downloads | documentation | faq | getting help | mailing lists | licenses | wiki | reporting bugs | php.net sites | links | conferences | my php.net

search for in the

openssl_dh_compute_key> <openssl_csr_sign
[edit] Last updated: Fri, 25 May 2012

view this page in

openssl_decrypt

(PHP 5 >= 5.3.0)

openssl_decryptDécrypte les données

Description

string openssl_decrypt ( string $data , string $method , string $password [, bool $raw_input = false [, string $iv = "" ]] )

Prend une chaine brute ou base64 encodée et la décrypte en utilisant la méthode et la clé passées.

Avertissement

Cette fonction n'est pas documentée et seule la liste des arguments est disponible.

Liste de paramètres

data

Les données.

method

La méthode de cipher.

password

Le password.

raw_input

Passez TRUE si les données entrées sont brutes, sinon une chaine base64 encodée est requise pour data.

iv

Un vecteur d'initialisation non-nul.

Valeurs de retour

La chaine décryptée en cas de succès ou FALSE si une erreur survient.

Erreurs / Exceptions

Émets une erreur de niveau E_WARNING si un algorithme cipher inconnu est passé via method.

Émets une erreur de niveau E_WARNING si une valeur vide est passée comme paramètre iv.

Historique

Version Description
5.3.3 Le paramètre iv a été ajouté.

Voir aussi



add a note add a note User Contributed Notes openssl_decrypt
nbari at dalmp dot com 15-Jan-2012 03:52
There are cases where you need to send data in a secure way within an 'un-secure' connection, a  typically scenario of this, is a site with out SSL (no https).

For this cases you can use the GibberishAES javascript library, this library will encrypt your data before it is submitted using CBC AES encryption mode, and it is fully compatible with a standar like OpenSSL.

Example:

When displaying a form, you can set a hidden field containing a token, the one is stored on the server via sessions and is going to be used as the 'password' for encrypting the data on the user side, in help with the GibberishAES library.

In Javascript (user side):
// GibberishAES.enc(string, password)
// Defaults to 256 bit encryption
GibberishAES.enc("Made with Gibberish\n", "password");
// Outputs: "U2FsdGVkX1+21O5RB08bavFTq7Yq/gChmXrO3f00tvJaT55A5pPvqw0zFVnHSW1o"

Later when the user submits the data, you will need to decrypt the data, for that you could use the class below and use it like this:

<?php
sqAES::decrypt('password', 'U2FsdGVkX1+21O5RB08bavFTq7Yq/gChmXrO3f00tvJaT55A5pPvqw0zFVnHSW1o');
?>

That will return  the same result, that openssl would return from this command line :

echo "U2FsdGVkX1+21O5RB08bavFTq7Yq/gChmXrO3f00tvJaT55A5pPvqw0zFVnHSW1o" | openssl enc -d -aes-256-cbc -a -k password

This class currently only encrypts/decrypts AES256 but can be easily modified to feed your needs, right now it is fully compatible withe the  GibberishAES library, so you could decrypt all your users data and also send encrypted data back to the user in a secure way, all this thanks to the openssl-decrypt/openssl-encrypt functions.

<?php

class sqAES {

  /**
   * decrypt AES 256
   *
   * @param string $password
   * @param data $edata
   * @return dencrypted data
   */
  public static function decrypt($password, $edata) {
    $data = base64_decode($edata);
    $salt = substr($data, 8, 8);
    $ct = substr($data, 16);
    /**
     * From https://github.com/mdp/gibberish-aes
     *
     * Number of rounds depends on the size of the AES in use
     * 3 rounds for 256
     *        2 rounds for the key, 1 for the IV
     * 2 rounds for 128
     *        1 round for the key, 1 round for the IV
     * 3 rounds for 192 since it's not evenly divided by 128 bits
     */
    $rounds = 3;
    $data00 = $password.$salt;
    $md5_hash = array();
    $md5_hash[0] = md5($data00, true);
    $result = $md5_hash[0];
    for ($i = 1; $i < $rounds; $i++) {
      $md5_hash[$i] = md5($md5_hash[$i - 1].$data00, true);
        $result .= $md5_hash[$i];
    }
    $key = substr($result, 0, 32);
    $iv  = substr($result, 32,16);

      return openssl_decrypt($ct, 'aes-256-cbc', $key, true, $iv);
  }

  /**
   * crypt AES 256
   *
   * @param string $password
   * @param data $data
   * @return base64 encrypted data
   */
  public static function crypt($password, $data) {
    // Set a random salt
    $salt = openssl_random_pseudo_bytes(8);

    $salted = '';
    $dx = '';
    // Salt the key(32) and iv(16) = 48
    while (strlen($salted) < 48) {
      $dx = md5($dx.$password.$salt, true);
      $salted .= $dx;
    }

    $key = substr($salted, 0, 32);
    $iv  = substr($salted, 32,16);

    $encrypted_data = openssl_encrypt($data, 'aes-256-cbc', $key, true, $iv);
    return base64_encode('Salted__' . $salt . $encrypted_data);
  }

}

?>
add a note add a note

 
show source | credits | sitemap | contact | advertising | mirror sites