Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- function encrypt($decrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
- // Build a 256-bit $key which is a SHA256 hash of $salt and $password.
- $key = hash('SHA256', $salt . $password, true);
- // Build $iv and $iv_base64. We use a block size of 128 bits (AES compliant) and CBC mode. (Note: ECB mode is inadequate as IV is not used.)
- srand(); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
- if (strlen($iv_base64 = rtrim(base64_encode($iv), '=')) != 22) return false;
- // Encrypt $decrypted and an MD5 of $decrypted using $key. MD5 is fine to use here because it's just to verify successful decryption.
- $encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $decrypted . md5($decrypted), MCRYPT_MODE_CBC, $iv));
- // We're done!
- return $iv_base64 . $encrypted;
- }
- function decrypt($encrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
- // Build a 256-bit $key which is a SHA256 hash of $salt and $password.
- $key = hash('SHA256', $salt . $password, true);
- // Retrieve $iv which is the first 22 characters plus ==, base64_decoded.
- $iv = base64_decode(substr($encrypted, 0, 22) . '==');
- // Remove $iv from $encrypted.
- $encrypted = substr($encrypted, 22);
- // Decrypt the data. rtrim won't corrupt the data because the last 32 characters are the md5 hash; thus any \0 character has to be padding.
- $decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($encrypted), MCRYPT_MODE_CBC, $iv), "\0\4");
- // Retrieve $hash which is the last 32 characters of $decrypted.
- $hash = substr($decrypted, -32);
- // Remove the last 32 characters from $decrypted.
- $decrypted = substr($decrypted, 0, -32);
- // Integrity check. If this fails, either the data is corrupted, or the password/salt was incorrect.
- if (md5($decrypted) != $hash) return false;
- // Yay!
- return $decrypted;
- }
- //Dont change the salt, the salt will be same
- // lets say you let your user sign up, he will enter password = "mybroeddie", and year of birth = "1991"
- //when he submits the form, you get those values in your php and then do this
- $password = sha1(md5("mybroeddie")); //assume we have someting like this
- $year = "1991";
- //NOW,
- $userskey = base64_encode($password . $year);
- //so now you have the users key.
- // lets say you want to encrypt their firstname
- $firstname = "Eddie Brewer";
- $value_in_db = encrypt($firstname, $userskey); //HtPigqENKqg/aLtv5vIB0gsuFKHr8yS12hDK+SWWEFWUhCnKK+aznYrLxTU8cRF2DZpkCdGXVF9hWXX6J3ZuSG <-- Save this to your database
- //so now when ever user wants to see their data, you give them 2 text boxes and ask them to enter their password and year of birth.
- //CASE 1 : They enter wrongly
- $inputpasswordbyuser = "mypass";
- // then you would do the exact same stuff which you did before
- $password = sha1(md5($inputpasswordbyuser));
- $year = "1991"; //assuming he gets the year right somehow
- $userskey = base64_encode($password . $year); //so now your system made the key with the wrongly provided stuff, lets see if this can decrypt your data;
- $yourdatafromdb = "HtPigqENKqg/aLtv5vIB0gsuFKHr8yS12hDK+SWWEFWUhCnKK+aznYrLxTU8cRF2DZpkCdGXVF9hWXX6J3ZuSG";
- //echo decrypt($yourdatafromdb, $userskey);
- //CASE 2 : They enter CORRECTLY
- $inputpasswordbyuser = "mybroeddie";
- // then you would do the exact same stuff which you did before
- $password = sha1(md5($inputpasswordbyuser));
- $year = "1991"; //assuming he gets the year right somehow
- $userskey = base64_encode($password . $year); //so now your system made the key with the wrongly provided stuff, lets see if this can decrypt your data;
- $yourdatafromdb = "HtPigqENKqg/aLtv5vIB0gsuFKHr8yS12hDK+SWWEFWUhCnKK+aznYrLxTU8cRF2DZpkCdGXVF9hWXX6J3ZuSG";
- echo decrypt($yourdatafromdb, $userskey);
- //$res = encrypt("myssn123", "mysecretkey");
- //echo "ENCRYTPTED STUFF IS : " . $res;
- //echo "<br/><br/>DECRYPTED STUFF IS : " . decrypt($res, "mysecretkey");
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement