-
-
Save peiris/7008abd3fb77591f864c03ba1bfb1e98 to your computer and use it in GitHub Desktop.
Revisions
-
petermuller71 revised this gist
Aug 25, 2018 . 1 changed file with 13 additions and 12 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -33,7 +33,7 @@ class cryptor { * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2018 Peter Muller. All rights reserved. * @author Peter Muller <[email protected]> * @version 2.02 * */ @@ -54,7 +54,7 @@ public static function encrypt($secret, $plaintext) { // Create a 32bit password $key = self::create_32bit_password($secret); // Create a nonce: a piece of non-secret unique data that is used to randomize the cipher (safety against replay attack). // The nonce should be stored or shared along with the ciphertext, because the nonce needs to be reused with the same key. // In this class the nonce is shared with the ciphertext. $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); @@ -67,8 +67,8 @@ public static function encrypt($secret, $plaintext) { // Hex nonce (in order to sent together with ciphertext) $nonce_hex = bin2hex($nonce); // Create hash from ciphertext+nonce // It is not necessary, but just an extra layer of defense: // - more difficult to manipulate the string // - a nonce is always 48 characters. Because of a trailing hash (of unkown length), the nonce cannot be identified easily. // (a nonce does not have to be secret, this is just an extra precaution) @@ -93,27 +93,27 @@ public static function decrypt($secret, $ciphertext) { // Create a 32bit password $key = self::create_32bit_password($secret); //Get hash $hash = substr($ciphertext,-self::$hashlength); //Get ciphertext + nonce (remove trailing hash) $ciphertext = substr($ciphertext,0,-self::$hashlength); //Re-create hash $hash_on_the_fly = self::create_hash($ciphertext); //Check if hash is correct if ($hash !== $hash_on_the_fly) { //Do propper error handling return "error"; } else { // Get nonce (last 48 chars of string) $nonce_hex = substr($ciphertext,-48); // Get ciphertext (remove nonce) $ciphertext = substr($ciphertext,0,-48); // Bin nonce @@ -138,7 +138,8 @@ public static function decrypt($secret, $ciphertext) { */ private static function create_32bit_password($secret) { //Openlib needs a 32bit key for encryption return substr( bin2hex( sodium_crypto_generichash($secret.self::$salt) ),0 ,32); } -
Aug 25, 2018 . 1 changed file with 9 additions and 10 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,14 @@ <?php print "<h1>PHP Encryption with libsodium</h1>"; $message = "This text is secret"; $ciphertext = cryptor::encrypt("password", $message); $plaintext = cryptor::decrypt("password", $ciphertext); print "Message:<br />$message <br /><br />Ciphertext:<br />$ciphertext<br /><br />Plaintext:<br />$plaintext"; /************************************************************************************************** * Class: cryptor * static class for encryption with libsodium (standard lib >= php7.2) * @@ -148,13 +156,4 @@ private static function create_hash($ciphertext_and_nonce) return substr( bin2hex( sodium_crypto_generichash( $ciphertext_and_nonce ) ),0 ,self::$hashlength); } } ?> -
Aug 24, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ /************************************************************************************************** * * Class: cryptor * static class for encryption with libsodium (standard lib >= php7.2) * * Usage: * $message = "This text is secret"; @@ -154,7 +154,7 @@ private static function create_hash($ciphertext_and_nonce) $message = "This text is secret"; $ciphertext = cryptor::encrypt("password", $message); $plaintext = cryptor::decrypt("password", $ciphertext); print "Original message:<br />$message <br /><br />Ciphertext:<br />$ciphertext<br /><br />Plaintext:<br />$plaintext"; ?> -
Aug 24, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -18,14 +18,14 @@ class cryptor { * * @param string $message Text, to be encrypted * @param string $ciphertext Text, to be decrypted * @param string $secret Secret_key (hashvalue is created from this string(+salt) in order to get a 32bytes key). * * @return string Encrypted or decrypted text * * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2018 Peter Muller. All rights reserved. * @author Peter Muller <[email protected]> * @version 2.01 * */ -
