To implement file content encryption in PHP, you should select appropriate encryption algorithms and key management strategies. Here are three solutions:
Symmetric Encryption (e.g., AES): Ideal for large files. Use the OpenSSL extension with AES-256-CBC for fast and secure encryption.
Asymmetric Encryption (e.g., RSA): Suitable for encrypting small amounts of data, such as symmetric encryption keys. High security but slower performance.
Hashing Algorithms (e.g., SHA-256): Used for generating keys or verifying integrity, but irreversible.
How to Choose the Right Encryption Algorithm?
When selecting an encryption algorithm, consider security, performance, and compatibility:
Symmetric Encryption Algorithms (e.g., AES, DES, Blowfish):
Fast and suitable for encrypting large files.
PHP’s openssl_encrypt and openssl_decrypt support multiple symmetric algorithms.
Caution: The encryption key must be securely stored and transmitted—if compromised, the encryption is ineffective.
Asymmetric Encryption Algorithms (e.g., RSA):
High security but slower, ideal for encrypting small amounts of data (e.g., symmetric encryption keys).
Use PHP’s openssl_public_encrypt and openssl_private_decrypt for RSA.
Works with a public key (for encryption, can be shared) and a private key (for decryption, must be kept secret).
Hashing Algorithms (e.g., MD5, SHA-256):
Not true encryption (one-way, irreversible) but useful for generating keys or verifying file integrity.
PHP provides md5 and hash functions for hashing.
Three Implementation Solutions for File Encryption/Decryption
AES Encryption with OpenSSL Extension
The OpenSSL extension offers robust encryption capabilities. AES is a widely adopted symmetric encryption algorithm.
<?php
function encrypt_file($source, $destination, $key) {
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
$encrypted = openssl_encrypt(
file_get_contents($source),
'aes-256-cbc',
$key,
0,
$iv
);
file_put_contents($destination, base64_encode($iv . $encrypted));
}
function decrypt_file($source, $destination, $key) {
$data = base64_decode(file_get_contents($source));
$iv_length = openssl_cipher_iv_length('aes-256-cbc');
$iv = substr($data, 0, $iv_length);
$encrypted = substr($data, $iv_length);
$decrypted = openssl_decrypt(
$encrypted,
'aes-256-cbc',
$key,
0,
$iv
);
file_put_contents($destination, $decrypted);
}
//
$source_file = 'my_secret_file.txt';
$encrypted_file = 'my_secret_file.enc';
$decrypted_file = 'my_secret_file_decrypted.txt';
$key = 'MySuperSecretKey123';
encrypt_file($source_file, $encrypted_file, $key);
decrypt_file($encrypted_file, $decrypted_file, $key);
echo "ok。\n";
?>
DES Encryption with the mcrypt Extension (Deprecated and Not Recommended)
The mcrypt extension was deprecated in PHP 7.1 and removed in PHP 7.2, so it is not recommended for use. This method is shown here for completeness, but always prioritize OpenSSL instead.
<?php
function encrypt_file_mcrypt($source, $destination, $key) {
$key = substr(sha1($key, true), 0, 8);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_DES, MCRYPT_MODE_CBC), MCRYPT_RAND);
$resource = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init($resource, $key, $iv);
$encrypted = mcrypt_generic($resource, file_get_contents($source));
mcrypt_generic_deinit($resource);
mcrypt_module_close($resource);
file_put_contents($destination, $iv . $encrypted);
}
function decrypt_file_mcrypt($source, $destination, $key) {
$key = substr(sha1($key, true), 0, 8);
$contents = file_get_contents($source);
$iv = substr($contents, 0, mcrypt_get_iv_size(MCRYPT_DES, MCRYPT_MODE_CBC));
$encrypted = substr($contents, mcrypt_get_iv_size(MCRYPT_DES, MCRYPT_MODE_CBC));
$resource = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_CBC, '');
mcrypt_generic_init($resource, $key, $iv);
$decrypted = mdecrypt_generic($resource, $encrypted);
mcrypt_generic_deinit($resource);
mcrypt_module_close($resource);
file_put_contents($destination, trim($decrypted));
}
//
$source_file = 'my_secret_file.txt';
$encrypted_file = 'my_secret_file.des';
$decrypted_file = 'my_secret_file_decrypted.txt';
$key = 'MySuperSecretKey123';
encrypt_file_mcrypt($source_file, $encrypted_file, $key);
decrypt_file_mcrypt($encrypted_file, $decrypted_file, $key);
echo "ok。\n";
?>
**Custom XOR Encryption
**XOR encryption is a simple encryption algorithm that achieves encryption by performing an XOR operation between the file content and a secret key. While this algorithm offers relatively low security, it can serve as a quick encryption method.
<?php
// drivemadgame.cc
function encrypt_file_xor($source, $destination, $key) {
$content = file_get_contents($source);
$key_length = strlen($key);
$encrypted = '';
for ($i = 0; $i < strlen($content); $i++) {
$encrypted .= chr(ord($content[$i]) ^ ord($key[$i % $key_length]));
}
file_put_contents($destination, $encrypted);
}
function decrypt_file_xor($source, $destination, $key) {
encrypt_file_xor($source, $destination, $key);
}
$source_file = 'my_secret_file.txt';
$encrypted_file = 'my_secret_file.xor';
$decrypted_file = 'my_secret_file_decrypted.txt';
$key = 'MySuperSecretKey123';
encrypt_file_xor($source_file, $encrypted_file, $key);
decrypt_file_xor($encrypted_file, $decrypted_file, $key);
echo "ok。\n";
?>
Top comments (0)