Skip to main content

Encrypt and Decrypt password using PHP

In PHP, you can use AES password encryption if you want to be able to store passwords securely and decrypt them when needed.
Be sure to put your secret key in an ENV file – if a hacker gets your secret key, they can decrypt the password.

You can use a random long string as the secret key for AES encryption in PHP. The key should be a random string of characters that is at least as long as the block size of the AES algorithm you are using. For AES-128, the key length should be 128 bits (16 bytes), for AES-192, the key length should be 192 bits (24 bytes), and for AES-256, the key length should be 256 bits (32 bytes). It’s important to note that the key must be kept secret and should be generated randomly and securely.

In PHP, you can use the built-in openssl_random_pseudo_bytes() function to generate a random key of the appropriate length.
It’s also important to use a good library that implements AES encryption properly, like OpenSSL or sodium (extension for PHP 7.2+), and make sure to use a proper mode of operation for AES.

It’s also worth noting that, for better security, it’s a good practice to use a key derivation function (KDF) to derive a key from the password. It’s also important to update the key regularly, for example by using a key rotation scheme.

 $secret_key = 'xj1X7O0FaAYDsNB4bU60YjdlrpIGMp9mkIMmGZoQGaQrDyPfmCqAWEU2u1nciHhWyvDVd276HAwywuIWlma3hd24fWNq8RG6kwahqt5iMZMlZFOdqSnVjq9NKeebzBPKJO6CN04z8Gi4j9wVmrp5tmO9KRKmryCQIykeb5NwcrCsZOvhQTAwO4oXevwtHQdEfrM5YI2XUohIfSSKozFcVIwms9HRuN1Fwyj9pP1voPW9zjb3kTF7ayxhSahLhoHv';

    // The data to be encrypted
    $plaintext = "MySecretPassword";
    
    // Encryption
    $cipher = "AES-128-CBC";
    $ivlen = openssl_cipher_iv_length($cipher);
    $iv = openssl_random_pseudo_bytes($ivlen);
    $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $secret_key, OPENSSL_RAW_DATA, $iv);
    $ciphertext = base64_encode($iv . $ciphertext_raw);
    
    // Decryption
    $ciphertext_dec = base64_decode($ciphertext);
    $iv_dec = substr($ciphertext_dec, 0, $ivlen);
    $ciphertext_raw_dec = substr($ciphertext_dec, $ivlen);
    $plaintext_dec = openssl_decrypt($ciphertext_raw_dec, $cipher, $secret_key, OPENSSL_RAW_DATA, $iv_dec);
    
    echo "Encrypted: " . $ciphertext . "\n";
    echo "Decrypted: " . $plaintext_dec . "\n";

Leave a Reply