Encrypting and Decrypting Data (PHP Cookbook)

14.8.1. Problem

You want to encrypt and decrypt data using one of a variety of popular algorithms.

14.8.2. Solution

$key  = 'That golden key that opes the palace of eternity.';
$data = 'The chicken escapes at dawn. Send help with Mr. Blue.';
$alg  = MCRYPT_BLOWFISH;
$mode = MCRYPT_MODE_CBC;

$iv = mcrypt_create_iv(mcrypt_get_iv_size($alg,$mode),MCRYPT_DEV_URANDOM);
$encrypted_data = mcrypt_encrypt($alg, $key, $data, $mode, $iv);
$plain_text = base64_encode($encrypted_data);

print $plain_text."\n";
$decoded = mcrypt_decrypt($alg,$key,base64_decode($plain_text),$mode,$iv);
print $decoded."\n";
NNB9WnuCYjyd3Y7vUh7XDfWFCWnQY0BsMehHNmBHbGOdJ3cM+yghABb/XyrJ+w3xz9tms74/a70=
The chicken escapes at dawn. Send help with Mr. Blue.

14.8.3. Discussion

The mcrypt extension is an interface with mcrypt, a library that implements many different encryption algorithms. The data is encrypted and decrypted by mcrypt_encrypt( ) and mcrypt_decrypt( ), respectively. They each take five arguments. The first is the algorithm to use. To find which algorithms mcrypt supports on your system, call mcrypt_list_algorithms( ). The full list of mcrypt algorithms is shown in Table 14-1. The second argument is the encryption key; the third argument is the data to encrypt or decrypt. The fourth argument is the mode for the encryption or decryption (a list of supported modes is returned by mcrypt_list_modes( )). The fifth argument is an initialization vector (IV), used by some modes as part of the encryption or decryption process.

Table 14-1 lists all the possible mcrypt algorithms, including the constant value used to indicate the algorithm, the key and block sizes in bits, and whether the algorithm is supported by libmcrypt 2.2.x and 2.4.x.

