├── .github
└── workflows
│ └── php.yml
├── .gitignore
├── .scrutinizer.yml
├── .travis.yml
├── CHANGELOG.md
├── LICENSE
├── README.md
├── benchmarks
└── benchmarks.php
├── composer.json
├── phpunit.xml
├── src
└── Crypter.php
└── tests
└── CrypterTest.php
/.github/workflows/php.yml:
--------------------------------------------------------------------------------
1 | on: [push]
2 |
3 | jobs:
4 | run:
5 | runs-on: ${{ matrix.operating-system }}
6 | strategy:
7 | matrix:
8 | operating-system: [ubuntu-latest, windows-latest, macOS-latest]
9 | php-versions: ['7.0', '7.1', '7.2', '7.3', '7.4']
10 | name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}
11 |
12 | steps:
13 | - uses: actions/checkout@v1
14 |
15 | - name: Setup PHP
16 | uses: shivammathur/setup-php@v1
17 | with:
18 | php-version: ${{ matrix.php-versions }}
19 | extension-csv: openssl, mbstring, intl, dom, curl #optional, setup extensions
20 | coverage: xdebug #optional, setup coverage driver
21 | pecl: false #optional, setup PECL
22 |
23 | - name: Validate composer.json and composer.lock
24 | run: composer validate
25 |
26 | - name: Install dependencies
27 | run: composer install --prefer-dist --no-progress --no-suggest
28 |
29 | - name: Run test suite
30 | run: ./vendor/bin/phpunit
31 |
32 | - name: Run benchmarks
33 | run: php benchmarks/benchmarks.php
34 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | coverage
2 | vendor
3 | .DS_Store
4 | .idea
5 | composer.lock
6 |
--------------------------------------------------------------------------------
/.scrutinizer.yml:
--------------------------------------------------------------------------------
1 | build:
2 | nodes:
3 | analysis:
4 | project_setup:
5 | override: true
6 | tests:
7 | override:
8 | - php-scrutinizer-run --enable-security-analysis
9 | tests:
10 | environment:
11 | php:
12 | version: 7.1
13 | tests:
14 | override:
15 | -
16 | command: 'vendor/bin/phpunit --coverage-clover=clover'
17 | coverage:
18 | file: 'clover'
19 | format: 'clover'
20 | filter:
21 | excluded_paths:
22 | - 'tests/*'
23 | checks:
24 | php:
25 | code_rating: true
26 | duplication: true
27 |
28 |
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | language: php
2 |
3 | php:
4 | - 7.0
5 | - 7.1
6 | - 7.2
7 | - 7.3
8 |
9 | before_script:
10 | - composer self-update
11 | - composer install --dev --no-interaction
12 |
13 | script:
14 | - php vendor/bin/phpunit --coverage-clover build/logs/clover.xml
15 | - php benchmarks/benchmarks.php
16 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | # Change Log
2 |
3 | ## [Unreleased](https://github.com/noprotocol/php-mysql-aes-crypt/tree/HEAD)
4 |
5 | [Full Changelog](https://github.com/noprotocol/php-mysql-aes-crypt/compare/v2.0.1...HEAD)
6 |
7 | **Merged pull requests:**
8 |
9 | - Scrutinizer Auto-Fixes [\#9](https://github.com/noprotocol/php-mysql-aes-crypt/pull/9) ([scrutinizer-auto-fixer](https://github.com/scrutinizer-auto-fixer))
10 |
11 | ## [v2.0.1](https://github.com/noprotocol/php-mysql-aes-crypt/tree/v2.0.1) (2018-06-25)
12 | [Full Changelog](https://github.com/noprotocol/php-mysql-aes-crypt/compare/v2.0.0...v2.0.1)
13 |
14 | **Closed issues:**
15 |
16 | - Be able to switch between 128-bit and 256-bit [\#8](https://github.com/noprotocol/php-mysql-aes-crypt/issues/8)
