├── .github └── workflows │ └── php.yml ├── .gitignore ├── .scrutinizer.yml ├── .travis.yml ├── CHANGELOG.md ├── LICENSE ├── README.md ├── benchmarks └── benchmarks.php ├── composer.json ├── phpunit.xml ├── src └── Crypter.php └── tests └── CrypterTest.php /.github/workflows/php.yml: -------------------------------------------------------------------------------- 1 | on: [push] 2 | 3 | jobs: 4 | run: 5 | runs-on: ${{ matrix.operating-system }} 6 | strategy: 7 | matrix: 8 | operating-system: [ubuntu-latest, windows-latest, macOS-latest] 9 | php-versions: ['7.0', '7.1', '7.2', '7.3', '7.4'] 10 | name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }} 11 | 12 | steps: 13 | - uses: actions/checkout@v1 14 | 15 | - name: Setup PHP 16 | uses: shivammathur/setup-php@v1 17 | with: 18 | php-version: ${{ matrix.php-versions }} 19 | extension-csv: openssl, mbstring, intl, dom, curl #optional, setup extensions 20 | coverage: xdebug #optional, setup coverage driver 21 | pecl: false #optional, setup PECL 22 | 23 | - name: Validate composer.json and composer.lock 24 | run: composer validate 25 | 26 | - name: Install dependencies 27 | run: composer install --prefer-dist --no-progress --no-suggest 28 | 29 | - name: Run test suite 30 | run: ./vendor/bin/phpunit 31 | 32 | - name: Run benchmarks 33 | run: php benchmarks/benchmarks.php 34 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | coverage 2 | vendor 3 | .DS_Store 4 | .idea 5 | composer.lock 6 | -------------------------------------------------------------------------------- /.scrutinizer.yml: -------------------------------------------------------------------------------- 1 | build: 2 | nodes: 3 | analysis: 4 | project_setup: 5 | override: true 6 | tests: 7 | override: 8 | - php-scrutinizer-run --enable-security-analysis 9 | tests: 10 | environment: 11 | php: 12 | version: 7.1 13 | tests: 14 | override: 15 | - 16 | command: 'vendor/bin/phpunit --coverage-clover=clover' 17 | coverage: 18 | file: 'clover' 19 | format: 'clover' 20 | filter: 21 | excluded_paths: 22 | - 'tests/*' 23 | checks: 24 | php: 25 | code_rating: true 26 | duplication: true 27 | 28 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: php 2 | 3 | php: 4 | - 7.0 5 | - 7.1 6 | - 7.2 7 | - 7.3 8 | 9 | before_script: 10 | - composer self-update 11 | - composer install --dev --no-interaction 12 | 13 | script: 14 | - php vendor/bin/phpunit --coverage-clover build/logs/clover.xml 15 | - php benchmarks/benchmarks.php 16 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Change Log 2 | 3 | ## [Unreleased](https://github.com/noprotocol/php-mysql-aes-crypt/tree/HEAD) 4 | 5 | [Full Changelog](https://github.com/noprotocol/php-mysql-aes-crypt/compare/v2.0.1...HEAD) 6 | 7 | **Merged pull requests:** 8 | 9 | - Scrutinizer Auto-Fixes [\#9](https://github.com/noprotocol/php-mysql-aes-crypt/pull/9) ([scrutinizer-auto-fixer](https://github.com/scrutinizer-auto-fixer)) 10 | 11 | ## [v2.0.1](https://github.com/noprotocol/php-mysql-aes-crypt/tree/v2.0.1) (2018-06-25) 12 | [Full Changelog](https://github.com/noprotocol/php-mysql-aes-crypt/compare/v2.0.0...v2.0.1) 13 | 14 | **Closed issues:** 15 | 16 | - Be able to switch between 128-bit and 256-bit [\#8](https://github.com/noprotocol/php-mysql-aes-crypt/issues/8) 17 | - Can't use AES\_DECRYPT to decrypt data from database [\#7](https://github.com/noprotocol/php-mysql-aes-crypt/issues/7) 18 | 19 | **Merged pull requests:** 20 | 