phpCrypt – A PHP Encryption Library

Download the Latest Version of phpCrypt From GitHub

phpCrypt is an open source encryption library that is written in PHP. It does not use mCrypt, PHP extentions, or PEAR libraries. phpCrypt aims to implement every major Encryption Cipher,  Modes, and Padding Scheme. See the table below for the currently supported Ciphers, Modes, Padding, and methods of creating an IV. If you have any Ciphers or Modes you would like to see implemented in phpCrypt, please contact me and let me know. I’ll add it the list of Ciphers or Modes to be implemented.

The phpCrypt source is now hosted on GitHub. You can view the phpCrypt repository at https://github.com/gilfether/phpcrypt

After downloading and extracting phpCrypt, view the ‘examples’ directory for sample code of how phpCrypt is used.

phpCrypt requires PHP 5.3 or later.

Version History & Updates

The changes are now kept in the CHANGELOG, which you can read in the phpCrypt GitHub repository at https://github.com/gilfether/phpcrypt/blob/master/CHANGELOG

Documentation & Sample Code

The README file in phpCrypt is a good place to get started. Also included in the phpCrypt library is an ‘examples’ directory which provides sample code using phpCrypt. Below is an example encrypting and decrypting a string with phpCrypt. Note that if you are new to encryption, using AES-128 and CBC mode is a secure and easy way to start.

<?php
include_once(“/path/to/phpcrypt/phpCrypt.php”);
use PHP_Crypt\PHP_Crypt as PHP_Crypt;

$data = “This is my secret message.”;
$key = “MySecretKey01234”;
$crypt = new PHP_Crypt($key, PHP_Crypt::CIPHER_AES_128, PHP_Crypt::MODE_CBC);

$iv = $crypt->createIV();
$encrypt = $crypt->encrypt($data);

$crypt->IV($iv);
$decrypt = $crypt->decrypt($encrypt);
?>

Supported Encryption Ciphers

New to encryption and not sure which mode, cipher, or padding method to use? Personally I recommend using AES-128 encryption, with CBC mode.

 

Name Type Key Size (bits) phpCrypt Constant Notes
3-Way Block 96 PHP_Crypt::CIPHER_3WAY
AES 128 Block 128 PHP_Crypt::CIPHER_AES_128 AES-128 is the same as Rijndael-128 using a 128 bit key. Commonly used and RECOMMENDED
AES 192 Block 192 PHP_Crypt::CIPHER_AES_192 AES-192 is the same as Rijndael-128 using a 192 bit key
AES 256 Block 256 PHP_Crypt::CIPHER_AES_256 AES-256 is the same as Rijndael-128 using a 256 bit key
ARC4 Stream Max 2048 PHP_Crypt::CIPHER_ARC4 This is an implementation of the RC4 algorithm. Due to trademark restrictions on the RC4 name, the ARC4 name is commonly used.
Blowfish Block Max 448 PHP_Crypt::CIPHER_BLOWFISH The Blowfish encryption cipher
CAST-128 Block 40 – 128 PHP_Crypt::CIPHER_CAST_128 The CAST-128 encryption cipher
CAST-256 Block 128, 160, 192, 224, 256 PHP_Crypt::CIPHER_CAST_256 The CAST-256 encryption cipher
DES Block 64 PHP_Crypt::CIPHER_DES  The DES encryption cipher. Outdated and not recommended.
3DES Block 64, 128, 192 PHP_Crypt::CIPHER_3DES The Triple DES encryption cipher.
Enigma Stream Any Length PHP_Crypt::CIPHER_ENIGMA phpCrypt’s Enigma. This implementation of Enigma is compatible with mCrypt’s Enigma.
RC2 Block 8 – 1024 PHP_Crypt::CIPHER_RC2
Rijndael 128 Block 128, 192, 256 PHP_Crypt::CIPHER_RIJNDAEL_128 Rijndael 128 is the same as AES 128, AES 192, and AES 256.
Rijndael 192 Block 128, 192, 256 PHP_Crypt::CIPHER_RIJNDAEL_192 Rijndael 192 is not compatible with AES 192. Rijndael 192 uses a 192 bit cipher text, with a 128, 192, or 256 bit key. AES 192 uses 128 bit cipher text, with a 192 bit key.
Rijndael 256 Block 128, 192, 256 PHP_Crypt::CIPHER_RIJNDAEL_256 Rijndael 256 is not compatible with AES 256. Rijndael 256 uses a 256 bit cipher text, with a 128, 192, or 256 bit key. AES 256 uses 128 bit cipher text, with a 256 bit key.
SimpleXOR Block Any length PHP_Crypt::CIPHER_SIMPLEXOR This is an example of using a Binary XOR to encrypt a string. XORing data reveals hidden information about the encrypted data, and should not be used when encrypting data that must be secure.
Skipjack Block 80 PHP_Crypt::CIPHER_SKIPJACK Skipjack was developed by the NSA, and was initially classified. It was meant as a replacement for the DES algorithm
Vigenere Stream Any length PHP_Crypt::CIPHER_VIGENERE An implementation of the Vigenere cipher. This is a historical cipher and should not be used to encrypt data that must be secure.