Aug 24, 2018 . 1 changed file with 115 additions and 181 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,226 +1,160 @@ <?php /************************************************************************************************** * * Class: cryptor * static class for encryption with libsodium (standard lib >php7.2) * * Usage: * $message = "This text is secret"; * $ciphertext = cryptor::encrypt("password", $message); * $plaintext = cryptor::decrypt("password", $ciphertext); ***************************************************************************************************/ class cryptor { /** * public gist: * https://gist.github.com/petermuller71/33616d55174d9725fc00a663d30194ba * * @param string $message Text, to be encrypted * @param string $ciphertext Text, to be decrypted * @param string $secret Secret_key (sha512 hashvalue is created from this string(+salt) in order to get a 32bytes key). * * @return string Encrypted or decrypted text * * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2018 Peter Muller. All rights reserved. * @author Peter Muller <[email protected]> * @version 1.01 * */ static private $salt = "salt"; # change static private $hashlength = 30; # change between 10 and 64 (64 = length of sodium_crypto_generichash) /* * encrypt * * @param string $secret (password) * @param string $plaintext (plaintext) * @return string Encrypted text (ciphertext + nonce + hash) * */ public static function encrypt($secret, $plaintext) { // Create a 32bit password $key = self::create_32bit_password($secret); // Create a random nonce: a piece of non-secret unique data that is used to randomize the cipher (safety against replay attack). // The nonce should be stored or shared along with the ciphertext, because the nonce needs to be reused with the same key. // In this class the nonce is shared with the ciphertext. $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); // Encrypted $ciphertext = bin2hex( sodium_crypto_secretbox($plaintext, $nonce, $key) ); // Hex nonce (in order to sent together with ciphertext) $nonce_hex = bin2hex($nonce); // create hash from ciphertext+nonce // not necessary, but just an extra layer of defense // - more difficult to manipulate the string // - a nonce is always 48 characters. Because of a trailing hash (of unkown length), the nonce cannot be identified easily. // (a nonce does not have to be secret, this is just an extra precaution) $hash = self::create_hash($ciphertext.$nonce_hex); // Return ciphertext + nonce + hash return $ciphertext.$nonce_hex.$hash; } /* * decrypt * * @param string $secret (password) * @param string $ciphertext (ciphertext + nonce + hash) * @return string decrypted text * */ public static function decrypt($secret, $ciphertext) { // Create a 32bit password $key = self::create_32bit_password($secret); //get hash $hash = substr($ciphertext,-self::$hashlength); //get ciphertext + nonce (remove hash) $ciphertext = substr($ciphertext,0,-self::$hashlength); //re-create hash $hash_on_the_fly = self::create_hash($ciphertext); //check if hash is correct if ($hash !== $hash_on_the_fly) { //do propper error handling return "error"; } else { // get nonce (last 48 chars of string) $nonce_hex = substr($ciphertext,-48); // get ciphertext (remove nonce) $ciphertext = substr($ciphertext,0,-48); // Bin nonce $nonce = hex2bin($nonce_hex); // Decrypted $plaintext = sodium_crypto_secretbox_open( hex2bin($ciphertext), $nonce, $key ); return $plaintext; } } /* * create_32bit_password * * @param string $secret (password) * @return string 32bit-password * */ private static function create_32bit_password($secret) { return substr( bin2hex( sodium_crypto_generichash($secret.self::$salt) ),0 ,32); } /* * create_hash of ciphertext+nonce * * @param string $ciphertext_and_nonce (ciphertext + nonce) * @return string hash * */ private static function create_hash($ciphertext_and_nonce) { return substr( bin2hex( sodium_crypto_generichash( $ciphertext_and_nonce ) ),0 ,self::$hashlength); } } print "<h1>Encryption with lib sodium</h1>"; $message = "This text is secret"; $ciphertext = cryptor::encrypt("password", $message); $plaintext = cryptor::decrypt("password",$ciphertext); print "Original message:<br />$message <br /><br />Ciphertext:<br />$ciphertext<br /><br />Plaintext:<br />$plaintext"; ?> -
Apr 20, 2018 . 1 changed file with 2 additions and 44 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -49,7 +49,7 @@ class Cryptor { * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2018 Peter Muller. All rights reserved. * @author Peter Muller <[email protected]> * @version 1.08 * */ @@ -220,49 +220,7 @@ private static function replace($action, $source) { } return $source; } } ?> -
Mar 17, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -47,9 +47,9 @@ class Cryptor { * @return string Encrypted or decrypted text * * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2018 Peter Muller. All rights reserved. * @author Peter Muller <[email protected]> * @version 1.07 * */ -
