openssl_encrypt
(PHP 5 >= 5.3.0, PHP 7)
openssl_encrypt — Encrypts data
Description
$data
, string $method
, string $key
[, int $options = 0
[, string $iv = ""
[, string &$tag = NULL
[, string $aad = ""
[, int $tag_length = 16
]]]]] ) : stringEncrypts given data with given method and key, returns a raw or base64 encoded string
Parameters
-
data -
The plaintext message data to be encrypted.
-
method -
The cipher method. For a list of available cipher methods, use openssl_get_cipher_methods().
-
key -
The key.
-
options -
optionsis a bitwise disjunction of the flagsOPENSSL_RAW_DATAandOPENSSL_ZERO_PADDING. -
iv -
A non-NULL Initialization Vector.
-
tag -
The authentication tag passed by reference when using AEAD cipher mode (GCM or CCM).
-
aad -
Additional authentication data.
-
tag_length -
The length of the authentication
tag. Its value can be between 4 and 16 for GCM mode.
Errors/Exceptions
Emits an E_WARNING level error if an unknown cipher
algorithm is passed in via the method parameter.
Emits an E_WARNING level error if an empty value is passed
in via the iv parameter.
Changelog
| Version | Description |
|---|---|
| 7.1.0 | The tag, aad and tag_length parameters were added. |
| 5.4.0 |
The raw_output was changed to options.
|
| 5.3.3 |
The iv parameter was added.
|
Examples
Example #1 AES Authenticated Encryption in GCM mode example for PHP 7.1+
<?php
//$key should have been previously generated in a cryptographically safe way, like openssl_random_pseudo_bytes
$plaintext = "message to be encrypted";
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
//store $cipher, $iv, and $tag for decryption later
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
echo $original_plaintext."\n";
}
?>
Example #2 AES Authenticated Encryption example for PHP 5.6+
<?php
//$key previously generated safely, ie: openssl_random_pseudo_bytes
$plaintext = "message to be encrypted";
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
$ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );
//decrypt later....
$c = base64_decode($ciphertext);
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len=32);
$ciphertext_raw = substr($c, $ivlen+$sha2len);
$original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
if (hash_equals($hmac, $calcmac))//PHP 5.6+ timing attack safe comparison
{
echo $original_plaintext."\n";
}
?>
English translation
You have asked to visit this site in English. For now, only the interface is translated, but not all the content yet.If you want to help me in translations, your contribution is welcome. All you need to do is register on the site, and send me a message asking me to add you to the group of translators, which will give you the opportunity to translate the pages you want. A link at the bottom of each translated page indicates that you are the translator, and has a link to your profile.
Thank you in advance.
Document created the 30/01/2003, last modified the 26/10/2018
Source of the printed document:https://www.gaudry.be/en/php-rf-openssl-encrypt.html
The infobrol is a personal site whose content is my sole responsibility. The text is available under CreativeCommons license (BY-NC-SA). More info on the terms of use and the author.
References
These references and links indicate documents consulted during the writing of this page, or which may provide additional information, but the authors of these sources can not be held responsible for the content of this page.
The author This site is solely responsible for the way in which the various concepts, and the freedoms that are taken with the reference works, are presented here. Remember that you must cross multiple source information to reduce the risk of errors.