21 | - Apply fixes from StyleCI [\#5](https://github.com/noprotocol/php-mysql-aes-crypt/pull/5) ([annejan](https://github.com/annejan)) 22 | - Scrutinizer Auto-Fixes [\#4](https://github.com/noprotocol/php-mysql-aes-crypt/pull/4) ([scrutinizer-auto-fixer](https://github.com/scrutinizer-auto-fixer)) 23 | 24 | ## [v2.0.0](https://github.com/noprotocol/php-mysql-aes-crypt/tree/v2.0.0) (2018-04-18) 25 | [Full Changelog](https://github.com/noprotocol/php-mysql-aes-crypt/compare/v1.0.0...v2.0.0) 26 | 27 | **Closed issues:** 28 | 29 | - mcrypt\_encrypt deprecated [\#2](https://github.com/noprotocol/php-mysql-aes-crypt/issues/2) 30 | 31 | **Merged pull requests:** 32 | 33 | - Update to openssl\_encrypt/decrypt [\#3](https://github.com/noprotocol/php-mysql-aes-crypt/pull/3) ([renanmpimentel](https://github.com/renanmpimentel)) 34 | 35 | ## [v1.0.0](https://github.com/noprotocol/php-mysql-aes-crypt/tree/v1.0.0) (2016-09-29) 36 | 37 | 38 | \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016 NoProtocol 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 4 | 5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 6 | 7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # PHP MySQL AES encrypt/decrypt 2 | 3 | Encrypt/decrypt values in PHP which are compatible with MySQL's `aes_encrypt()` & `aes_decrypt()` functions. [1](#smashing-magazine-article) 4 | 5 | [![Build Status](https://travis-ci.org/noprotocol/php-mysql-aes-crypt.svg?branch=master)](https://travis-ci.org/noprotocol/php-mysql-aes-crypt) 6 | [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/noprotocol/php-mysql-aes-crypt/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/noprotocol/php-mysql-aes-crypt/?branch=master) 7 | [![Code Coverage](https://scrutinizer-ci.com/g/noprotocol/php-mysql-aes-crypt/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/noprotocol/php-mysql-aes-crypt/?branch=master) 8 | 9 | [Change log](CHANGELOG.md) 10 | 11 | ## Installation 12 | 13 | ### With Composer 14 | 15 | ``` 16 | $ composer require noprotocol/php-mysql-aes-crypt 17 | ``` 18 | 19 | ```json 20 | { 21 | "require": { 22 | "noprotocol/php-mysql-aes-crypt": "^2.0.0" 23 | } 24 | } 25 | ``` 26 | 27 | ```php 28 | 35 | 36 | ### Without Composer 37 | 38 | Please use [Composer](http://getcomposer.org/). If you need to install manually, download [Crypter.php](https://github.com/noprotocol/php-mysql-aes-crypt/src/NoProtocol/Encryption/MySQL/AES/Crypter.php) from the repository and save the file into your project path. 39 | 40 | ```php 41 | encrypt('foobar'); 59 | 60 | // decrypt a piece of data 61 | $decrypted = $crypter->decrypt($encrypted); 62 | ``` 63 | 64 | Using a different encryption method is possible too when so desired. 65 | 66 | ```php 67 | $crypter = new Crypter('mykeystring', 'AES-256-ECB'); 68 | ``` 69 | 70 | NB: This is only tested for AES-128-ECB (default), AES-192-ECB and AES-256-ECB 71 | 72 | ## Benchmark 73 | A benchmark is provided in `/benchmarks/benchmarks.php`. You can set the number of items to run by passing a number as an argument, e.g.: 74 | 75 | `php benchmarks/benchmarks.php 20000` 76 | 77 | to run 20000 items. If no number is given, it defaults to 10000 items. 78 | 79 | You can also optionally set the desired encryption method for example: 80 | 81 | `php benchmarks/benchmarks.php 20000 AES-256-ECB` 82 | 83 | ## Testing 84 | PHPunit test cases are provided in `/tests`. 