PHP  
downloads | documentation | faq | getting help | mailing lists | | php.net sites | links 
search for in the  
previousmcal_week_of_yearmcrypt_cbcnext
Last updated: Tue, 03 Sep 2002
view the printer friendly version or the printer friendly version with notes or change language to English | Brazilian Portuguese | Chinese | Czech | Dutch | Finnish | French | German | Hungarian | Japanese | Korean | Polish | Romanian | Russian | Spanish | Swedish | Turkish

LIV. Mcrypt Encryption Functions

Introduzione

This is an interface to the mcrypt library, which supports a wide variety of block algorithms such as DES, TripleDES, Blowfish (default), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2 and GOST in CBC, OFB, CFB and ECB cipher modes. Additionally, it supports RC6 and IDEA which are considered "non-free".

Requisiti

These functions work using .

If you linked against libmcrypt 2.4.x or higher, the following additional block algorithms are supported: CAST, LOKI97, RIJNDAEL, SAFERPLUS, SERPENT and the following stream ciphers: ENIGMA (crypt), PANAMA, RC4 and WAKE. With libmcrypt 2.4.x or higher another cipher mode is also available; nOFB.

Istallazione

To use it, download libmcrypt-x.x.tar.gz from and follow the included installation instructions. You need to compile PHP with the --with-mcrypt parameter to enable this extension. Make sure you compile libmcrypt with the option --disable-posix-threads.

Configurazione Runtime

Resource Type

Questa estensione non definisce alcun tipo di risorsa.

Costanti Predefinite

Queste costanti sono definite da questa estensione e sono disponibili solo se l'estensione � stata compilata nel PHP o se � stata caricata dinamicamente a runtime.

Mcrypt can operate in four block cipher modes (CBC, OFB, CFB, and ECB). If linked against libmcrypt-2.4.x or higher the functions can also operate in the block cipher mode nOFB and in STREAM mode. Below you find a list with all supported encryption modes together with the constants that are defines for the encryption mode. For a more complete reference and discussion see Applied Cryptography by Schneier (ISBN 0-471-11709-9).

  • MCRYPT_MODE_ECB (electronic codebook) is suitable for random data, such as encrypting other keys. Since data there is short and random, the disadvantages of ECB have a favorable negative effect.

  • MCRYPT_MODE_CBC (cipher block chaining) is especially suitable for encrypting files where the security is increased over ECB significantly.

  • MCRYPT_MODE_CFB (cipher feedback) is the best mode for encrypting byte streams where single bytes must be encrypted.

  • MCRYPT_MODE_OFB (output feedback, in 8bit) is comparable to CFB, but can be used in applications where error propagation cannot be tolerated. It's insecure (because it operates in 8bit mode) so it is not recommended to use it.

  • MCRYPT_MODE_NOFB (output feedback, in nbit) is comparable to OFB, but more secure because it operates on the block size of the algorithm.

  • MCRYPT_MODE_STREAM is an extra mode to include some stream algorithms like WAKE or RC4.

Some other mode and random device constants:

MCRYPT_ENCRYPT (integer)

MCRYPT_DECRYPT (integer)

MCRYPT_DEV_RANDOM (integer)

MCRYPT_DEV_URANDOM (integer)

MCRYPT_RAND (integer)

Mcrypt ciphers

Here is a list of ciphers which are currently supported by the mcrypt extension. For a complete list of supported ciphers, see the defines at the end of mcrypt.h. The general rule with the mcrypt-2.2.x API is that you can access the cipher from PHP with MCRYPT_ciphername. With the libmcrypt-2.4.x and libmcrypt-2.5.x API these constants also work, but it is possible to specify the name of the cipher as a string with a call to mcrypt_module_open().

