├── .github
    └── workflows
    │   └── php.yml
├── .gitignore
├── .scrutinizer.yml
├── .travis.yml
├── CHANGELOG.md
├── LICENSE
├── README.md
├── benchmarks
    └── benchmarks.php
├── composer.json
├── phpunit.xml
├── src
    └── Crypter.php
└── tests
    └── CrypterTest.php


/.github/workflows/php.yml:
--------------------------------------------------------------------------------
 1 | on: [push]
 2 | 
 3 | jobs:
 4 |   run:    
 5 |     runs-on: ${{ matrix.operating-system }}
 6 |     strategy:      
 7 |       matrix:
 8 |         operating-system: [ubuntu-latest, windows-latest, macOS-latest]
 9 |         php-versions: ['7.0', '7.1', '7.2', '7.3', '7.4']
10 |     name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}
11 | 
12 |     steps:
13 |     - uses: actions/checkout@v1
14 | 
15 |     - name: Setup PHP
16 |       uses: shivammathur/setup-php@v1
17 |       with:
18 |         php-version: ${{ matrix.php-versions }}
19 |         extension-csv: openssl, mbstring, intl, dom, curl #optional, setup extensions
20 |         coverage: xdebug #optional, setup coverage driver
21 |         pecl: false #optional, setup PECL
22 | 
23 |     - name: Validate composer.json and composer.lock
24 |       run: composer validate
25 | 
26 |     - name: Install dependencies
27 |       run: composer install --prefer-dist --no-progress --no-suggest
28 | 
29 |     - name: Run test suite
30 |       run: ./vendor/bin/phpunit
31 |   
32 |     - name: Run benchmarks
33 |       run: php benchmarks/benchmarks.php
34 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | coverage
2 | vendor
3 | .DS_Store
4 | .idea
5 | composer.lock
6 | 


--------------------------------------------------------------------------------
/.scrutinizer.yml:
--------------------------------------------------------------------------------
 1 | build:
 2 |     nodes:
 3 |         analysis:
 4 |             project_setup:
 5 |                 override: true
 6 |             tests:
 7 |                 override:
 8 |                     - php-scrutinizer-run --enable-security-analysis
 9 |         tests:
10 |             environment:
11 |                 php:
12 |                     version: 7.1
13 |             tests:
14 |                 override:
15 |                     -
16 |                         command: 'vendor/bin/phpunit --coverage-clover=clover'
17 |                         coverage:
18 |                             file: 'clover'
19 |                             format: 'clover'
20 | filter:
21 |     excluded_paths:
22 |         - 'tests/*'
23 | checks:
24 |     php:
25 |         code_rating: true
26 |         duplication: true
27 | 
28 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
 1 | language: php
 2 | 
 3 | php:
 4 |   - 7.0
 5 |   - 7.1
 6 |   - 7.2
 7 |   - 7.3
 8 | 
 9 | before_script:
10 |   - composer self-update
11 |   - composer install --dev --no-interaction
12 | 
13 | script:
14 |   - php vendor/bin/phpunit --coverage-clover build/logs/clover.xml
15 |   - php benchmarks/benchmarks.php
16 | 