85 | 86 | --- 87 | 88 | 1As outlined in [http://www.smashingmagazine.com/2012/05/replicating-mysql-aes-encryption-methods-with-php/](http://www.smashingmagazine.com/2012/05/replicating-mysql-aes-encryption-methods-with-php/) [↩](#top) 89 | -------------------------------------------------------------------------------- /benchmarks/benchmarks.php: -------------------------------------------------------------------------------- 1 | start('encrypt'); 26 | 27 | for ($i = 0; $i < $amount; $i++) { 28 | $encrypted = $crypter->encrypt(uniqid('', true)); 29 | $decrypted = $crypter->decrypt($encrypted); 30 | } 31 | 32 | $event = $stopwatch->stop('encrypt'); 33 | 34 | echo sprintf('%s items in %s seconds (%s ms), max. memory usage %sKB (%sB)', $amount, $event->getDuration() / 1000, $event->getDuration(), $event->getMemory() / 1024, $event->getMemory()) . PHP_EOL; 35 | -------------------------------------------------------------------------------- /composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "noprotocol/php-mysql-aes-crypt", 3 | "description": "Encrypt/decrypt data in PHP to a format compatible with MySQL AES_ENCRYPT & AES_DECRYPT functions.", 4 | "keywords": ["php", "mysql", "aes", "encryption", "decryption", "noprotocol"], 5 | "require": { 6 | "ext-openssl": "*" 7 | }, 8 | "require-dev": { 9 | "phpunit/phpunit": "^6", 10 | "symfony/stopwatch": "^3.1" 11 | }, 12 | "license": "MIT", 13 | "authors": [ 14 | { 15 | "name": "Bob Fanger", 16 | "email": "bob.fanger@noprotocol.nl" 17 | }, 18 | { 19 | "name": "Anne Jan Brouwer", 20 | "email": "anne.jan.brouwer@noprotocol.nl" 21 | }, 22 | { 23 | "name": "Govert Verschuur", 24 | "email": "govert.verschuur@noprotocol.nl" 25 | }, 26 | { 27 | "name": "Renan Martins Pimentel", 28 | "email": "renan.pimentel@gmail.com" 29 | } 30 | ], 31 | "autoload": { 32 | "psr-4": { 33 | "NoProtocol\\Encryption\\MySQL\\AES\\": "src/" 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /phpunit.xml: -------------------------------------------------------------------------------- 1 | 2 | 11 | 12 | 13 | ./tests/ 14 | 15 | 16 | 17 | 18 | src/ 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /src/Crypter.php: -------------------------------------------------------------------------------- 1 | 6 | * @author Anne Jan Brouwer 7 | * @author Govert Verschuur 8 | * @author Renan Martins Pimentel 9 | * @copyright 2016 NoProtocol 10 | * @license https://opensource.org/licenses/MIT The MIT License (MIT) 11 | * 12 | * @version 2.0.1 13 | * 14 | * @link http://www.smashingmagazine.com/2012/05/replicating-mysql-aes-encryption-methods-with-php/ 15 | */ 16 | 17 | namespace NoProtocol\Encryption\MySQL\AES; 18 | 19 | class Crypter 20 | { 21 | protected $method; 22 | protected $key; 23 | 24 | /** 25 | * Crypter constructor. 26 | * 27 | * @param $seed 28 | * @param string $method default AES-128-ECB 29 | */ 30 | public function __construct($seed, $method = 'AES-128-ECB') 31 | { 32 | $this->method = $method; 33 | $this->key = $this->generateKey($seed); 34 | } 35 | 36 | /** 37 | * Encrypts the data. 38 | * 39 | * @since 2.0 40 | * 41 | * @param string $data A string of data to encrypt. 