  • MCRYPT_3DES

  • MCRYPT_ARCFOUR_IV (libmcrypt > 2.4.x only)

  • MCRYPT_ARCFOUR (libmcrypt > 2.4.x only)

  • MCRYPT_BLOWFISH

  • MCRYPT_CAST_128

  • MCRYPT_CAST_256

  • MCRYPT_CRYPT

  • MCRYPT_DES

  • MCRYPT_DES_COMPAT (libmcrypt 2.2.x only)

  • MCRYPT_ENIGMA (libmcrypt > 2.4.x only, alias for MCRYPT_CRYPT)

  • MCRYPT_GOST

  • MCRYPT_IDEA (non-free)

  • MCRYPT_LOKI97 (libmcrypt > 2.4.x only)

  • MCRYPT_MARS (libmcrypt > 2.4.x only, non-free)

  • MCRYPT_PANAMA (libmcrypt > 2.4.x only)

  • MCRYPT_RIJNDAEL_128 (libmcrypt > 2.4.x only)

  • MCRYPT_RIJNDAEL_192 (libmcrypt > 2.4.x only)

  • MCRYPT_RIJNDAEL_256 (libmcrypt > 2.4.x only)

  • MCRYPT_RC2

  • MCRYPT_RC4 (libmcrypt 2.2.x only)

  • MCRYPT_RC6 (libmcrypt > 2.4.x only)

  • MCRYPT_RC6_128 (libmcrypt 2.2.x only)

  • MCRYPT_RC6_192 (libmcrypt 2.2.x only)

  • MCRYPT_RC6_256 (libmcrypt 2.2.x only)

  • MCRYPT_SAFER64

  • MCRYPT_SAFER128

  • MCRYPT_SAFERPLUS (libmcrypt > 2.4.x only)

  • MCRYPT_SERPENT(libmcrypt > 2.4.x only)

  • MCRYPT_SERPENT_128 (libmcrypt 2.2.x only)

  • MCRYPT_SERPENT_192 (libmcrypt 2.2.x only)

  • MCRYPT_SERPENT_256 (libmcrypt 2.2.x only)

  • MCRYPT_SKIPJACK (libmcrypt > 2.4.x only)

  • MCRYPT_TEAN (libmcrypt 2.2.x only)

  • MCRYPT_THREEWAY

  • MCRYPT_TRIPLEDES (libmcrypt > 2.4.x only)

  • MCRYPT_TWOFISH (for older mcrypt 2.x versions, or mcrypt > 2.4.x )

  • MCRYPT_TWOFISH128 (TWOFISHxxx are available in newer 2.x versions, but not in the 2.4.x versions)

  • MCRYPT_TWOFISH192

  • MCRYPT_TWOFISH256

  • MCRYPT_WAKE (libmcrypt > 2.4.x only)

  • MCRYPT_XTEA (libmcrypt > 2.4.x only)

You must (in CFB and OFB mode) or can (in CBC mode) supply an initialization vector (IV) to the respective cipher function. The IV must be unique and must be the same when decrypting/encrypting. With data which is stored encrypted, you can take the output of a function of the index under which the data is stored (e.g. the MD5 key of the filename). Alternatively, you can transmit the IV together with the encrypted data (see chapter 9.3 of Applied Cryptography by Schneier (ISBN 0-471-11709-9) for a discussion of this topic).

Esempi

Mcrypt can be used to encrypt and decrypt using the above mentioned ciphers. If you linked against libmcrypt-2.2.x, the four important mcrypt commands (mcrypt_cfb(), mcrypt_cbc(), mcrypt_ecb(), and mcrypt_ofb()) can operate in both modes which are named MCRYPT_ENCRYPT and MCRYPT_DECRYPT, respectively.

Esempio 1. Encrypt an input value with TripleDES under 2.2.x in ECB mode

<?php
$key = "this is a very secret key";
$input = "Let us meet at 9 o'clock at the secret place.";

$encrypted_data = mcrypt_ecb (MCRYPT_3DES, $key, $input, MCRYPT_ENCRYPT);
?>
This example will give you the encrypted data as a string in $encrypted_data.

If you linked against libmcrypt 2.4.x or 2.5.x, these functions are still available, but it is recommended that you use the advanced functions.

Esempio 2. Encrypt an input value with TripleDES under 2.4.x and higher in ECB mode

<?php
    $key = "this is a very secret key";
    $input = "Let us meet at 9 o'clock at the secret place.";

    $td = mcrypt_module_open ('tripledes', '', 'ecb', '');
    $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
    mcrypt_generic_init ($td, $key, $iv);
    $encrypted_data = mcrypt_generic ($td, $input);
    mcrypt_generic_end ($td);
?>
This example will give you the encrypted data as a string in $encrypted_data. For a full example see mcrypt_module_open().