Mar 17, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -84,7 +84,7 @@ public static function doEncrypt($plain_txt, $secretkey = null) { // plain_txt should be split in smaller parts and encrypted seperatly (because of open_ssl / RSA limitation) $arr = str_split($plain_txt, self::$strspit_nr); foreach ($arr as $v) { $encrypted_txt .= self::doEncryptDecrypt('encrypt', $secretkey, $v)."_"; } $encrypted_txt = substr($encrypted_txt, 0, -1); -
Nov 25, 2017 . 1 changed file with 2 additions and 15 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,9 +21,6 @@ * encryption: $encrypted_txt = Cryptor::doEncrypt($plain_txt, "secret key used for encryption"); * decryption: $plain_txt = Cryptor::doDecrypt($encrypted_txt, "secret key used for encryption"); * * Change class properties (change secret keys, etc)! * *************************************************************************************************************************************************/ @@ -71,20 +68,10 @@ class Cryptor { * */ public static function doEncrypt($plain_txt, $secretkey = null) { if ($secretkey == null) { $secretkey = self::$secret_key; } // add salt to plain_text // salt is actually a nonce (unpredictable random number), so encryption of the same plain_text leads always to different encrypted_txts -
Nov 24, 2017 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,6 +21,9 @@ * encryption: $encrypted_txt = Cryptor::doEncrypt($plain_txt, "secret key used for encryption"); * decryption: $plain_txt = Cryptor::doDecrypt($encrypted_txt, "secret key used for encryption"); * * Instruction to encrypt json data * encryption: Cryptor::doEncrypt($json, "secretpassword", $json = TRUE); * * Change class properties (change secret keys, etc)! * *************************************************************************************************************************************************/ @@ -73,6 +76,7 @@ public static function doEncrypt($plain_txt, $secretkey = null, $json=FALSE) { if ($secretkey == null) { $secretkey = self::$secret_key; } // encrypting json data is a problem, \r\n\t must be deleted in order to be decoded back into json correctly // use: Cryptor::doEncrypt($json, "secretpassword", $json = TRUE); if ($json == TRUE) { -
Nov 24, 2017 . 1 changed file with 69 additions and 13 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,9 +2,10 @@ /************************************************************************************************************************************************ * * Class: Cryptor * * PHP Encryption and decryption class with open_ssl * * Works also with larger text (because text is split in smaller parts). * Generates a random IV with openssl_random_pseudo_bytes for each message and is prefixed to the encrypted_text. * Generates a random nonce (number used once) with openssl_random_pseudo_bytes used as salt for each message. @@ -29,8 +30,7 @@ class Cryptor { /** * PHP Encryption and decryption class :: open_ssl * * public gist: * https://gist.github.com/petermuller71/33616d55174d9725fc00a663d30194ba @@ -45,13 +45,15 @@ class Cryptor { * * @return string Encrypted or decrypted text * * @license http://www.opensource.org/licenses/mit-license.html MIT License * @copyright 2017 Peter Muller. All rights reserved. * @author Peter Muller <[email protected]> * @version 1.06 * */ static private $strspit_nr = 400; // smaller than 400 characters! static private $rep_letter = 'b'; // change this (any letter, small or Capital)! static private $secret_key = 'This is my secret key'; // change this! (this value is used if secret_key is not passed as argument) @@ -66,17 +68,29 @@ class Cryptor { * */ public static function doEncrypt($plain_txt, $secretkey = null, $json=FALSE) { if ($secretkey == null) { $secretkey = self::$secret_key; } // encrypting json data is a problem, \r\n\t must be deleted in order to be decoded back into json correctly if ($json == TRUE) { $plain_txt = str_replace("\r",'', $plain_txt); $plain_txt = str_replace("\n",'', $plain_txt); $plain_txt = str_replace("\t",'', $plain_txt); } // add salt to plain_text // salt is actually a nonce (unpredictable random number), so encryption of the same plain_text leads always to different encrypted_txts $salt = substr( base64_encode(openssl_random_pseudo_bytes(16)), 0, 10); $plain_txt = $salt.$plain_txt; // plain_txt should be split in smaller parts and encrypted seperatly (because of open_ssl / RSA limitation) $arr = str_split($plain_txt, self::$strspit_nr); foreach ($arr as $v) { $encrypted_txt .= substr(self::doEncryptDecrypt('encrypt', $secretkey, $v), 0, -2)."_"; } @@ -129,7 +143,7 @@ public static function doDecrypt($encrypted_txt, $secretkey = null) { $encrypted_txt = self::replace("back", $encrypted_txt); // encrypted_txt should be split in smaller parts and decrypted seperatly (because open_ssl / RSA limitation) $arr = explode("_", $encrypted_txt); foreach ($arr as $v) { $decrypted_txt .