-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCryptor.php
More file actions
225 lines (161 loc) · 8.09 KB
/
Cryptor.php
File metadata and controls
225 lines (161 loc) · 8.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
<?php
/************************************************************************************************************************************************
*
* Class: Cryptor
*
* PHP Encryption and decryption class with open_ssl
*
* Works also with larger text (because text is split in smaller parts).
* Generates a random IV with openssl_random_pseudo_bytes for each message and is prefixed to the encrypted_text.
* Generates a random nonce (number used once) with openssl_random_pseudo_bytes used as salt for each message.
* Purpose of random IV and nonce: When the same message is encrypted twice, the encrypted_text is always different.
* IVs do not have to be kept secret. They are prefixed to the encrypted_text and transmitted in full public view.
* A hash of the encrypted data is generated for integrity-check and is prefixed to the encrypted_text.
*
* Instruction (no secret key provided as argument, so private static value is used):
* encryption: $encrypted_txt = Cryptor::doEncrypt($plain_txt);
* decryption: $plain_txt = Cryptor::doDecrypt($encrypted_txt);
*
* Instruction (with secret key):
* encryption: $encrypted_txt = Cryptor::doEncrypt($plain_txt, "secret key used for encryption");
* decryption: $plain_txt = Cryptor::doDecrypt($encrypted_txt, "secret key used for encryption");
*
* Change class properties (change secret keys, etc)!
*
*************************************************************************************************************************************************/
class Cryptor {
/**
* PHP Encryption and decryption class :: open_ssl
*
* public gist:
* https://gist.github.com/petermuller71/33616d55174d9725fc00a663d30194ba
*
* @param string $plain_txt Text, to be encrypted
* @param string $encrypted_txt Text, to be decrypted
* @param string $secret_key Optional, override with (static private) property
*
* @property int $strspit_nr Amount of characters to split source (<= 400!), open_ssl cannot encrypt large files
* @property string $rep_letter Letter used to replace underscore (prevent detecting str_splits)
* @property string $secret_key Secret_key (sha512 hashvalue is created from this string), used if secret_key is not passed as argument
*
* @return string Encrypted or decrypted text
*
* @license http://www.opensource.org/licenses/mit-license.html MIT License
* @copyright 2018 Peter Muller. All rights reserved.
* @author Peter Muller
* @version 1.08
*
*/
static private $strspit_nr = 400; // smaller than 400 characters!
static private $rep_letter = 'b'; // change this (any letter, small or Capital)!
static private $secret_key = 'This is my secret key'; // change this! (this value is used if secret_key is not passed as argument)
/*
* doEncrypt
* Encrypt text
*
* @param string $plain_txt Text that will be encrypted
* @param string $secretkey Optional, override with (static private) property
* @return string Encrypted text
*
*/
public static function doEncrypt($plain_txt, $secretkey = null) {
if ($secretkey == null) { $secretkey = self::$secret_key; }
// add salt to plain_text
// salt is actually a nonce (unpredictable random number), so encryption of the same plain_text leads always to different encrypted_txts
$salt = substr( base64_encode(openssl_random_pseudo_bytes(16)), 0, 10);
$plain_txt = $salt.$plain_txt;
// plain_txt should be split in smaller parts and encrypted seperatly (because of open_ssl / RSA limitation)
$arr = str_split($plain_txt, self::$strspit_nr);
foreach ($arr as $v) { $encrypted_txt .= self::doEncryptDecrypt('encrypt', $secretkey, $v)."_"; }
$encrypted_txt = substr($encrypted_txt, 0, -1);
// smaller parts are glued together with underscore (_) and will be replaced by a letter
$encrypted_txt = self::replace("go", $encrypted_txt);
// add hash (for integraty check) to encrypted_txt
$hash = substr( hash('sha512', $encrypted_txt) , 0, 10);
$encrypted_txt = $hash.$encrypted_txt;
return $encrypted_txt;
}
/*
* doDecrypt
* Decrypt text
*
* @param string $encrypted_txt Text that will be decrypted
* @param string $secretkey Optional, override with (static private) property
* @return string Decrypted text
*
*/
public static function doDecrypt($encrypted_txt, $secretkey = null) {
if ($secretkey == null) { $secretkey = self::$secret_key; }
// get hash, prefixed to encrypted_txt
$hash = substr($encrypted_txt, 0, 10);
// remove hash from encrypted_txt
$encrypted_txt = substr($encrypted_txt, 10);
// check if hash is correct (compare with hash_on_the_fly)
$hash_on_the_fly = substr( hash('sha512', $encrypted_txt) , 0, 10);
if ($hash !== $hash_on_the_fly) { return null; }
// smaller parts were glued together with underscore (_) and replaced by a letter
$encrypted_txt = self::replace("back", $encrypted_txt);
// encrypted_txt should be split in smaller parts and decrypted seperatly (because open_ssl / RSA limitation)
$arr = explode("_", $encrypted_txt);
foreach ($arr as $v) { $decrypted_txt .= self::doEncryptDecrypt('decrypt', $secretkey, $v); }
// remove salt
$decrypted_txt = substr($decrypted_txt, 10);
return utf8_encode($decrypted_txt);
}
/*
* doEncryptDecrypt
* Encrypt or decrypt text
*
* @param string $action Encrypt or decrypt text
* @param string $secretkey secretkey used for encryption/decryption
* @param string $source Source that is encrypted or decrypted
* @return string
*
*/
private static function doEncryptDecrypt($action, $secretkey, $source) {
$output = false;
// hash
$secretkey = hash('sha512', $secretkey);
// iv - encrypt method AES-256-CBC expects 16 bytes
$iv = substr( base64_encode(openssl_random_pseudo_bytes(16)), 0, 16);
if ( $action == 'encrypt' )
{
$output = openssl_encrypt($source, "AES-256-CBC", $secretkey, 0, $iv);
// add $iv to encrypted_txt
$output = $iv.base64_encode($output);
}
else if( $action == 'decrypt' )
{
// get $iv
$iv = substr($source, 0, 16);
// remove $iv from source
$source = substr($source, 16);
$output = openssl_decrypt(base64_decode($source), "AES-256-CBC", $secretkey, 0, $iv);
}
return $output;
}
/*
* Replace
* replace underscore (_) by a specific letter (and vice versa)
* purpose: in this way, you cannot check how long the chuncks are
*
* @param string $action Replace underscore by a letter (go) or letter by underscore (back)
* @param string $source Source where replacement is done
* @return string
*
*/
private static function replace($action, $source) {
if ($action == "go")
{
$source = str_replace(self::$rep_letter, "|", $source);
$source = str_replace("_", self::$rep_letter, $source);
}
else if ($action == "back")
{
$source = str_replace(self::$rep_letter, "_", $source);
$source = str_replace("|", self::$rep_letter, $source);
}
return $source;
}
}
?>