Sommario
mcrypt_cbc -- Encrypt/decrypt data in CBC mode
mcrypt_cfb -- Encrypt/decrypt data in CFB mode
mcrypt_create_iv --  Create an initialization vector (IV) from a random source
mcrypt_decrypt -- Decrypts crypttext with given parameters
mcrypt_ecb -- Encrypt/decrypt data in ECB mode
mcrypt_enc_get_algorithms_name -- Returns the name of the opened algorithm
mcrypt_enc_get_block_size -- Returns the blocksize of the opened algorithm
mcrypt_enc_get_iv_size -- Returns the size of the IV of the opened algorithm
mcrypt_enc_get_key_size -- Returns the maximum supported keysize of the opened mode
mcrypt_enc_get_modes_name -- Returns the name of the opened mode
mcrypt_enc_get_supported_key_sizes -- Returns an array with the supported keysizes of the opened algorithm
mcrypt_enc_is_block_algorithm_mode -- Checks whether the encryption of the opened mode works on blocks
mcrypt_enc_is_block_algorithm -- Checks whether the algorithm of the opened mode is a block algorithm
mcrypt_enc_is_block_mode -- Checks whether the opened mode outputs blocks
mcrypt_enc_self_test -- This function runs a self test on the opened module
mcrypt_encrypt -- Encrypts plaintext with given parameters
mcrypt_generic_deinit --  This function deinitializes an encryption module
mcrypt_generic_end -- This function terminates encryption
mcrypt_generic_init -- This function initializes all buffers needed for encryption
mcrypt_generic -- This function encrypts data
mcrypt_get_block_size -- Get the block size of the specified cipher
mcrypt_get_cipher_name -- Get the name of the specified cipher
mcrypt_get_iv_size -- Returns the size of the IV belonging to a specific cipher/mode combination
mcrypt_get_key_size -- Get the key size of the specified cipher
mcrypt_list_algorithms -- Get an array of all supported ciphers
mcrypt_list_modes -- Get an array of all supported modes
mcrypt_module_close --  Close the mcrypt module
mcrypt_module_get_algo_block_size -- Returns the blocksize of the specified algorithm
mcrypt_module_get_algo_key_size -- Returns the maximum supported keysize of the opened mode
mcrypt_module_get_supported_key_sizes -- Returns an array with the supported keysizes of the opened algorithm
mcrypt_module_is_block_algorithm_mode -- This function returns if the the specified module is a block algorithm or not
mcrypt_module_is_block_algorithm -- This function checks whether the specified algorithm is a block algorithm
mcrypt_module_is_block_mode -- This function returns if the the specified mode outputs blocks or not
mcrypt_module_open -- This function opens the module of the algorithm and the mode to be used
mcrypt_module_self_test -- This function runs a self test on the specified module
mcrypt_ofb -- Encrypt/decrypt data in OFB mode
mdecrypt_generic -- This function decrypts data
User Contributed Notes
Mcrypt Encryption Functions
add a note about notes
[email protected]
30-Jun-1999 02:31

For a practical example suitable for encrypting and
validating cookies or passing secure messages,
go to

[email protected]
10-Feb-2000 12:21

the encrypted result data maybe binary data and It make errors in sql query.
so use the base64_encode/base64_decode function with mcrypt()
try below

base64_encode(mcrypt_ecb(MCRYPT_BLOWFISH,$key,$input,MCRYPT_ENCRYPT));

mcrypt_ecb(MCRYPT_BLOWFISH,$key,base64_decode($input),MCRYPT_DECRYPT);

[email protected]
11-Jun-2001 07:56

If you are interested to see a blowfish implementation written in plain php, go to

I was just testing if it is possible. Yes it is, but it's really slow and unoptimized yet :( Maybe somebody knows how to speed the code up ?

Bye
Bjoern

[email protected]
27-Jun-2001 06:05

If you are trying to use mcrypt to encrypt and decrypt data for storing in cookies, then you should use bin2hex() before storing the data.
If you use rawurlencode() instead, then Internet Explorer does something fishy with the cookie, and when you try and use mdecrypt on the cookie later, the decrypt fails part way through.

[email protected]
18-Jul-2001 01:01

Mcrypt support in PHP has gone through cycles and it seems to have finally leveled off.

First, get libmcrypt-2.4.15 (well, that was the lastest as of today) and compile it. Pay no attention to the mcrypt examples in this manual as most of them will simply cause your web server to segfault. Here are some functions that I hope will help others with mcrypt.