= self::doEncryptDecrypt('decrypt', $secretkey, $v); } @@ -205,17 +219,59 @@ private static function replace($action, $source) { if ($action == "go") { $source = str_replace(self::$rep_letter, "|", $source); $source = str_replace("_", self::$rep_letter, $source); } else if ($action == "back") { $source = str_replace(self::$rep_letter, "_", $source); $source = str_replace("|", self::$rep_letter, $source); } return $source; } public static function generateKeypair() { $config = array( "digest_alg" => "sha512", "private_key_bits" => 4096, "private_key_type" => OPENSSL_KEYTYPE_RSA, ); // Create the private and public key $res = openssl_pkey_new($config); openssl_pkey_export($res, $privKey); // Extract the public key from $res to $pubKey $pubKey = openssl_pkey_get_details($res); $key['privatekey'] = $privKey; $key['publickey'] = $pubKey["key"]; return $key; } public static function publicEncrypt($source, $publickey) { openssl_public_encrypt($source, $encrypted, $publickey); $encrypted = base64_encode($encrypted); return $encrypted; } public static function privateDecrypt($source, $pirvatekey) { $source = base64_decode($source); openssl_private_decrypt($source, $decrypted, $pirvatekey); return $decrypted; } } ?> -
Nov 19, 2017 . 1 changed file with 0 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -31,11 +31,6 @@ class Cryptor { /** * PHP Encryption and decryption class with open_ssl * Works also with larger text (because text is split in smaller parts). * * public gist: * https://gist.github.com/petermuller71/33616d55174d9725fc00a663d30194ba -
Nov 19, 2017 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -130,7 +130,7 @@ public static function doDecrypt($encrypted_txt, $secretkey = null) { if ($hash !== $hash_on_the_fly) { return null; } // smaller parts were glued together with underscore (_) and replaced by a letter $encrypted_txt = self::replace("back", $encrypted_txt); -
Nov 19, 2017 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,7 +12,7 @@ * IVs do not have to be kept secret. They are prefixed to the encrypted_text and transmitted in full public view. * A hash of the encrypted data is generated for integrity-check and is prefixed to the encrypted_text. * * Instruction (no secret key provided as argument, so private static value is used): * encryption: $encrypted_txt = Cryptor::doEncrypt($plain_txt); * decryption: $plain_txt = Cryptor::doDecrypt($encrypted_txt); * -
Nov 19, 2017 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -88,7 +88,7 @@ public static function doEncrypt($plain_txt, $secretkey = null) { $encrypted_txt = substr($encrypted_txt, 0, -1); // smaller parts are glued together with underscore (_) and will be replaced by a letter $encrypted_txt = self::replace("go", $encrypted_txt); @@ -130,7 +130,7 @@ public static function doDecrypt($encrypted_txt, $secretkey = null) { if ($hash !== $hash_on_the_fly) { return null; } // smaller parts are glued together with underscore (_) and replaced by a letter $encrypted_txt = self::replace("back", $encrypted_txt); -
Nov 19, 2017 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -76,7 +76,7 @@ public static function doEncrypt($plain_txt, $secretkey = null) { if ($secretkey == null) { $secretkey = self::$secret_key; } // add salt to plain_text // salt is actually a nonce (unpredictable random number), so encryption of the same plain_text leads always to different encrypted_txts $salt = substr( base64_encode(openssl_random_pseudo_bytes(16)), 0, 10); $plain_txt = $salt.$plain_txt; -
Nov 19, 2017 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -37,6 +37,8 @@ class Cryptor { * IVs do not have to be kept secret. They are prefixed to the encrypted_text and transmitted in full public view. * A hash of the encrypted data is generated for integrity-check and is prefixed to the encrypted_text. * * public gist: * https://gist.github.com/petermuller71/33616d55174d9725fc00a663d30194ba * * @param string $plain_txt Text, to be encrypted * @param string $encrypted_txt Text, to be decrypted -
