By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,417 Members | 1,825 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,417 IT Pros & Developers. It's quick & easy.

Get String Encryption Without Reconfiguring or Recompiling PHP

P: n/a
Of course, one could always use other kinds of
encryption/encoding/obfuscation techniques such as XOR complement, but
this example provides an extremely secure version using methods like
Blowfish, MD5, DES, etc.

This took me about 4 hours to figure out and perfect, but the two
functions below will work with PHP on many versions of Linux. I have
RedHat 9, in this case. I designed this to use a pretty small
compression and encryption style, yet work just fine as far as storing
in a cookie.

I'm using Blowfish here, but you can switch the "-bf" to other
encryption types. For those of you with Linux, do a "man openssl" to
see the others that are available.

The routine isn't bad for a 15 user business app on a 2.4Ghz Pentium.
However, you'll find it's somewhat slow for larger-scale operations,
unfortunately, because you have to write 2 files for each function. If
someone knows how to use openssl without files, I'd be interested to
see your example.

function Encrypt($val, $pass) {
$val = str_replace("'", "#%$", $val);
$file = tempnam('','php-encrypt-');
exec("echo -E '$val' > $file.dec");
exec("openssl enc -a -bf -in $file.dec -out $file.enc -e -pass
pass:$pass");
$myfile = file("$file.enc");
exec("rm $file");
exec("rm $file.dec");
exec("rm $file.enc");
while (list($line_num, $line) = each($myfile)) {
$result .= $line;
}
$result = base64_encode($result);
$result = urlencode($result);
return $result;
}

function Decrypt($val, $pass) {
$val = urldecode($val);
$val = base64_decode($val);
$file = tempnam('','php-decrypt-');
exec("echo -E '$val' > $file.enc");
exec("openssl enc -a -bf -in $file.enc -out $file.dec -d -pass
pass:$pass");
$myfile = file("$file.dec");
exec("rm $file");
exec("rm $file.enc");
exec("rm $file.dec");
while (list($line_num, $line) = each($myfile)) {
$result .= $line;
}
$result = substr($result, 0, strlen($result)-1);
$result = str_replace("#%$", "'", $result);
return $result;
}

Here's a sample of how big the encrypted string can be when I used the
password "wow":
6 chars = 44 chars
20 chars = 76 chars
50 chars = 134 chars
100 chars = 224 chars

Here's a sample encrypted string:
VTJGc2RHVmtYMSt4azRFdjN2QXlzVkJZRFBMMTdHNmNlQWdGZF F0ZmlkNS9CQndPOGtIOGV3PT0K
Jul 17 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.