PHP Manual Editor : Can you remove all the outdated comments and examples from the manual? It was seriously confusing to get to the bottom of the problems I had starting to use mcrypt and it's fairly straight forward now, I just think the PHP manual needs some updating in this area. Note that it seems Zend's manual pages have been updated as that's where I finally got some working example code.

Thanks!!!



$sCryptoKey = "whatever";

function
my_encrypt($sString) {

GLOBAL $sCryptoKey;

$iIV = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);

$sEncrypted = mcrypt_encrypt (MCRYPT_RIJNDAEL_256, $sCryptoKey, $sString, MCRYPT_MODE_ECB, $iIV);

return($sEncrypted);

} // End function my_encrypt

function
my_decrypt($sString) {

GLOBAL $sCryptoKey;

$iIV = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);

$sDecrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $sCryptoKey, $sString, MCRYPT_MODE_ECB, $iIV);

return(trim($sDecrypted));

} // End function my_decrypt

[email protected]
19-Jul-2001 03:34

According to the mcrypt manual page at , RC4 is not included with Mcrypt(as stated above). If anyone else is looking for RC4, as I was, there is a PHP library at sourceforge.net called RC4Crypt.
[email protected]
03-Aug-2001 01:37

If you compiled mcrypt and php without problem, but phpinfo() shows there are no supported ciphers and modes, try to change mode to 755 on libdirs (/usr/local/libmcrypt, /usr/local/libcrypt).
[email protected]
13-Aug-2001 07:12

The example2 contain this key:

$key = "this is a very secret key";

It's a 25 character length key and the max for TripleDES is 24 characters...

[email protected]
08-Feb-2002 05:45

I had some problems trying to link mcrypt module with PhP 4.1.1.
After sometimes, I figured that the PhP configure command incorrectly adds mcrypt library to the LIBS
//Original code
#LIBS="-lmcrypt
# -L$MCRYPT_DIR/lib
# $LIBS"

// modify like this:
LIBS=$LIBS" -lmcrypt"
LIBS=" -L$MCRYPT_DIR/lib
$LIBS"

Hope this helps,
Leon

[email protected]
17-Mar-2002 02:13

if you download you can use rc4 encryption with PHP 4.*.* on windows.


regester the dll by going to the directory and typing (regsvr32 rc4dll.dll)

use


<?

$RC4 = new COM("RC4DLL.Crypt") or die("Unable to load RC4");

echo "(Hello World) encrypted with (My Key) as the key";
echo $RC4->EnCrypt("Hello World","My Key");
echo "\n";
echo "(x�+�0�б) encrypted with (My Key) as the key";
echo $RC4->EnCrypt("1�N\�-��","My Key");
?>

[email protected]
28-Mar-2002 08:28

If you are using ECB mode to encrypt it does not seem to use the iv (initialization vector) for much of anything, given the same key it will always decrypt it no matter what the iv is. If you use CBC mode you must decrypt with the same iv that you encrypted with.

If you use a different iv before decrypting, your decrypt will not work. IMHO it seems better to use CBC mode than ECB as ECB will always encrypt to the same cipher text given the same plain text (leaving you open to know plaintext attacks). CBC uses the random iv which means text encrypts to different things. You probably could get the same effect from using random keys in ECB mode.

Read that in the Schneier book - Applied Cryptography (ISBN 0-471-11709-9) This book is a must for anyone seriously using any type of encryption.

26-Jun-2002 12:20
If your a windows PHP user, you can download the Mcrypt Encryption Functions for in a nice package. Too bad their site is down right now

:o(

[email protected]
26-Jul-2002 04:36



Has Win32 binaries for mcrypt dlls.

[email protected]
05-Sep-2002 07:04

If you have PROBLEMS WITH MCRYPT and you NEED STRONG ENCRYPTION, you can use my algorythm...