Nov 19, 2017 . 1 changed file with 12 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -40,7 +40,7 @@ class Cryptor { * * @param string $plain_txt Text, to be encrypted * @param string $encrypted_txt Text, to be decrypted * @param string $secret_key Optional, override with (static private) property * * @property int $strspit_nr Amount of characters to split source (<= 400!), open_ssl cannot encrypt large files * @property string $rep_letter Letter used to replace underscore (prevent detecting str_splits) @@ -117,6 +117,9 @@ public static function doDecrypt($encrypted_txt, $secretkey = null) { // get hash, prefixed to encrypted_txt $hash = substr($encrypted_txt, 0, 10); // remove hash from encrypted_txt $encrypted_txt = substr($encrypted_txt, 10); // check if hash is correct (compare with hash_on_the_fly) @@ -167,13 +170,20 @@ private static function doEncryptDecrypt($action, $secretkey, $source) { { $output = openssl_encrypt($source, "AES-256-CBC", $secretkey, 0, $iv); // add $iv to encrypted_txt $output = $iv.base64_encode($output); } else if( $action == 'decrypt' ) { // get $iv $iv = substr($source, 0, 16); // remove $iv from source $source = substr($source, 16); $output = openssl_decrypt(base64_decode($source), "AES-256-CBC", $secretkey, 0, $iv); } @@ -186,6 +196,7 @@ private static function doEncryptDecrypt($action, $secretkey, $source) { /* * Replace * replace underscore (_) by a specific letter (and vice versa) * purpose: in this way, you cannot check how long the chuncks are * * @param string $action Replace underscore by a letter (go) or letter by underscore (back) * @param string $source Source where replacement is done -
Nov 19, 2017 . 1 changed file with 14 additions and 15 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,14 +5,14 @@ * Class: Cryptor * * PHP Encryption and decryption class with open_ssl * Works also with larger text (because text is split in smaller parts). * Generates a random IV with openssl_random_pseudo_bytes for each message and is prefixed to the encrypted_text. * Generates a random nonce (number used once) with openssl_random_pseudo_bytes used as salt for each message. * Purpose of random IV and nonce: When the same message is encrypted twice, the encrypted_text is always different. * IVs do not have to be kept secret. They are prefixed to the encrypted_text and transmitted in full public view. * A hash of the encrypted data is generated for integrity-check and is prefixed to the encrypted_text. * * Instruction (no secret key provided as argument): * encryption: $encrypted_txt = Cryptor::doEncrypt($plain_txt); * decryption: $plain_txt = Cryptor::doDecrypt($encrypted_txt); * @@ -29,13 +29,13 @@ class Cryptor { /** * PHP Encryption and decryption class with open_ssl * Works also with larger text (because text is split in smaller parts). * Generates a random IV with openssl_random_pseudo_bytes for each message and is prefixed to the encrypted_text. * Generates a random nonce (number used once) with openssl_random_pseudo_bytes used as salt for each message. * Purpose of random IV and nonce: When the same message is encrypted twice, the encrypted_text is always different. * IVs do not have to be kept secret. They are prefixed to the encrypted_text and transmitted in full public view. * A hash of the encrypted data is generated for integrity-check and is prefixed to the encrypted_text. * * * @param string $plain_txt Text, to be encrypted @@ -75,7 +75,6 @@ public static function doEncrypt($plain_txt, $secretkey = null) { // add salt to plain_text // salt is actually a nonce (unpredictable random number), so encryption of the same plain_text will leads always to different encrypted_texts $salt = substr( base64_encode(openssl_random_pseudo_bytes(16)), 0, 10); $plain_txt = $salt.$plain_txt; -
Nov 19, 2017 . 1 changed file with 49 additions and 16 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,8 +3,14 @@ /************************************************************************************************************************************************ * * Class: Cryptor * * PHP Encryption and decryption class with open_ssl * Works also with larger text (because text is split in smaller parts) * generates a random IV with openssl_random_pseudo_bytes for each message * generates a random nonce (number used once) with openssl_random_pseudo_bytes used as salt for each message * Purpose of random IV and nonce: When the same message is encrypted twice, the encrypted_text is always different * IVs and nonces do not have to be kept secret. They are prefixed to the encrypted_text and transmitted in full public view * Generates a hash of the encrypted data for integrity check and is prefixed to the encrypted_text * * Instruction (no secret key provided): * encryption: $encrypted_txt = Cryptor::doEncrypt($plain_txt); @@ -25,30 +31,32 @@ class Cryptor { /** * Class to encrypt or decrypt a plain_text string with open_ssl * open_ssl cannot handle large files. Therefore source is split in smaller parts, and afterwards glued together again * generates a random IV with openssl_random_pseudo_bytes for each message * generates a random nonce (number used once) with openssl_random_pseudo_bytes used as salt for