17 | - Can't use AES\_DECRYPT to decrypt data from database [\#7](https://github.com/noprotocol/php-mysql-aes-crypt/issues/7)
18 |
19 | **Merged pull requests:**
20 |
21 | - Apply fixes from StyleCI [\#5](https://github.com/noprotocol/php-mysql-aes-crypt/pull/5) ([annejan](https://github.com/annejan))
22 | - Scrutinizer Auto-Fixes [\#4](https://github.com/noprotocol/php-mysql-aes-crypt/pull/4) ([scrutinizer-auto-fixer](https://github.com/scrutinizer-auto-fixer))
23 |
24 | ## [v2.0.0](https://github.com/noprotocol/php-mysql-aes-crypt/tree/v2.0.0) (2018-04-18)
25 | [Full Changelog](https://github.com/noprotocol/php-mysql-aes-crypt/compare/v1.0.0...v2.0.0)
26 |
27 | **Closed issues:**
28 |
29 | - mcrypt\_encrypt deprecated [\#2](https://github.com/noprotocol/php-mysql-aes-crypt/issues/2)
30 |
31 | **Merged pull requests:**
32 |
33 | - Update to openssl\_encrypt/decrypt [\#3](https://github.com/noprotocol/php-mysql-aes-crypt/pull/3) ([renanmpimentel](https://github.com/renanmpimentel))
34 |
35 | ## [v1.0.0](https://github.com/noprotocol/php-mysql-aes-crypt/tree/v1.0.0) (2016-09-29)
36 |
37 |
38 | \* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2016 NoProtocol
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
4 |
5 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
6 |
7 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # PHP MySQL AES encrypt/decrypt
2 |
3 | Encrypt/decrypt values in PHP which are compatible with MySQL's `aes_encrypt()` & `aes_decrypt()` functions. [1](#smashing-magazine-article)
4 |
5 | [](https://travis-ci.org/noprotocol/php-mysql-aes-crypt)
6 | [](https://scrutinizer-ci.com/g/noprotocol/php-mysql-aes-crypt/?branch=master)
7 | [](https://scrutinizer-ci.com/g/noprotocol/php-mysql-aes-crypt/?branch=master)
8 |
9 | [Change log](CHANGELOG.md)
10 |
11 | ## Installation
12 |
13 | ### With Composer
14 |
15 | ```
16 | $ composer require noprotocol/php-mysql-aes-crypt
17 | ```
18 |
19 | ```json
20 | {
21 | "require": {
22 | "noprotocol/php-mysql-aes-crypt": "^2.0.0"
23 | }
24 | }
25 | ```
26 |
27 | ```php
28 |
35 |
36 | ### Without Composer
37 |
38 | Please use [Composer](http://getcomposer.org/). If you need to install manually, download [Crypter.php](https://github.com/noprotocol/php-mysql-aes-crypt/src/NoProtocol/Encryption/MySQL/AES/Crypter.php) from the repository and save the file into your project path.
39 |
40 | ```php
41 | encrypt('foobar');
59 |
60 | // decrypt a piece of data
61 | $decrypted = $crypter->decrypt($encrypted);
62 | ```
63 |
64 | Using a different encryption method is possible too when so desired.
65 |
66 | ```php
67 | $crypter = new Crypter('mykeystring', 'AES-256-ECB');
68 | ```
69 |
70 | NB: This is only tested for AES-128-ECB (default), AES-192-ECB and AES-256-ECB
71 |
72 | ## Benchmark
73 | A benchmark is provided in `/benchmarks/benchmarks.php`. You can set the number of items to run by passing a number as an argument, e.g.:
74 |
75 | `php benchmarks/benchmarks.php 20000`
76 |
77 | to run 20000 items. If no number is given, it defaults to 10000 items.
78 |
79 | You can also optionally set the desired encryption method for example:
80 |
81 | `php benchmarks/benchmarks.php 20000 AES-256-ECB`
82 |
83 | ## Testing
84 | PHPunit test cases are provided in `/tests`.
