$password = '******'; $plaintext = 'This is something secret'; $ivSize = 16; $randomIV = phpseclib\Crypt\Random::string($ivSize); echo 'Plaintext: ' . $plaintext . "\r\n"; //Create new AES Object $aes_encrypt = new \phpseclib\Crypt\AES(\phpseclib\Crypt\AES::MODE_CBC); //Use OPENSSL as Default engine $aes_encrypt->setPreferredEngine(phpseclib\Crypt\AES::ENGINE_OPENSSL); //set key length to 256 $aes_encrypt->setKeyLength(256); //set password $aes_encrypt->setPassword($password, 'pbkdf2', 'sha512', NULL, 4096); $aes_encrypt->setIV($randomIV); //Encrypt $raw_ciphertext = $aes_encrypt->encrypt($plaintext); $ciphertext = base64_encode($randomIV . $raw_ciphertext); echo 'Random IV: ' . $randomIV . "\r\n"; echo 'RAW Ciphertext: ' . $raw_ciphertext . "\r\n"; echo 'Ciphertext: ' . $ciphertext . "\r\n"; //Create new AES Object for decryption $aes_decrypt = new \phpseclib\Crypt\AES(\phpseclib\Crypt\AES::MODE_CBC); //Set OPENSSL as default engine $aes_decrypt->setPreferredEngine(phpseclib\Crypt\AES::ENGINE_OPENSSL); //set key length to 256 $aes_decrypt->setKeyLength(256); //set password $aes_decrypt->setPassword($password, 'pbkdf2', 'sha512', NULL, 4096); $decoded_ciphertext = base64_decode($ciphertext); $aes_decrypt->setIV(substr($decoded_ciphertext, 0, $ivSize)); //Decode from base64 and decrypts
/**
* Encrypt data using the given secret using AES
*
* The mode is CBC with a random initialization vector, the key is derived
* using pbkdf2.
*
* @param string $data The data that shall be encrypted
* @param string $secret The secret/password that shall be used
* @return string The ciphertext
*/
function auth_encrypt($data, $secret)
{
$iv = auth_randombytes(16);
$cipher = new \phpseclib\Crypt\AES();
$cipher->setPassword($secret);
/*
this uses the encrypted IV as IV as suggested in
http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf, Appendix C
for unique but necessarily random IVs. The resulting ciphertext is
compatible to ciphertext that was created using a "normal" IV.
*/
return $cipher->encrypt($iv . $data);
}
public function encrypt()
{
$aes = new \phpseclib\Crypt\AES();
$aes->setKey($this->key);
$plaintext = file_get_contents($this->getFileUploadDir() . '/' . $this->file_name);
$ciphertext = $aes->encrypt($plaintext);
$hash = md5($plaintext);
$this->save_name = "EncryptedFile_" . $hash;
file_put_contents($this->getFileRootDir() . '/' . $this->save_name, $ciphertext);
unlink($this->file->getPathname());
return new CryptoFile($hash, $this->getWebPath() . '/' . $this->save_name);
}