each message * * IVs and nonces do not have to be kept secret. They are prefixed to the encrypted_text and transmitted in full public view * Furthermore: a hash of the encrypted data (for an integrity check) is prefixed to the encrypted_text * * * @param string $plain_txt Text, to be encrypted * @param string $encrypted_txt Text, to be decrypted * @param string $secretkey Optional, override with (static private) property * * @property int $strspit_nr Amount of characters to split source (<= 400!), open_ssl cannot encrypt large files * @property string $rep_letter Letter used to replace underscore (prevent detecting str_splits) * @property string $secret_key Secret_key (sha512 hashvalue is created from this string), used if secret_key is not passed as argument * * @return string Encrypted or decrypted text * * @author Peter Muller <[email protected]> * @version 1.04 * */ static private $strspit_nr = 350; // smaller than 400 characters! static private $rep_letter = 'b'; // change this (any letter, small or Capital)! static private $secret_key = 'This is my secret key'; // change this! (this value is used if secret_key is not passed as argument) /* @@ -65,8 +73,11 @@ public static function doEncrypt($plain_txt, $secretkey = null) { if ($secretkey == null) { $secretkey = self::$secret_key; } // add salt to plain_text // salt is actually a nonce (unpredictable random number), so encryption of the same plain_text will leads always to different encrypted_texts // See: http://www.cryptofails.com/post/70059609995/crypto-noobs-1-initialization-vectors $salt = substr( base64_encode(openssl_random_pseudo_bytes(16)), 0, 10); $plain_txt = $salt.$plain_txt; // $plain_text should be split in smaller parts and encrypted seperatly @@ -80,6 +91,11 @@ public static function doEncrypt($plain_txt, $secretkey = null) { $encrypted_txt = self::replace("go", $encrypted_txt); // add hash (for integraty check) to encrypted_txt $hash = substr( hash('sha512', $encrypted_txt) , 0, 10); $encrypted_txt = $hash.$encrypted_txt; return $encrypted_txt; } @@ -98,12 +114,23 @@ public static function doEncrypt($plain_txt, $secretkey = null) { public static function doDecrypt($encrypted_txt, $secretkey = null) { if ($secretkey == null) { $secretkey = self::$secret_key; } // get hash, prefixed to encrypted_txt $hash = substr($encrypted_txt, 0, 10); $encrypted_txt = substr($encrypted_txt, 10); // check if hash is correct (compare with hash_on_the_fly) $hash_on_the_fly = substr( hash('sha512', $encrypted_txt) , 0, 10); if ($hash !== $hash_on_the_fly) { return null; } // smaller parts were glued together with underscore (_) and replaced by a letter $encrypted_txt = self::replace("back", $encrypted_txt); // encrypted_txt should be split in smaller parts and decrypted seperatly $arr = explode("_", $encrypted_txt); foreach ($arr as $v) { $decrypted_txt .= self::doEncryptDecrypt('decrypt', $secretkey, $v); } @@ -133,17 +160,23 @@ private static function doEncryptDecrypt($action, $secretkey, $source) { // hash $secretkey = hash('sha512', $secretkey); // iv - encrypt method AES-256-CBC expects 16 bytes $iv = substr( base64_encode(openssl_random_pseudo_bytes(16)), 0, 16); if ( $action == 'encrypt' ) { $output = openssl_encrypt($source, "AES-256-CBC", $secretkey, 0, $iv); $output = $iv.base64_encode($output); } else if( $action == 'decrypt' ) { $iv = substr($source, 0, 16); $source = substr($source, 16); $output = openssl_decrypt(base64_decode($source), "AES-256-CBC", $secretkey, 0, $iv); } return $output; -
Nov 19, 2017 . 1 changed file with 5 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -31,6 +31,7 @@ class Cryptor { * @param string $encrypted_txt Text, to be decrypted * @param string $secretkey Optional, override with (static private) property * * @property int $unique_nr Amount of random characters put in front en behind encrypted string + used as salt * @property int $strspit_nr Amount of characters to split source (<= 400!), open_ssl cannot encrypt large files * @property string $rep_letter Letter used to replace underscore (prevent detecting str_splits) * @property string $secret_key Secret_key (sha512 hashvalue is created from this string) @@ -39,7 +40,7 @@ class Cryptor { * @return string Encrypted or decrypted text * * @author Peter Muller <[email protected]> * @version 1.03 * */ @@ -64,9 +65,7 @@ public static function doEncrypt($plain_txt, $secretkey = null) { if ($secretkey == null) { $secretkey = self::$secret_key; } // add salt to plain_text $salt = substr(hash('sha512', $plain_txt), 0, 10); $plain_txt = $salt.$plain_txt; @@ -108,7 +107,8 @@ public static function doDecrypt($encrypted_txt, $secretkey = null) { $arr = explode("_", $encrypted_txt); foreach ($arr as $v) { $decrypted_txt .= self::doEncryptDecrypt('decrypt', $secretkey, $v); } // remove salt $decrypted_txt = substr($decrypted_txt, 10); return utf8_encode($decrypted_txt); -