Table 14-1. mcrypt algorithm constants

Algorithm constant	Description	Key size	Block size	2.2.x	2.4.x
`MCRYPT_3DES`	Triple DES	168 (112 effective)	64	Yes	Yes
`MCRYPT_TRIPLEDES`	Triple DES	168 (112 effective)	64	No	Yes
`MCRYPT_3WAY`	3way (Joan Daemen)	96	96	Yes	No
`MCRYPT_THREEWAY`	3way	96	96	Yes	Yes
`MCRYPT_BLOWFISH`	Blowfish (Bruce Schneier)	Up to 448	64	No	Yes
`MCRYPT_BLOWFISH_COMPAT`	Blowfish with compatibility to other implementations	Up to 448	64	No	Yes
`MCRYPT_BLOWFISH_128`	Blowfish	128	64	Yes	No
`MCRYPT_BLOWFISH_192`	Blowfish	192	64	Yes
`MCRYPT_BLOWFISH_256`	Blowfish	256	64	Yes	No
`MCRYPT_BLOWFISH_448`	Blowfish	448	64	Yes	No
`MCRYPT_CAST_128`	CAST (Carlisle Adams and Stafford Tavares)	128	64	Yes	Yes
`MCRYPT_CAST_256`	CAST	256	128	Yes	Yes
`MCRYPT_CRYPT`	One-rotor Unix crypt	104	8		Yes
`MCRYPT_ENIGNA`	One-rotor Unix crypt	104	8	No	Yes
`MCRYPT_DES`	U.S. Data Encryption Standard	56	64	Yes	Yes
`MCRYPT_GOST`	Soviet Gosudarstvennyi Standard ("Government Standard")	256	64	Yes	Yes
`MCRYPT_IDEA`	International Data Encryption Algorithm	128	64	Yes	Yes
`MCRYPT_LOKI97`	LOKI97 (Lawrie Brown, Josef Pieprzyk)	128, 192, or 256	64	Yes	Yes
`MCRYPT_MARS`	MARS (IBM)	128-448	128	No	Yes
`MCRYPT_PANAMA`	PANAMA (Joan Daemen, Craig Clapp)	-	Stream	No	Yes
`MCRYPT_RC2`	Rivest Cipher 2	8-1024	64	No	Yes
`MCRYPT_RC2_1024`	Rivest Cipher 2	1024	64	Yes	No
`MCRYPT_RC2_128`	Rivest Cipher 2	128	64	Yes	No
`MCRYPT_RC2_256`	Rivest Cipher 2	256	64	Yes	No
`MCRYPT_RC4`	Rivest Cipher 4	Up to 2048	Stream	Yes	No
`MCRYPT_ARCFOUR`	Non-trademarked RC4 compatible	Up to 2048	Stream	No	Yes
`MCRYPT_ARCFOUR_IV`	Arcfour with Initialization Vector	Up to 2048	Stream	No	Yes
`MCRYPT_RC6`	Rivest Cipher 6	128, 192, or 256	128	No	Yes
`MCRYPT_RC6_128`	Rivest Cipher 6	128	128	Yes	No
`MCRYPT_RC6_192`	Rivest Cipher 6	192	128	Yes	No
`MCRYPT_RC6_256`	Rivest Cipher 6	256	128	Yes	No
`MCRYPT_RIJNDAEL_128`	Rijndael (Joan Daemen, Vincent Rijmen)	128	128	Yes	Yes
`MCRYPT_RIJNDAEL_192`	Rijndael	192	192	Yes	Yes
`MCRYPT_RIJNDAEL_256`	Rijndael	256	256	Yes	Yes
`MCRYPT_SAFERPLUS`	SAFER+ (based on SAFER)	128, 192, or 256	128	Yes	Yes
`MCRYPT_SAFER_128`	Secure And Fast Encryption Routine with strengthened key schedule	128	64	Yes	Yes
`MCRYPT_SAFER_64`	Secure And Fast Encryption Routine with strengthened key	64	64	Yes	Yes
`MCRYPT_SERPENT`	Serpent (Ross Anderson, Eli Biham, Lars Knudsen)	128, 192, or 256	128	No	Yes
`MCRYPT_SERPENT_128`	Serpent	128	128	Yes	No
`MCRYPT_SERPENT_192`	Serpent	192	128	Yes	No
`MCRYPT_SERPENT_256`	Serpent	256	128	Yes	No
`MCRYPT_SKIPJACK`	U.S. NSA Clipper Escrowed Encryption Standard	80	64	No	Yes
`MCRYPT_TWOFISH`	Twofish (Counterpane Systems)	128, 192, or 256	128	No	Yes
`MCRYPT_TWOFISH_128`	Twofish	128	128	Yes	No
`MCRYPT_TWOFISH_192`	Twofish	192	128	Yes	No
`MCRYPT_TWOFISH_256`	Twofish	256	128	Yes	No
`MCRYPT_WAKE`	Word Auto Key Encryption (David Wheeler)	256	32	No	Yes
`MCRYPT_XTEA`	Extended Tiny Encryption Algorithm (David Wheeler, Roger Needham)	128	64	Yes	Yes

Except for the data to encrypt or decrypt, all the other arguments must be the same when encrypting and decrypting. If you're using a mode that requires an initialization vector, it's okay to pass the initialization vector in the clear with the encrypted text.

The different modes are appropriate in different circumstances. Cipher Block Chaining (CBC) mode encrypts the data in blocks, and uses the encrypted value of each block (as well as the key) to compute the encrypted value of the next block. The initialization vector affects the encrypted value of the first block. Cipher Feedback (CFB) and Output Feedback (OFB) also use an initialization vector, but they encrypt data in units smaller than the block size. Note that OFB mode has security problems if you encrypt data in smaller units than its block size. Electronic Code Book (ECB) mode encrypts data in discreet blocks that don't depend on each other. ECB mode doesn't use an initialization vector. It is also less secure than other modes for repeated use, because the same plaintext with a given key always produces the same ciphertext. Constants to set each mode are listed in Table 14-2.