42 | * 43 | * @return string (binary) The encrypted data 44 | */ 45 | public function encrypt($data) 46 | { 47 | $chiperIvLength = openssl_cipher_iv_length($this->method); 48 | $iv = ''; 49 | if ($chiperIvLength > 0) { 50 | $iv = openssl_random_pseudo_bytes($chiperIvLength); 51 | } 52 | $padValue = 16 - (strlen($data) % 16); 53 | 54 | return openssl_encrypt( 55 | str_pad($data, intval(16 * (floor(strlen($data) / 16) + 1)), chr($padValue)), 56 | $this->method, 57 | $this->key, 58 | OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, 59 | $iv 60 | ); 61 | } 62 | 63 | /** 64 | * Decrypts the data. 65 | * 66 | * @since 2.0 67 | * 68 | * @param string $data A (binary) string of encrypted data 69 | * 70 | * @return string Decrypted data 71 | */ 72 | public function decrypt($data) 73 | { 74 | $data = openssl_decrypt( 75 | $data, 76 | $this->method, 77 | $this->key, 78 | OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING 79 | ); 80 | 81 | return rtrim($data, "\x00..\x10"); 82 | } 83 | 84 | /** 85 | * Create and set the key used for encryption. 86 | * 87 | * @since 2.0 88 | * 89 | * @param string $seed The seed used to create the key. 90 | * 91 | * @return string (binary) the key to use in the encryption process. 92 | */ 93 | protected function generateKey($seed) 94 | { 95 | $key = str_repeat(chr(0), 16); 96 | for ($i = 0, $len = strlen($seed); $i < $len; $i++) { 97 | $key[$i % 16] = $key[$i % 16] ^ $seed[$i]; 98 | } 99 | 100 | return $key; 101 | } 102 | } 103 | -------------------------------------------------------------------------------- /tests/CrypterTest.php: -------------------------------------------------------------------------------- 1 | encrypt('foobar'); 20 | $this->assertEquals('iWSjHbqpoNOPS6p1FsyyZw==', base64_encode($result)); 21 | } 22 | 23 | /** 24 | * Assert 'iWSjHbqpoNOPS6p1FsyyZw==' decrypts to 'foobar' with default method and secret key 'mysecretseedingkey'. 25 | */ 26 | public function testItDecrypts() 27 | { 28 | $crypter = new Crypter('mysecretseedingkey'); 29 | $result = $crypter->decrypt(base64_decode('iWSjHbqpoNOPS6p1FsyyZw==')); 30 | $this->assertEquals('foobar', $result); 31 | } 32 | 33 | /** 34 | * Assert 'foobar' encrypts to 'tD2h0aC78o4kmlsSuA0LgQ==' with AES-192-ECB method and 'mysecretseedingkey'. 35 | */ 36 | public function testItEncrypts192() 37 | { 38 | $crypter = new Crypter('mysecretseedingkey', 'AES-192-ECB'); 39 | $result = $crypter->encrypt('foobar'); 40 | $this->assertEquals('tD2h0aC78o4kmlsSuA0LgQ==', base64_encode($result)); 41 | } 42 | 43 | /** 44 | * Assert 'tD2h0aC78o4kmlsSuA0LgQ==' decrypts to 'foobar' with AES-192-ECB method and 'mysecretseedingkey'. 45 | */ 46 | public function testItDecrypts192() 47 | { 48 | $crypter = new Crypter('mysecretseedingkey', 'AES-192-ECB'); 49 | $result = $crypter->decrypt(base64_decode('tD2h0aC78o4kmlsSuA0LgQ==')); 50 | $this->assertEquals('foobar', (string) $result); 51 | } 52 | 53 | /** 54 | * Assert 'foobar' encrypts to 'HHA+m+yrcEBpfRN7Q6GLkw==' with AES-256-ECB method and 'mysecretseedingkey'. 55 | */ 56 | public function testItEncrypts256() 57 | { 58 | $crypter = new Crypter('mysecretseedingkey', 'AES-256-ECB'); 59 | $result = $crypter->encrypt('foobar'); 60 | $this->assertEquals('HHA+m+yrcEBpfRN7Q6GLkw==', base64_encode($result)); 61 | } 62 | 63 | /** 64 | * Assert 'HHA+m+yrcEBpfRN7Q6GLkw==' decrypts to 'foobar' with AES-256-ECB method and 'mysecretseedingkey'. 65 | */ 66 | public function testItDecrypts256() 67 | { 68 | $crypter = new Crypter('mysecretseedingkey', 'AES-256-ECB'); 69 | $result = $crypter->decrypt(base64_decode('HHA+m+yrcEBpfRN7Q6GLkw==')); 70 | $this->assertEquals('foobar', $result); 71 | } 72 | } 73 | --------------------------------------------------------------------------------