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | # Change Log
 2 | 
 3 | ## [Unreleased](https://github.com/noprotocol/php-mysql-aes-crypt/tree/HEAD)
 4 | 
 5 | [Full Changelog](https://github.com/noprotocol/php-mysql-aes-crypt/compare/v2.0.1...HEAD)
 6 | 
 7 | **Merged pull requests:**
 8 | 
 9 | - Scrutinizer Auto-Fixes [\#9](https://github.com/noprotocol/php-mysql-aes-crypt/pull/9) ([scrutinizer-auto-fixer](https://github.com/scrutinizer-auto-fixer))
10 | 
11 | ## [v2.0.1](https://github.com/noprotocol/php-mysql-aes-crypt/tree/v2.0.1) (2018-06-25)
12 | [Full Changelog](https://github.com/noprotocol/php-mysql-aes-crypt/compare/v2.0.0...v2.0.1)
13 | 
14 | **Closed issues:**
15 | 
16 | - Be able to switch between 128-bit and 256-bit [\#8](https://github.com/noprotocol/php-mysql-aes-crypt/issues/8)
17 | - Can't use AES\_DECRYPT to decrypt data from database [\#7](https://github.com/noprotocol/php-mysql-aes-crypt/issues/7)
18 | 
19 | **Merged pull requests:**
20 | 
21 | - Apply fixes from StyleCI [\#5](https://github.com/noprotocol/php-mysql-aes-crypt/pull/5) ([annejan](https://github.com/annejan))
22 | - Scrutinizer Auto-Fixes [\#4](https://github.com/noprotocol/php-mysql-aes-crypt/pull/4) ([scrutinizer-auto-fixer](https://github.com/scrutinizer-auto-fixer))
23 | 
24 | ## [v2.0.0](https://github.com/noprotocol/php-mysql-aes-crypt/tree/v2.0.0) (2018-04-18)
25 | [Full Changelog](https://github.com/noprotocol/php-mysql-aes-crypt/compare/v1.0.0...v2.0.0)
26 | 
27 | **Closed issues:**
28 | 
29 | - mcrypt\_encrypt deprecated [\#2](https://github.com/noprotocol/php-mysql-aes-crypt/issues/2)
30 | 
31 | **Merged pull requests:**
32 | 
33 | - Update to openssl\_encrypt/decrypt [\#3](https://github.com/noprotocol/php-mysql-aes-crypt/pull/3) ([renanmpimentel](https://github.com/renanmpimentel))
34 | 
35 | ## [v1.0.0](https://github.com/noprotocol/php-mysql-aes-crypt/tree/v1.0.0) (2016-09-29)
36 | 
37 | 
38 | \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2016 NoProtocol
2 | 
3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
4 | 
5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
6 | 
7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # PHP MySQL AES encrypt/decrypt
 2 | 
 3 | Encrypt/decrypt values in PHP which are compatible with MySQL's `aes_encrypt()` & `aes_decrypt()` functions. <sup name="top">[1](#smashing-magazine-article)</sup>
 4 | 
 5 | [![Build Status](https://travis-ci.org/noprotocol/php-mysql-aes-crypt.svg?branch=master)](https://travis-ci.org/noprotocol/php-mysql-aes-crypt)
 6 | [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/noprotocol/php-mysql-aes-crypt/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/noprotocol/php-mysql-aes-crypt/?branch=master)
 7 | [![Code Coverage](https://scrutinizer-ci.com/g/noprotocol/php-mysql-aes-crypt/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/noprotocol/php-mysql-aes-crypt/?branch=master)
 8 | 
 9 | [Change log](CHANGELOG.md)
10 | 
11 | ## Installation
12 | 
13 | ### With Composer
14 | 
15 | ```
16 | $ composer require noprotocol/php-mysql-aes-crypt
17 | ```
18 | 
19 | ```json
20 | {
21 |     "require": {
22 |         "noprotocol/php-mysql-aes-crypt": "^2.0.0"
23 |     }
24 | }
25 | ```
26 | 
27 | ```php
28 | <?php
29 | require 'vendor/autoload.php';
30 | 
31 | use NoProtocol\Encryption\MySQL\AES\Crypter;
32 | ```
33 | 
34 | <a name="install-nocomposer"/>
35 | 
36 | ### Without Composer
37 | 
38 | Please use [Composer](http://getcomposer.org/). If you need to install manually, download [Crypter.php](https://github.com/noprotocol/php-mysql-aes-crypt/src/NoProtocol/Encryption/MySQL/AES/Crypter.php) from the repository and save the file into your project path.
39 | 
40 | ```php
41 | <?php
42 | require 'path/to/Cryper.php';
43 | 
44 | use NoProtocol\Encryption\MySQL\AES\Crypter;
45 | ```
46 | 
47 | ## Usage
48 | Create a new instance of the class with a string which will be used as the key for the crypting process. Run `encrypt()` or `decrypt()` to encrypt/decrypt your data.
49 | 
50 | ```php
51 | <?php
52 | use NoProtocol\Encryption\MySQL\AES\Crypter;
53 | 
54 | // create a new instance
55 | $crypter = new Crypter('mykeystring');
56 | 
57 | // encrypt a piece of data
58 | $encrypted = $crypter->encrypt('foobar');
59 | 
60 | // decrypt a piece of data
61 | $decrypted = $crypter->decrypt($encrypted);
62 | ```
63 | 
64 | Using a different encryption method is possible too when so desired.
65 | 
66 | ```php
67 | $crypter = new Crypter('mykeystring', 'AES-256-ECB');
68 | ```
69 | 
70 | NB: This is only tested for AES-128-ECB (default), AES-192-ECB and AES-256-ECB
71 | 
72 | ## Benchmark
73 | A benchmark is provided in `/benchmarks/benchmarks.php`. You can set the number of items to run by passing a number as an argument, e.g.:
74 | 
75 | `php benchmarks/benchmarks.php 20000`
76 | 
77 | to run 20000 items. If no number is given, it defaults to 10000 items.
78 | 
79 | You can also optionally set the desired encryption method for example:
80 | 
81 | `php benchmarks/benchmarks.php 20000 AES-256-ECB`
82 | 
83 | ## Testing
84 | PHPunit test cases are provided in `/tests`.
85 | 
86 | ---
87 | 
88 | <sup id="smashing-magazine-article">1</sup>As outlined in [http://www.smashingmagazine.com/2012/05/replicating-mysql-aes-encryption-methods-with-php/](http://www.smashingmagazine.com/2012/05/replicating-mysql-aes-encryption-methods-with-php/) [↩](#top)
89 | 


