PHP 5.6.0RC3 is available

openssl_decrypt

(PHP 5 >= 5.3.0)

openssl_decryptデータを復号

説明

string openssl_decrypt ( string $data , string $method , string $password [, int $options = 0 [, string $iv = "" ]] )

未加工の、または base64 エンコードされた文字列を受け入れて、 与えられたメソッドとキーを使って文字列を復号します。

警告

この関数は、 現在のところ詳細な情報はありません。引数のリストのみが 記述されています。

パラメータ

data

データ

method

暗号メソッド

password

パスワード

options

OPENSSL_RAW_DATA あるいは OPENSSL_ZERO_PADDING のいずれか。

iv

NULL ではない初期化ベクター。

返り値

成功した場合復号された文字列、失敗した場合に FALSE を返します。

エラー / 例外

method パラメータを通じて未知の暗号アルゴリズムが渡された場合、 E_WARNING レベルのエラーを発生します。

iv パラメータを通じて空値が渡された場合、 E_WARNING レベルのエラーを発生します。

変更履歴

バージョン 説明
5.3.3 iv パラメータが追加されました。
5.4.0 raw_output パラメータが options に変わりました。

参考

add a note add a note

User Contributed Notes 3 notes

up
3
nbari at dalmp dot com
2 years ago
There are cases where you need to send data in a secure way within an 'un-secure' connection, a  typically scenario of this, is a site with out SSL (no https).

For this cases you can use the GibberishAES javascript library, this library will encrypt your data before it is submitted using CBC AES encryption mode, and it is fully compatible with a standar like OpenSSL.

Example:

When displaying a form, you can set a hidden field containing a token, the one is stored on the server via sessions and is going to be used as the 'password' for encrypting the data on the user side, in help with the GibberishAES library.

In Javascript (user side):
// GibberishAES.enc(string, password)
// Defaults to 256 bit encryption
GibberishAES.enc("Made with Gibberish\n", "password");
// Outputs: "U2FsdGVkX1+21O5RB08bavFTq7Yq/gChmXrO3f00tvJaT55A5pPvqw0zFVnHSW1o"

Later when the user submits the data, you will need to decrypt the data, for that you could use the class below and use it like this:

<?php
sqAES
::decrypt('password', 'U2FsdGVkX1+21O5RB08bavFTq7Yq/gChmXrO3f00tvJaT55A5pPvqw0zFVnHSW1o');
?>

That will return  the same result, that openssl would return from this command line :

echo "U2FsdGVkX1+21O5RB08bavFTq7Yq/gChmXrO3f00tvJaT55A5pPvqw0zFVnHSW1o" | openssl enc -d -aes-256-cbc -a -k password

This class currently only encrypts/decrypts AES256 but can be easily modified to feed your needs, right now it is fully compatible withe the  GibberishAES library, so you could decrypt all your users data and also send encrypted data back to the user in a secure way, all this thanks to the openssl-decrypt/openssl-encrypt functions.

<?php

class sqAES {

 
/**
   * decrypt AES 256
   *
   * @param string $password
   * @param data $edata
   * @return dencrypted data
   */
 
public static function decrypt($password, $edata) {
   
$data = base64_decode($edata);
   
$salt = substr($data, 8, 8);
   
$ct = substr($data, 16);
   
/**
     * From https://github.com/mdp/gibberish-aes
     *
     * Number of rounds depends on the size of the AES in use
     * 3 rounds for 256
     *        2 rounds for the key, 1 for the IV
     * 2 rounds for 128
     *        1 round for the key, 1 round for the IV
     * 3 rounds for 192 since it's not evenly divided by 128 bits
     */
   
$rounds = 3;
   
$data00 = $password.$salt;
   
$md5_hash = array();
   
$md5_hash[0] = md5($data00, true);
   
$result = $md5_hash[0];
    for (
$i = 1; $i < $rounds; $i++) {
     
$md5_hash[$i] = md5($md5_hash[$i - 1].$data00, true);
       
$result .= $md5_hash[$i];
    }
   
$key = substr($result, 0, 32);
   
$iv  = substr($result, 32,16);

      return
openssl_decrypt($ct, 'aes-256-cbc', $key, true, $iv);
  }

 
/**
   * crypt AES 256
   *
   * @param string $password
   * @param data $data
   * @return base64 encrypted data
   */
 
public static function crypt($password, $data) {
   
// Set a random salt
   
$salt = openssl_random_pseudo_bytes(8);

   
$salted = '';
   
$dx = '';
   
// Salt the key(32) and iv(16) = 48
   
while (strlen($salted) < 48) {
     
$dx = md5($dx.$password.$salt, true);
     
$salted .= $dx;
    }

   
$key = substr($salted, 0, 32);
   
$iv  = substr($salted, 32,16);

   
$encrypted_data = openssl_encrypt($data, 'aes-256-cbc', $key, true, $iv);
    return
base64_encode('Salted__' . $salt . $encrypted_data);
  }

}

?>
up
1
ittasks at gmail dot com
1 year ago
in case that hosting do not provide openssl_encrypt decrypt functions - it could be mimiced via commad prompt executions 
this functions will check is if openssl is installed and try to use it by default

function sslPrm()
{
return array("your_password","IV (optional)","aes-128-cbc");
}
function sslEnc($msg)
{
  list ($pass, $iv, $method)=sslPrm();
  if(function_exists('openssl_encrypt'))
     return urlencode(openssl_encrypt(urlencode($msg), $method, $pass, false, $iv));
  else
     return urlencode(exec("echo \"".urlencode($msg)."\" | openssl enc -".urlencode($method)." -base64 -nosalt -K ".bin2hex($pass)." -iv ".bin2hex($iv)));
}
function sslDec($msg)
{
  list ($pass, $iv, $method)=sslPrm();
  if(function_exists('openssl_decrypt'))
     return trim(urldecode(openssl_decrypt(urldecode($msg), $method, $pass, false, $iv)));
  else
     return trim(urldecode(exec("echo \"".urldecode($msg)."\" | openssl enc -".$method." -d -base64 -nosalt -K ".bin2hex($pass)." -iv ".bin2hex($iv))));
}

//example of usage:
$r= sslEnc("This is encryption/decryption test!");
echo "<br>\n".$r.":".sslDec($r);
up
-1
Anonymous
3 months ago
If your using windows os, do not use the text inside the "file previewer" pane, as this is a truncated version of the actual encrypted string.

Instead, you need to open the file directly and use the contents there.

The error message I had been getting was:
"error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length"
To Top