{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Luminary・发光体 的问题《How to encrypt plaintext with AES-256 CBC in PHP u》','https://www.manongdao.com/q-209303.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to encrypt sensitive user data like personal messages in my php powered website before entering into the database. I have researched a bit on the internet and I have found the few important things to remember:
Never use mcrypt, it's abandonware.
AES is based on the Rijndael algorithm and has been unbroken till now.
AES has also been recommended by NSA and used in US Government data encryption, but since the NSA is recommending it, there's a chance they might sneak upon my user data easily.
Blowfish has been unbroken as well, but slow and less popular.
So, I decided I will give it a try first with AES-256 cbc. But I am still not sure if I should not consider Blowfish a better option. So any recommendations are welcome.
And my primary concern is, how to encrypt the data in php? I don't find a good manual about this in the php documentation. What is the correct way to implement it?
Any help is heavily appreciated.
AES-256 (OpenSSL Implementation)
You're in Luck.
The
opensslextension has some pretty easy to use methods for AES-256. The steps you need to take are basically...$encryption_key = openssl_random_pseudo_bytes(32);$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));openssl_encrypt()openssl_encrypt($data, 'aes-256-cbc', $encryptionKey, $options, $initializationVector)$optionscan be set to0for default options or changed toOPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING$encrypted = $encrypted . ':' . $iv;explode(':' , $encrypted);openssl_decrypt()openssl_decrypt($encryptedData, 'aes-256-cbc', $encryptionKey, $options, $initializationVector)Enabling openssl
openssl_functions()won't be available by default, you can enable this extension in yourphp.inifile by uncommenting the line.;extension=php_openssl.dllby removing the leading;PHP - Fiddle.
http://phpfiddle.org/lite/code/9epi-j5v2