--------------------------------------------------------------------------------
/benchmarks/benchmarks.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | require './vendor/autoload.php';
 4 | 
 5 | use NoProtocol\Encryption\MySQL\AES\Crypter;
 6 | use Symfony\Component\Stopwatch\Stopwatch;
 7 | 
 8 | set_time_limit(0);
 9 | 
10 | $stopwatch = new Stopwatch();
11 | 
12 | $amount = 10000;
13 | if (isset($argv[1]) && is_numeric($argv[1])) {
14 |     $amount = $argv[1];
15 | }
16 | 
17 | if (isset($argv[2])) {
18 |     $crypter = new Crypter('mySuperDuperSecretKey', $argv[2]);
19 | } else {
20 |     $crypter = new Crypter('mySuperDuperSecretKey');
21 | }
22 | 
23 | echo sprintf('Running benchmark with %s items...', $amount) . PHP_EOL;
24 | 
25 | $stopwatch->start('encrypt');
26 | 
27 | for ($i = 0; $i < $amount; $i++) {
28 |     $encrypted = $crypter->encrypt(uniqid('', true));
29 |     $decrypted = $crypter->decrypt($encrypted);
30 | }
31 | 
32 | $event = $stopwatch->stop('encrypt');
33 | 
34 | echo sprintf('%s items in %s seconds (%s ms), max. memory usage %sKB (%sB)', $amount, $event->getDuration() / 1000, $event->getDuration(), $event->getMemory() / 1024, $event->getMemory()) . PHP_EOL;
35 | 


--------------------------------------------------------------------------------
/composer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "name": "noprotocol/php-mysql-aes-crypt",
 3 |     "description": "Encrypt/decrypt data in PHP to a format compatible with MySQL AES_ENCRYPT & AES_DECRYPT functions.",
 4 |     "keywords": ["php", "mysql", "aes", "encryption", "decryption", "noprotocol"],
 5 |     "require": {
 6 |       "ext-openssl": "*"
 7 |     },
 8 |     "require-dev": {
 9 |        "phpunit/phpunit": "^6",
10 |        "symfony/stopwatch": "^3.1"
11 |     },
12 |     "license": "MIT",
13 |     "authors": [
14 |         {
15 |             "name": "Bob Fanger",
16 |             "email": "bob.fanger@noprotocol.nl"
17 |         },
18 |         {
19 |             "name": "Anne Jan Brouwer",
20 |             "email": "anne.jan.brouwer@noprotocol.nl"
21 |         },
22 |         {
23 |             "name": "Govert Verschuur",
24 |             "email": "govert.verschuur@noprotocol.nl"
25 |         },
26 |         {
27 |             "name": "Renan Martins Pimentel",
28 |             "email": "renan.pimentel@gmail.com"
29 |         }
30 |     ],
31 |     "autoload": {
32 |         "psr-4": {
33 |             "NoProtocol\\Encryption\\MySQL\\AES\\": "src/"
34 |         }
35 |     }
36 | }
37 | 