Table 14-2. mcrypt mode constants

Mode constant	Description
`MCRYPT_MODE_ECB`	Electronic Code Book mode
`MCRYPT_MODE_CBC`	Cipher Block Chaining mode
`MCRYPT_MODE_CFB`	Cipher Feedback mode
`MCRYPT_MODE_OFB`	Output Feedback mode with 8 bits of feedback
`MCRYPT_MODE_NOFB`	Output Feedback mode with n bits of feedback, where n is the block size of the algorithm used (libmcrypt 2.4 and higher only)
`MCRYPT_MODE_STREAM`	Stream Cipher mode, for algorithms such as RC4 and WAKE (libmcrypt 2.4 and higher only)

Different algorithms have different block sizes. You can retrieve the block size for a particular algorithm with mcrypt_get_block_size( ) . Similarly, the initialization vector size is determined by the algorithm and the mode. mcrypt_create_iv( ) and mcrypt_get_iv_size( ) make it easy to create an appropriate random initialization vector:

$iv = mcrypt_create_iv(mcrypt_get_iv_size($alg,$mode),MCRYPT_DEV_URANDOM);

The first argument to mcrypt_create_iv( ) is the size of the vector, and the second is a source of randomness. You have three choices for the source of randomness. MCRYPT_DEV_RANDOM reads from the pseudodevice /dev/random, MCRYPT_DEV_URANDOM reads from the pseudo-device /dev/urandom, and MCRYPT_RAND uses an internal random number generator. Not all operating systems support random-generating pseudo-devices. Make sure to call srand( ) before using MCRYPT_RAND in order to get a nonrepeating random number stream.

The code and examples in this recipe are compatible with mcrypt 2.4. PHP's mcrypt interface supports both mcrypt 2.2 and mcrypt 2.4, but there are differences between the two. With mcrypt 2.2, PHP supports only the following mcrypt functions: mcrypt_ecb( ), mcrypt_cbc( ), mcrypt_cfb( ), mcrypt_ofb( ), mcrypt_get_key_size( ), mcrypt_get_block_size( ), mcrypt_get_cipher_name( ), and mcrypt_create_iv( ). To encrypt or decrypt data with mcrypt 2.2, call the appropriate mcrypt_MODE( ) function, based on what mode you want to use, and pass it an argument that instructs it to encrypt or decrypt. The following code is the mcrypt 2.2-compatible version of the code in the Solution:

$key  = 'That golden key that opes the palace of eternity.';
$data = 'The chicken escapes at dawn. Send help with Mr. Blue.';
$alg = MCRYPT_BLOWFISH;

$iv = mcrypt_create_iv(mcrypt_get_block_size($alg),MCRYPT_DEV_URANDOM);
$encrypted_data = mcrypt_cbc($alg,$key,$data,MCRYPT_ENCRYPT);
$plain_text = base64_encode($encrypted_data);

print $plain_text."\n";

$decoded = mcrypt_cbc($alg,$key,base64_decode($plain_text),MCRYPT_DECRYPT);

print $decoded."\n";

14.8.4. See Also

Documentation on the mcrypt extension at http://www.php.net/mcrypt; the mcrypt library is available at http://mcrypt.hellug.gr/; choosing an appropriate algorithm and using it securely requires care and planning: for more information about mcrypt and the cipher algorithms it uses, see the online PHP manual section on mcrypt, the mcrypt home page, and the manpages for /dev/random and /dev/urandom; good books about cryptography include Applied Cryptography, by Bruce Schneier (Wiley) and Cryptography: Theory and Practice, by Douglas R. Stinson (Chapman & Hall).