A flipping array is used as the key; the default key will generate about 480 characters of 255 possibilities...
You can say it's like a 3840 bits key with about 256^480 possibilities I hope you have enough time before hackers find your key...
Enough spoken, here is your code [scrypt class, based on strongcrypt full class] :

class scrypt {
var $key;
function gen_key ($pass, $level=30) {
for ($i=0; $i<$level; $i++) $mymd[$i]=md5(substr($pass,($i%strlen($pass)),1));
for ($a=0; $a<32; $a++) for ($i=0; $i<$level; $i++) $key.=substr($mymd[$i],$a,1);
$this->key=$key;
}
function enc ($text, $method=1) { # 1=encrypt, 0=decrypt
if ($method==0) {
$key=str_replace("3", "j", str_replace("2", "i", str_replace("1", "h", str_replace("0", "g", $key))));
$key=str_replace("7", "n", str_replace("6", "m", str_replace("5", "l", str_replace("4", "k", $key))));
$key=str_replace("b", "4", str_replace("a", "5", str_replace("9", "6", str_replace("8", "7", $key))));
$key=str_replace("f", "0", str_replace("e", "1", str_replace("d", "2", str_replace("c", "3", $key))));
$key=str_replace("j", "c", str_replace("i", "d", str_replace("h", "e", str_replace("g", "f", $key))));
$key=str_replace("n", "8", str_replace("m", "9", str_replace("l", "a", str_replace("k", "b", $key))));
$text=base64_decode($text);
}
for ($i=0; $i<strlen($key); $i=$i+2) $d[$i/2]=hexdec(substr($key,$i,2));
for ($i=0, $ntext=""; substr($text, $i, 1) !=""; $i++) $ntext.=chr((ord(substr($text, $i, 1))+$d[($i%strlen($key))])%255);
if ($method==1) $ntext=base64_encode($ntext);
return ($ntext);
}
}

you can use it like this :
$sc=new scrypt;
$pass="my pass";
$text="woow, what a text";
$sc->genkey($pass); # send the pass to generate the key
echo $sc->encrypt($text); # crypted text you can share in your mysql db or other
echo $sc->encrypt($encrypted,0); # shows you the decrypted text in the var called $encrypted

if you want to become the full strongcrypt class :

class strongcrypt {
function genkey ($pass) {
for ($i=0; $i<30; $i++) $mymd[$i]=md5(substr($pass,($i%strlen($pass)),1));
for ($a=0; $a<32; $a++) {
for ($i=0; $i<30; $i++) $key.=substr($mymd[$i],$a,1);
if ($a%2==1 && $a<31) $key.="\n";
}
return ($key);
}

function genpub ($key) {
$key=str_replace("1", "h", str_replace("0", "g", $key));
$key=str_replace("3", "j", str_replace("2", "i", $key));
$key=str_replace("5", "l", str_replace("4", "k", $key));
$key=str_replace("7", "n", str_replace("6", "m", $key));
$key=str_replace("9", "6", str_replace("8", "7", $key));
$key=str_replace("b", "4", str_replace("a", "5", $key));
$key=str_replace("d", "2", str_replace("c", "3", $key));
$key=str_replace("f", "0", str_replace("e", "1", $key));
$key=str_replace("h", "e", str_replace("g", "f", $key));
$key=str_replace("j", "c", str_replace("i", "d", $key));
$key=str_replace("l", "a", str_replace("k", "b", $key));
$key=str_replace("n", "8", str_replace("m", "9", $key));
return ($key);
}

function encrypt($text, $key) {
$key=str_replace("\n", "", $key);
for ($i=0; $i<strlen($key); $i=$i+2) $d[$i/2]=hexdec(substr($key,$i,2));
for ($i=0, $ntext=""; substr($text, $i, 1) !=""; $i++) $ntext.=chr((ord(substr($text, $i, 1))+$d[($i%strlen($key))])%255);
$ntext=base64_encode($ntext);
return ($ntext);
}

function decrypt($text, $key) {
$key=str_replace("\n", "", $key);
$text=base64_decode($text);
for ($i=0; $i<strlen($key); $i=$i+2) $d[$i/2]=hexdec(substr($key,$i,2));
for ($i=0, $ntext=""; substr($text, $i, 1) !=""; $i++) $ntext.=chr((ord(substr($text, $i, 1))+$d[($i%strlen($key))])%255);
return ($ntext);
}
}

If you need help, you can mail.
If there is a better method, please mail me.
TCK

add a note about notes
previousmcal_week_of_yearmcrypt_cbcnext
Last updated: Tue, 03 Sep 2002
show source | credits | stats | mirror sites
Copyright © 2001, 2002 The PHP Group
All rights reserved.
This mirror generously provided by:
Last updated: Fri Sep 6 12:35:50 2002 CEST