--------------------------------------------------------------------------------
/phpunit.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <phpunit backupGlobals="false"
 3 |          backupStaticAttributes="false"
 4 |          bootstrap="./vendor/autoload.php"
 5 |          colors="true"
 6 |          convertErrorsToExceptions="true"
 7 |          convertNoticesToExceptions="true"
 8 |          convertWarningsToExceptions="true"
 9 |          processIsolation="false"
10 | 	 stopOnFailure="false">
11 |     <testsuites>
12 |         <testsuite name="Encryptable">
13 |             <directory>./tests/</directory>
14 |         </testsuite>
15 |     </testsuites>
16 |     <filter>
17 |         <whitelist>
18 |             <directory suffix=".php">src/</directory>
19 |         </whitelist>
20 |     </filter>
21 | </phpunit>
22 | 


--------------------------------------------------------------------------------
/src/Crypter.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /**
  3 |  * Encrypt/decrypt data to a format compatible with MySQL aes_encrypt() & aes_decrypt() functions.
  4 |  *
  5 |  * @author    Bob Fanger <bob.fanger@noprotocol.nl>
  6 |  * @author    Anne Jan Brouwer <anne.jan.brouwer@noprotocol.nl>
  7 |  * @author    Govert Verschuur <govert.verschuur@noprotocol.nl>
  8 |  * @author    Renan Martins Pimentel <renan.pimentel@gmail.com>
  9 |  * @copyright 2016 NoProtocol
 10 |  * @license   https://opensource.org/licenses/MIT The MIT License (MIT)
 11 |  *
 12 |  * @version   2.0.1
 13 |  *
 14 |  * @link      http://www.smashingmagazine.com/2012/05/replicating-mysql-aes-encryption-methods-with-php/
 15 |  */
 16 | 
 17 | namespace NoProtocol\Encryption\MySQL\AES;
 18 | 
 19 | class Crypter
 20 | {
 21 |     protected $method;
 22 |     protected $key;
 23 | 
 24 |     /**
 25 |      * Crypter constructor.
 26 |      *
 27 |      * @param $seed
 28 |      * @param string $method default AES-128-ECB
 29 |      */
 30 |     public function __construct($seed, $method = 'AES-128-ECB')
 31 |     {
 32 |         $this->method = $method;
 33 |         $this->key = $this->generateKey($seed);
 34 |     }
 35 | 
 36 |     /**
 37 |      * Encrypts the data.
 38 |      *
 39 |      * @since  2.0
 40 |      *
 41 |      * @param string $data A string of data to encrypt.
 42 |      *
 43 |      * @return string (binary) The encrypted data
 44 |      */
 45 |     public function encrypt($data)
 46 |     {
 47 |         $chiperIvLength = openssl_cipher_iv_length($this->method);
 48 |         $iv = '';
 49 |         if ($chiperIvLength > 0) {
 50 |             $iv = openssl_random_pseudo_bytes($chiperIvLength);
 51 |         }
 52 |         $padValue = 16 - (strlen($data) % 16);
 53 | 
 54 |         return openssl_encrypt(
 55 |             str_pad($data, intval(16 * (floor(strlen($data) / 16) + 1)), chr($padValue)),
 56 |             $this->method,
 57 |             $this->key,
 58 |             OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING,
 59 |             $iv
 60 |         );
 61 |     }
 62 | 
 63 |     /**
 64 |      * Decrypts the data.
 65 |      *
 66 |      * @since  2.0
 67 |      *
 68 |      * @param string $data A (binary) string of encrypted data
 69 |      *
 70 |      * @return string Decrypted data
 71 |      */
 72 |     public function decrypt($data)
 73 |     {
 74 |         $data = openssl_decrypt(
 75 |             $data,
 76 |             $this->method,
 77 |             $this->key,
 78 |             OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING
 79 |         );
 80 | 
 81 |         return rtrim($data, "\x00..\x10");
 82 |     }
 83 | 
 84 |     /**
 85 |      * Create and set the key used for encryption.
 86 |      *
 87 |      * @since  2.0
 88 |      *
 89 |      * @param string $seed The seed used to create the key.
 90 |      *
 91 |      * @return string (binary) the key to use in the encryption process.
 92 |      */
 93 |     protected function generateKey($seed)
 94 |     {
 95 |         $key = str_repeat(chr(0), 16);
 96 |         for ($i = 0, $len = strlen($seed); $i < $len; $i++) {
 97 |             $key[$i % 16] = $key[$i % 16] ^ $seed[$i];
 98 |         }
 99 | 
100 |         return $key;
101 |     }
102 | }
103 | 