Nov 18, 2017 . 1 changed file with 0 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -31,7 +31,6 @@ class Cryptor { * @param string $encrypted_txt Text, to be decrypted * @param string $secretkey Optional, override with (static private) property * * @property int $strspit_nr Amount of characters to split source (<= 400!), open_ssl cannot encrypt large files * @property string $rep_letter Letter used to replace underscore (prevent detecting str_splits) * @property string $secret_key Secret_key (sha512 hashvalue is created from this string) -
Nov 18, 2017 . 1 changed file with 28 additions and 18 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,10 +6,14 @@ * PHP Encryption and decryption class with open_ssl * Works also with larger text (because text is split in smaller parts) * * Instruction (no secret key provided): * encryption: $encrypted_txt = Cryptor::doEncrypt($plain_txt); * decryption: $plain_txt = Cryptor::doDecrypt($encrypted_txt); * * Instruction (with secret key): * encryption: $encrypted_txt = Cryptor::doEncrypt($plain_txt, "secret key used for encryption"); * decryption: $plain_txt = Cryptor::doDecrypt($encrypted_txt, "secret key used for encryption"); * * Change class properties (change secret keys, etc)! * *************************************************************************************************************************************************/ @@ -25,6 +29,7 @@ class Cryptor { * * @param string $plain_txt Text, to be encrypted * @param string $encrypted_txt Text, to be decrypted * @param string $secretkey Optional, override with (static private) property * * @property int $unique_nr Amount of random characters put in front en behind encrypted string + used as salt * @property int $strspit_nr Amount of characters to split source (<= 400!), open_ssl cannot encrypt large files @@ -35,7 +40,7 @@ class Cryptor { * @return string Encrypted or decrypted text * * @author Peter Muller <[email protected]> * @version 1.02 * */ @@ -51,12 +56,15 @@ class Cryptor { * Encrypt text * * @param string $plain_txt Text that will be encrypted * @param string $secretkey Optional, override with (static private) property * @return string Encrypted text * */ public static function doEncrypt($plain_txt, $secretkey = null) { if ($secretkey == null) { $secretkey = self::$secret_key; } // two unique values are created // used as salt and put in front + behind encrypted text @@ -66,15 +74,15 @@ public static function doEncrypt($plain_txt) { // $plain_text should be split in smaller parts and encrypted seperatly $arr = str_split($plain_txt, self::$strspit_nr); foreach ($arr as $v) { $encrypted_txt .= substr(self::doEncryptDecrypt('encrypt', $secretkey, $v), 0, -2)."_"; } $encrypted_txt = substr($encrypted_txt, 0, -1); // smaller parts were glued together with underscore (_) and replaced by a letter $encrypted_txt = self::replace("go", $encrypted_txt); return $encrypted_txt; } @@ -84,20 +92,23 @@ public static function doEncrypt($plain_txt) { * Decrypt text * * @param string $encrypted_txt Text that will be decrypted * @param string $secretkey Optional, override with (static private) property * @return string Decrypted text * */ public static function doDecrypt($encrypted_txt, $secretkey = null) { if ($secretkey == null) { $secretkey = self::$secret_key; } // smaller parts were glued together with underscore (_) and replaced by a letter $encrypted_txt = self::replace("back", $encrypted_txt); // $encrypted_txt should be split in smaller parts and decrypted seperatly $arr = explode("_", $encrypted_txt); foreach ($arr as $v) { $decrypted_txt .= self::doEncryptDecrypt('decrypt', $secretkey, $v); } $decrypted_txt = substr($decrypted_txt, 10); @@ -109,32 +120,31 @@ public static function doDecrypt($encrypted_txt) { * doEncryptDecrypt * Encrypt or decrypt text * * @param string $action Encrypt or decrypt text * @param string $secretkey secretkey used for encryption/decryption * @param string $source Source that is encrypted or decrypted * @return string * */ private static function doEncryptDecrypt($action, $secretkey, $source) { $output = false; // hash $secretkey = hash('sha512', $secretkey); // iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning $iv = substr(hash('sha512', self::$secret_iv), 0, 16); if ( $action == 'encrypt' ) { $output = openssl_encrypt($source, "AES-256-CBC", $secretkey, 0, $iv); $output = base64_encode($output); } else if( $action == 'decrypt' ) { $output = openssl_decrypt(base64_decode($source), "AES-256-CBC", $secretkey, 0, $iv); } return $output; -