85 |
86 | ---
87 |
88 | 1As outlined in [http://www.smashingmagazine.com/2012/05/replicating-mysql-aes-encryption-methods-with-php/](http://www.smashingmagazine.com/2012/05/replicating-mysql-aes-encryption-methods-with-php/) [↩](#top)
89 |
--------------------------------------------------------------------------------
/benchmarks/benchmarks.php:
--------------------------------------------------------------------------------
1 | start('encrypt');
26 |
27 | for ($i = 0; $i < $amount; $i++) {
28 | $encrypted = $crypter->encrypt(uniqid('', true));
29 | $decrypted = $crypter->decrypt($encrypted);
30 | }
31 |
32 | $event = $stopwatch->stop('encrypt');
33 |
34 | echo sprintf('%s items in %s seconds (%s ms), max. memory usage %sKB (%sB)', $amount, $event->getDuration() / 1000, $event->getDuration(), $event->getMemory() / 1024, $event->getMemory()) . PHP_EOL;
35 |
--------------------------------------------------------------------------------
/composer.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "noprotocol/php-mysql-aes-crypt",
3 | "description": "Encrypt/decrypt data in PHP to a format compatible with MySQL AES_ENCRYPT & AES_DECRYPT functions.",
4 | "keywords": ["php", "mysql", "aes", "encryption", "decryption", "noprotocol"],
5 | "require": {
6 | "ext-openssl": "*"
7 | },
8 | "require-dev": {
9 | "phpunit/phpunit": "^6",
10 | "symfony/stopwatch": "^3.1"
11 | },
12 | "license": "MIT",
13 | "authors": [
14 | {
15 | "name": "Bob Fanger",
16 | "email": "bob.fanger@noprotocol.nl"
17 | },
18 | {
19 | "name": "Anne Jan Brouwer",
20 | "email": "anne.jan.brouwer@noprotocol.nl"
21 | },
22 | {
23 | "name": "Govert Verschuur",
24 | "email": "govert.verschuur@noprotocol.nl"
25 | },
26 | {
27 | "name": "Renan Martins Pimentel",
28 | "email": "renan.pimentel@gmail.com"
29 | }
30 | ],
31 | "autoload": {
32 | "psr-4": {
33 | "NoProtocol\\Encryption\\MySQL\\AES\\": "src/"
34 | }
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/phpunit.xml:
--------------------------------------------------------------------------------
1 |
2 |
11 |
12 |
13 | ./tests/
14 |
15 |
16 |
17 |
18 | src/
19 |
20 |
21 |
22 |
--------------------------------------------------------------------------------
/src/Crypter.php:
--------------------------------------------------------------------------------
1 |
6 | * @author Anne Jan Brouwer
7 | * @author Govert Verschuur
8 | * @author Renan Martins Pimentel
9 | * @copyright 2016 NoProtocol
10 | * @license https://opensource.org/licenses/MIT The MIT License (MIT)
11 | *
12 | * @version 2.0.1
13 | *
14 | * @link http://www.smashingmagazine.com/2012/05/replicating-mysql-aes-encryption-methods-with-php/
15 | */
16 |
17 | namespace NoProtocol\Encryption\MySQL\AES;
18 |
19 | class Crypter
20 | {
21 | protected $method;
22 | protected $key;
23 |
24 | /**
25 | * Crypter constructor.
26 | *
27 | * @param $seed
28 | * @param string $method default AES-128-ECB
29 | */
30 | public function __construct($seed, $method = 'AES-128-ECB')
31 | {
32 | $this->method = $method;
33 | $this->key = $this->generateKey($seed);
34 | }
35 |
36 | /**
37 | * Encrypts the data.
38 | *
39 | * @since 2.0
40 | *
41 | * @param string $data A string of data to encrypt.
42 | *
43 | * @return string (binary) The encrypted data
44 | */
45 | public function encrypt($data)
46 | {
47 | $chiperIvLength = openssl_cipher_iv_length($this->method);
48 | $iv = '';
49 | if ($chiperIvLength > 0) {
50 | $iv = openssl_random_pseudo_bytes($chiperIvLength);
51 | }
52 | $padValue = 16 - (strlen($data) % 16);
53 |
54 | return openssl_encrypt(
55 | str_pad($data, intval(16 * (floor(strlen($data) / 16) + 1)), chr($padValue)),
56 | $this->method,
57 | $this->key,
58 | OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING,
59 | $iv
60 | );
61 | }
62 |
63 | /**
64 | * Decrypts the data.