Supported Modes

Name Requires IV? Works With phpCrypt Constant Notes
CBC Yes Block Ciphers PHP_Crypt::MODE_CBC Cipher Block Chaining. RECOMMENDED.
CFB Yes Block Ciphers PHP_Crypt::MODE_CFB Cipher Feedback – This operates on 8 bits of data at a time.
CTR Yes Block Ciphers PHP_Crypt::MODE_CTR Counter Mode – This is one of the recommended modes to use. This implementation is compatible with mCrypt’s CTR mode. Please note that CTR mode is a loosely defined mode, and can be implemented different ways. phpCrypt’s CTR mode may not be compatible with other CTR implementations.
ECB No Block Ciphers PHP_Crypt::MODE_ECB Electronic Codebook – This mode can reveal some information about the data being encrypted. With the other secure modes available, it is not recommended you use this mode.
NCFB Yes Block Ciphers PHP_Crypt::MODE_NCFB N-bit Cipher Feedback. This version of CFB operates on the block size used by the Cipher, where N is the cipher’s required block size. This differs from CFB mode which only operates on 8 bit blocks of data at a time.
NOFB Yes Block Ciphers PHP_Crypt::MODE_NOFB N-bit Output Feedback – This version of OFB operates on the block size used by the Cipher, where N is the cipher’s required block size. This differs from OFB mode which only operates on 8 bit blocks of data at a time.
OFB Yes Block Ciphers PHP_Crypt::MODE_OFB Output Feedback – This verson of OFB operates on 8 bits of data at a time.
PCBC Yes Block Ciphers PHP_Crypt::MODE_PCBC Propagating cipher-block chaining
Raw No All Ciphers PHP_Crypt::MODE_RAW This isn’t technically a mode, rather it allows you to use a cipher raw, without passing it through a mode. This is useful for debugging, testing, or if you wish to  implement your own mode outside of phpCrypt but use one of phpCrypt’s cipher’s. Please note that when using RAW mode, you can only encrypt a single block of data. You are responsible for ensuring the single block is the correct length in bytes as required by the cipher.
Stream No Stream Ciphers PHP_Crypt::MODE_STREAM Stream Mode only works with Stream Ciphers. Block ciphers may not use the Stream mode, and Stream Ciphers may not use modes for Block Ciphers.

Supported Padding Schemes

Name phpCrypt Constant Notes
Zero PHP_Crypt::PAD_ZERO Zero Padding, also known as NULL Padding. This is the default padding used when one is not specified. NOTE that the NULL padding characters are not stripped off during decryption. This is left for the developer to do.
ANSI X.923 PHP_Crypt::PAD_ANSI_X923 ANSI X.923 Padding
ISO 10126 PHP_Crypt::PAD_ISO_10126 ISO 10126 Padding
PKCS7 PHP_Crypt::PAD_PKCS7 PKCS7 Padding.
ISO 7816.4 PHP_Crypt::PAD_ISO_7816_4 ISO 7816.4 Padding

Constants for PHP_Crypt::createKey() and PHP_Crypt::createIV()

Name phpCrypt Constant Notes
Random PHP_Crypt::RAND Uses PHP’s mt_rand(). This is used by default if no value is given to the functions. It is recommended you use one of the other random byte generators below for better security.
/dev/random PHP_Crypt::RAND_DEV_RAND Uses the Linux/Unix /dev/random to create random bytes. Not available on Windows.
/dev/urandom PHP_Crypt::RAND_DEV_URAND Uses the Linux/Unix /dev/urandom to create random bytes. Not available on Windows.
Microsoft CAPICOM PHP_Crypt::RAND_WIN_COM Uses Microsoft CAPICOM SDK for secure random number generation on Windows. View the README included with phpCrypt on how to install the CAPICOM SDK. Not available for Unix.