Advanced Encryption Standard, where we use AES-256 to encrypt the data with Cipher. Encrypt & Decrypt approach taken is 'Cipher Block Chaining' method 'AES-256-CBC'.
AES Encrypt
- We would have the 'Secret' stored in a file which is other than the web root.
$key = hash('sha256', $secret, true);
- Hash the 'Secret' with sha256, this gives you the 'Key' which will be used to openssl encrypt.
- And Generate the pseudo random bytes as 'IV', so that it would be used during encryption and also be attached to the encrypted data.
$iv = openssl_random_pseudo_bytes(16);
- Now encrypt the 'String' with openssl encrypt by passing the 'AES-256-CBC' method, 'Key' and 'IV'
$ciphertext = openssl_encrypt($plaintext, $method, $key, OPENSSL_RAW_DATA, $iv);
- 'openssl_encrypt' will Encrypt given data with given method and key, returns a raw or base64 encoded string.
- 'Hash' the returned 'Cipher' text with sha256 hmac method
$hash = hash_hmac('sha256', $ciphertext, $key, true);- Now concatenate the 'IV' & 'Hash' & 'Cipher' and store in the DB as the encrypted value.
AES Decrypt
- Hash the 'Secret' with sha256, this gives you the 'Key' which will be used to openssl encrypt.
$key = hash('sha256', $password, true);- Explode the concatenated string to 'IV' & 'Hash' & 'Cipher'
$iv = substr($ivHashCiphertext, 0, 16); $hash = substr($ivHashCiphertext, 16, 32); $ciphertext = substr($ivHashCiphertext, 48);
- 'openssl_decrypt' will take a raw or base64 encoded string and decrypts it using a given method and key.
- Now decrypt the 'Cipher' with 'AES-256-CBC' method, 'Key' and 'IV'
openssl_decrypt($ciphertext, $method, $key, OPENSSL_RAW_DATA, $iv);
- Return the decrypted 'String'. it is ok, or do i need to change it to excel.
Cheers :)