65 | *
66 | * @since 2.0
67 | *
68 | * @param string $data A (binary) string of encrypted data
69 | *
70 | * @return string Decrypted data
71 | */
72 | public function decrypt($data)
73 | {
74 | $data = openssl_decrypt(
75 | $data,
76 | $this->method,
77 | $this->key,
78 | OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING
79 | );
80 |
81 | return rtrim($data, "\x00..\x10");
82 | }
83 |
84 | /**
85 | * Create and set the key used for encryption.
86 | *
87 | * @since 2.0
88 | *
89 | * @param string $seed The seed used to create the key.
90 | *
91 | * @return string (binary) the key to use in the encryption process.
92 | */
93 | protected function generateKey($seed)
94 | {
95 | $key = str_repeat(chr(0), 16);
96 | for ($i = 0, $len = strlen($seed); $i < $len; $i++) {
97 | $key[$i % 16] = $key[$i % 16] ^ $seed[$i];
98 | }
99 |
100 | return $key;
101 | }
102 | }
103 |
--------------------------------------------------------------------------------
/tests/CrypterTest.php:
--------------------------------------------------------------------------------
1 | encrypt('foobar');
20 | $this->assertEquals('iWSjHbqpoNOPS6p1FsyyZw==', base64_encode($result));
21 | }
22 |
23 | /**
24 | * Assert 'iWSjHbqpoNOPS6p1FsyyZw==' decrypts to 'foobar' with default method and secret key 'mysecretseedingkey'.
25 | */
26 | public function testItDecrypts()
27 | {
28 | $crypter = new Crypter('mysecretseedingkey');
29 | $result = $crypter->decrypt(base64_decode('iWSjHbqpoNOPS6p1FsyyZw=='));
30 | $this->assertEquals('foobar', $result);
31 | }
32 |
33 | /**
34 | * Assert 'foobar' encrypts to 'tD2h0aC78o4kmlsSuA0LgQ==' with AES-192-ECB method and 'mysecretseedingkey'.
35 | */
36 | public function testItEncrypts192()
37 | {
38 | $crypter = new Crypter('mysecretseedingkey', 'AES-192-ECB');
39 | $result = $crypter->encrypt('foobar');
40 | $this->assertEquals('tD2h0aC78o4kmlsSuA0LgQ==', base64_encode($result));
41 | }
42 |
43 | /**
44 | * Assert 'tD2h0aC78o4kmlsSuA0LgQ==' decrypts to 'foobar' with AES-192-ECB method and 'mysecretseedingkey'.
45 | */
46 | public function testItDecrypts192()
47 | {
48 | $crypter = new Crypter('mysecretseedingkey', 'AES-192-ECB');
49 | $result = $crypter->decrypt(base64_decode('tD2h0aC78o4kmlsSuA0LgQ=='));
50 | $this->assertEquals('foobar', (string) $result);
51 | }
52 |
53 | /**
54 | * Assert 'foobar' encrypts to 'HHA+m+yrcEBpfRN7Q6GLkw==' with AES-256-ECB method and 'mysecretseedingkey'.
55 | */
56 | public function testItEncrypts256()
57 | {
58 | $crypter = new Crypter('mysecretseedingkey', 'AES-256-ECB');
59 | $result = $crypter->encrypt('foobar');
60 | $this->assertEquals('HHA+m+yrcEBpfRN7Q6GLkw==', base64_encode($result));
61 | }
62 |
63 | /**
64 | * Assert 'HHA+m+yrcEBpfRN7Q6GLkw==' decrypts to 'foobar' with AES-256-ECB method and 'mysecretseedingkey'.
65 | */
66 | public function testItDecrypts256()
67 | {
68 | $crypter = new Crypter('mysecretseedingkey', 'AES-256-ECB');
69 | $result = $crypter->decrypt(base64_decode('HHA+m+yrcEBpfRN7Q6GLkw=='));
70 | $this->assertEquals('foobar', $result);
71 | }
72 | }
73 |
--------------------------------------------------------------------------------