--------------------------------------------------------------------------------
/tests/CrypterTest.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | use NoProtocol\Encryption\MySQL\AES\Crypter;
 4 | use PHPUnit\Framework\TestCase;
 5 | 
 6 | class AESEncryptTest extends TestCase
 7 | {
 8 |     public function setUp()
 9 |     {
10 |         parent::setUp();
11 |     }
12 | 
13 |     /**
14 |      * Assert 'foobar' encrypts to 'iWSjHbqpoNOPS6p1FsyyZw==' with default method and secret key 'mysecretseedingkey'.
15 |      */
16 |     public function testItEncrypts()
17 |     {
18 |         $crypter = new Crypter('mysecretseedingkey');
19 |         $result = $crypter->encrypt('foobar');
20 |         $this->assertEquals('iWSjHbqpoNOPS6p1FsyyZw==', base64_encode($result));
21 |     }
22 | 
23 |     /**
24 |      * Assert 'iWSjHbqpoNOPS6p1FsyyZw==' decrypts to 'foobar' with default method and secret key 'mysecretseedingkey'.
25 |      */
26 |     public function testItDecrypts()
27 |     {
28 |         $crypter = new Crypter('mysecretseedingkey');
29 |         $result = $crypter->decrypt(base64_decode('iWSjHbqpoNOPS6p1FsyyZw=='));
30 |         $this->assertEquals('foobar', $result);
31 |     }
32 | 
33 |     /**
34 |      * Assert 'foobar' encrypts to 'tD2h0aC78o4kmlsSuA0LgQ==' with AES-192-ECB method and 'mysecretseedingkey'.
35 |      */
36 |     public function testItEncrypts192()
37 |     {
38 |         $crypter = new Crypter('mysecretseedingkey', 'AES-192-ECB');
39 |         $result = $crypter->encrypt('foobar');
40 |         $this->assertEquals('tD2h0aC78o4kmlsSuA0LgQ==', base64_encode($result));
41 |     }
42 | 
43 |     /**
44 |      * Assert 'tD2h0aC78o4kmlsSuA0LgQ==' decrypts to 'foobar' with AES-192-ECB method and 'mysecretseedingkey'.
45 |      */
46 |     public function testItDecrypts192()
47 |     {
48 |         $crypter = new Crypter('mysecretseedingkey', 'AES-192-ECB');
49 |         $result = $crypter->decrypt(base64_decode('tD2h0aC78o4kmlsSuA0LgQ=='));
50 |         $this->assertEquals('foobar', (string) $result);
51 |     }
52 | 
53 |     /**
54 |      * Assert 'foobar' encrypts to 'HHA+m+yrcEBpfRN7Q6GLkw==' with AES-256-ECB method and 'mysecretseedingkey'.
55 |      */
56 |     public function testItEncrypts256()
57 |     {
58 |         $crypter = new Crypter('mysecretseedingkey', 'AES-256-ECB');
59 |         $result = $crypter->encrypt('foobar');
60 |         $this->assertEquals('HHA+m+yrcEBpfRN7Q6GLkw==', base64_encode($result));
61 |     }
62 | 
63 |     /**
64 |      * Assert 'HHA+m+yrcEBpfRN7Q6GLkw==' decrypts to 'foobar' with AES-256-ECB method and 'mysecretseedingkey'.
65 |      */
66 |     public function testItDecrypts256()
67 |     {
68 |         $crypter = new Crypter('mysecretseedingkey', 'AES-256-ECB');
69 |         $result = $crypter->decrypt(base64_decode('HHA+m+yrcEBpfRN7Q6GLkw=='));
70 |         $this->assertEquals('foobar', $result);
71 |     }
72 | }
73 | 


--------------------------------------------------------------------------------