Encryption Filters

mcrypt.* and mdecrypt.* provide symmetric encryption and decryption using libmcrypt. Both sets of filters support the same algorithms available to mcrypt extension in the form of mcrypt.ciphername where ciphername is the name of the cipher as it would be passed to mcrypt_module_open(). The following five filter parameters are also available:

Table O-1. mcrypt filter parameters

ParameterRequired?DefaultSample Values
modeOptionalcbccbc, cfb, ecb, nofb, ofb, stream
algorithms_dirOptionalini_get('mcrypt.algorithms_dir')Location of algorithms modules
modes_dirOptionalini_get('mcrypt.modes_dir')Location of modes modules
ivRequiredN/ATypically 8, 16, or 32 bytes of binary data. Depends on cipher
keyRequiredN/ATypically 8, 16, or 32 bytes of binary data. Depends on cipher

Example O-10. Encrypting file output using 3DES

<?php
$passphrase
= 'My secret';

/* Turn a human readable passphrase
* into a reproducable iv/key pair
*/
$iv = substr(md5('iv'.$passphrase, true), 0, 8);
$key = substr(md5('pass1'.$passphrase, true) .
               
md5('pass2'.$passphrase, true), 0, 24);
$opts = array('iv'=>$iv, 'key'=>$key);

$fp = fopen('secert-file.enc', 'wb');
stream_filter_append($fp, 'mcrypt.tripledes', STREAM_FILTER_WRITE, $opts);
fwrite($fp, 'Secret secret secret data');
fclose($fp);
?>

Example O-11. Reading an encrypted file

<?php
$passphrase
= 'My secret';

/* Turn a human readable passphrase
* into a reproducable iv/key pair
*/
$iv = substr(md5('iv'.$passphrase, true), 0, 8);
$key = substr(md5('pass1'.$passphrase, true) .
               
md5('pass2'.$passphrase, true), 0, 24);
$opts = array('iv'=>$iv, 'key'=>$key);

$fp = fopen('secert-file.enc', 'rb');
stream_filter_append($fp, 'mdecrypt.tripledes', STREAM_FILTER_WRITE, $opts);
$data = rtrim(stream_get_contents($fp));
fclose($fp);

echo
$data;
?>