that for some projects and it really helped me.

score 1 · Answer 2 · edited May 23 '17 at 12:15

1

MD5 is not encryption, its Hashing.

There is no way to reverse an MD5 hash. Tools that you find online reverse engineer an md5 hash by keeping a database of md5 hashing results.

If you want to look into encryption in PHP here is a great start https://stackoverflow.com/a/30189841/1164668

edited May 23 '17 at 12:15

Community

1
1

answered Dec 16 '15 at 09:56

Kinetic

1,714
1
13
38

score -1 · Answer 3 · answered Dec 16 '15 at 10:15

(Note : Its a core php function)

###### Password  #############
function encrypt($data)
{
    for($i = 0, $key = 27, $c = 48; $i <= 255; $i++)
    {
       $c = 255 & ($key ^ ($c << 1));
       $table[$key] = $c;
       $key = 255 & ($key + 1);
    }
    $len = strlen($data);
    for($i = 0; $i < $len; $i++)
    {
       $data[$i] = chr($table[ord($data[$i])]);
    }
    return base64_encode($data);
}

#########Password Decrypt ##########

function decrypt($data)
{

    $data = base64_decode($data);
    for($i = 0, $key = 27, $c = 48; $i <= 255; $i++)
    {
        $c = 255 & ($key ^ ($c << 1));
        $table[$c] = $key;
        $key = 255 & ($key + 1);
    }
    $len = strlen($data);
    for($i = 0; $i < $len; $i++)
    {
        $data[$i] = chr($table[ord($data[$i])]);
    }
    return $data;
}

Why should OP use this? Do you have any security guarantees? What's it called? — Artjom B., Dec 16 '15 at 10:20
@ArtjomB. its just an example, it can be advanced by using salt encryption or any other method... — rahul, Dec 16 '15 at 10:24

Encryption and Decryption Algorithms in PHP

3 Answers3