Nov 18, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,172 @@ <?php /************************************************************************************************************************************************ * * Class: Cryptor * PHP Encryption and decryption class with open_ssl * Works also with larger text (because text is split in smaller parts) * * Instruction: * encryption: $encrypted_txt = Cryptor::doEncrypt($plain_txt); * decryption: $plain_txt = Cryptor::doDecrypt($encrypted_txt); * * Change class properties (change secret keys, etc)! * *************************************************************************************************************************************************/ class Cryptor { /** * Class to encrypt or decrypt a plain_text string with open_ssl * open_ssl cannot handle large files. Therefore source is split in smaller parts, and afterwards glued together again * * * @param string $plain_txt Text, to be encrypted * @param string $encrypted_txt Text, to be decrypted * * @property int $unique_nr Amount of random characters put in front en behind encrypted string + used as salt * @property int $strspit_nr Amount of characters to split source (<= 400!), open_ssl cannot encrypt large files * @property string $rep_letter Letter used to replace underscore (prevent detecting str_splits) * @property string $secret_key Secret_key (sha512 hashvalue is created from this string) * @property string $secret_iv Secret_iv (sha512 hashvalue (16 chars) is created from this string) * * @return string Encrypted or decrypted text * * @author Peter Muller <[email protected]> * @version 1.01 * */ static private $strspit_nr = 350; // smaller than 400 characters! static private $rep_letter = 'b'; // change this (any letter, small or Capital)! static private $secret_key = 'This is my secret key'; // change this! static private $secret_iv = 'This is my secret iv'; // change this! /* * doEncrypt * Encrypt text * * @param string $plain_txt Text that will be encrypted * @return string Encrypted text * */ public static function doEncrypt($plain_txt) { // two unique values are created // used as salt and put in front + behind encrypted text $salt = substr(hash('sha512', $plain_txt), 0, 10); $plain_txt = $salt.$plain_txt; // $plain_text should be split in smaller parts and encrypted seperatly $arr = str_split($plain_txt, self::$strspit_nr); foreach ($arr as $v) { $encrypted_txt .= substr(self::doEncryptDecrypt('encrypt', $v), 0, -2)."_"; } $encrypted_txt = substr($encrypted_txt, 0, -1); // smaller parts were glued together with underscore (_) and replaced by a letter $encrypted_txt = self::replace("go", $encrypted_txt); return $encrypted_txt; } /* * doDecrypt * Decrypt text * * @param string $encrypted_txt Text that will be decrypted * @return string Decrypted text * */ public static function doDecrypt($encrypted_txt) { // smaller parts were glued together with underscore (_) and replaced by a letter $encrypted_txt = self::replace("back", $encrypted_txt); // $encrypted_txt should be split in smaller parts and decrypted seperatly $arr = explode("_", $encrypted_txt); foreach ($arr as $v) { $decrypted_txt .= self::doEncryptDecrypt('decrypt', $v); } $decrypted_txt = substr($decrypted_txt, 10); return utf8_encode($decrypted_txt); } /* * doEncryptDecrypt * Encrypt or decrypt text * * @param string $action Encrypt or decrypt text * @param string $source Source that is encrypted or decrypted * @return string * */ private static function doEncryptDecrypt($action, $source) { $output = false; $secret_key = self::$secret_key; $secret_iv = self::$secret_iv; // hash $key = hash('sha512', $secret_key); // iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning $iv = substr(hash('sha512', $secret_iv), 0, 16); if ( $action == 'encrypt' ) { $output = openssl_encrypt($source, "AES-256-CBC", $key, 0, $iv); $output = base64_encode($output); } else if( $action == 'decrypt' ) { $output = openssl_decrypt(base64_decode($source), "AES-256-CBC", $key, 0, $iv); } return $output; } /* * Replace * replace underscore (_) by a specific letter (and vice versa) * * @param string $action Replace underscore by a letter (go) or letter by underscore (back) * @param string $source Source where replacement is done * @return string * */ private static function replace($action, $source) { if ($action == "go") { $source = str_replace(self::$rep_letter, "$", $source); $source = str_replace("_", self::$rep_letter, $source); } else if ($action == "back") { $source = str_replace(self::$rep_letter, "_", $source); $source = str_replace("$", self::$rep_letter, $source); } return $source; } } ?>