php - Encrypt & Decrypt , OpenSSL , PBKDF2
Get the solution ↓↓↓
I have put together this basic Encryption and Decryption script
I was wondering if someone could review this and tell me if there is anything I have done wrong or possible improvements.
I was also curious if someone could answer for example if someone was to gain access to the stored informationsalt|IV|tag|cipher|cipherText how easy/difficult it would be for someone to figure out the encrypted data.
I really appreciate any feedback and am just looking to improve this in anyway or recognize any mistakes.
I have to admit I had not heard of openssl_pbkdf2 and openssl_encrypt before today. So any information or recommendations welcome.
<html>
<head>
<title>Encryption & Decryption Method</title>
</head>
<body>
<?php
$dsn = 'mysql:dbname=ds28j2mdw0_encryption;host=localhost:3306';
$user = 'jds8e2ksdsD';
$password = 'Ot3ce4_9';
try {
$dbh = new PDO($dsn, $user, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
exit;
}
if($_POST['Encrypt'] != ''){
$key = $_POST['encryptionPassword'];
$salt = openssl_random_pseudo_bytes(12);
$keyLength = 40;
$iterations = 10000;
$generated_key = openssl_pbkdf2($key, $salt, $keyLength, $iterations, 'sha256');
$plaintext = $_POST['baseData'];
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext = openssl_encrypt($plaintext, $cipher, $generated_key, $options=0, $iv, $tag);
echo "Cipher Text: " . $ciphertext . "<br>";
$insert = $dbh->prepare("INSERT INTO `encryptedData` (`IV`,`cipherText`,`cipher`,`tag`,`salt`) VALUES (?,?,?,?,?)");
$insert->bindParam(1,base64_encode($iv), PDO::PARAM_STR);
$insert->bindParam(2,$ciphertext, PDO::PARAM_STR);
$insert->bindParam(3,base64_encode($cipher), PDO::PARAM_STR);
$insert->bindParam(4,base64_encode($tag), PDO::PARAM_STR);
$insert->bindParam(5,base64_encode($salt), PDO::PARAM_STR);
$insert->execute();
}
echo 'encrypt form posted';
}
if($_POST['Decrypt'] != ''){
$inputPassword = $_POST['encryptionPassword'];
$inputCipher = $_POST['encryptedData'];
$select = $dbh->prepare("SELECT * FROM `encryptedData` WHERE `cipherText` = '$inputCipher'");
$select->execute();
$fetch = $select->fetch();
$salt = base64_decode($fetch['salt']);
$keyLength = 40;
$iterations = 10000;
$generated_key = openssl_pbkdf2($inputPassword, $salt, $keyLength, $iterations, 'sha256');
$iv = base64_decode($fetch['IV']);
$tag = base64_decode($fetch['tag']);
$cipher = base64_decode($fetch['cipher']);
if (in_array($cipher, openssl_get_cipher_methods()))
{
$original_plaintext = openssl_decrypt($inputCipher, $cipher, $generated_key, $options=0, $iv, $tag);
echo "Original Text: " . $original_plaintext . "<br>";
}
echo 'decrypt form posted';
}
?>
<h3>Encrypt</h3>
<form method="POST" action="index.php">
<input type="text" name="baseData" placeholder="baseData" value=""/>
<input type="text" name="encryptionPassword" placeholder="encryptionPassword" value=""/>
<input type="submit" name="Encrypt" value="Encrypt"/>
</form>
<h3>Decrypt</h3>
<form method="POST" action="index.php">
<input type="text" name="encryptedData" placeholder="encryptedData" value=""/>
<input type="text" name="encryptionPassword" placeholder="encryptionPassword" value=""/>
<input type="submit" name="Decrypt" value="Decrypt"/>
</form>
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: the browser (or proxy) sent a request that this server could not understand.
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.