echo 'Plaintext: ' . $plaintext . "\r\n"; //Create new AES Object $aes_encrypt = new \phpseclib\Crypt\AES(\phpseclib\Crypt\AES::MODE_CBC); //Use OPENSSL as Default engine $aes_encrypt->setPreferredEngine(phpseclib\Crypt\AES::ENGINE_OPENSSL); //set key length to 256 $aes_encrypt->setKeyLength(256); //set password $aes_encrypt->setPassword($password, 'pbkdf2', 'sha512', NULL, 4096); $aes_encrypt->setIV($randomIV); //Encrypt $raw_ciphertext = $aes_encrypt->encrypt($plaintext); $ciphertext = base64_encode($randomIV . $raw_ciphertext); echo 'Random IV: ' . $randomIV . "\r\n"; echo 'RAW Ciphertext: ' . $raw_ciphertext . "\r\n"; echo 'Ciphertext: ' . $ciphertext . "\r\n"; //Create new AES Object for decryption $aes_decrypt = new \phpseclib\Crypt\AES(\phpseclib\Crypt\AES::MODE_CBC); //Set OPENSSL as default engine $aes_decrypt->setPreferredEngine(phpseclib\Crypt\AES::ENGINE_OPENSSL); //set key length to 256 $aes_decrypt->setKeyLength(256); //set password $aes_decrypt->setPassword($password, 'pbkdf2', 'sha512', NULL, 4096); $decoded_ciphertext = base64_decode($ciphertext); $aes_decrypt->setIV(substr($decoded_ciphertext, 0, $ivSize)); //Decode from base64 and decrypts $decrypted = $aes_decrypt->decrypt(substr($decoded_ciphertext, $ivSize)); echo 'Decrypted: ' . $decrypted . "\r\n"; //is everything ok? var_dump($plaintext == $decrypted);
/** * Decrypt the given AES ciphertext * * The mode is CBC, the key is derived using pbkdf2 * * @param string $ciphertext The encrypted data * @param string $secret The secret/password that shall be used * @return string The decrypted data */ function auth_decrypt($ciphertext, $secret) { $iv = substr($ciphertext, 0, 16); $cipher = new \phpseclib\Crypt\AES(); $cipher->setPassword($secret); $cipher->setIV($iv); return $cipher->decrypt(substr($ciphertext, 16)); }