Encrypt/Decrypt specific data in PHP

php simple encrypt decrypt
php encrypt/decrypt with salt
encryption and decryption in php example
php encryption and decryption code
encrypt and decrypt php source code
custom encryption and decryption in php
encrypt and decrypt password in php
php encryption library

I'm new to PHP, and I'm developing a web app for one of my subjects in college. The web app consists in platform to book nature activities. My problem is in one of the requirements, "encrypt/decrypt data", in which I need to encrypt the credit card data before it goes to the DB. For simplicity, the credit card fields are in the reservation table. This is my code:

$fieldsReservation = array(
    'idUser' => $idUser,
    'idActivity' => $idActivity,
    'reservationDate' => $reservationDate,
    'state' => 'reserved',
    'cardName' => $cardName,
    'cardType' => $cardType,
    'cardNumber' => $cardNumber,
    'cardExpiry' => $cardExpiry,
    'cardCVV' => $cardCVV);

$password = '3sc3RLrpd17';
$method = 'aes-256-cbc';

// password must be exact 32 chars (256 bit)
$password = substr(hash('sha256', $password, true), 0, 32);

// IV must be exact 16 chars (128 bit)
$iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);

foreach ($fieldsReservation as $key => $value){
    $fieldsReservation[$key] = base64_encode(openssl_encrypt($value, $method, $password, OPENSSL_RAW_DATA, $iv));
}

I already have tried with a foreach, but with a foreach, all data is encrypted, and i just want to encrypt the credit card data. If anyone could help me, I would be grateful!

It appears you would like to encrypt only the fields that contain card-related data, such as cardName, cardType, cardNumber etc. How about this:

foreach ($fieldsReservation as $key => $value){
  if (substr($key, 0, 4) == "card") {
    $fieldsReservation[$key] = 
      base64_encode(openssl_encrypt($value, $method, $password, OPENSSL_RAW_DATA, $iv));
  }
}

By looking at the each key, the code checks to see if it starts with "card". If so, its gets encrypted.

How to encrypt/decrypt data in php?, To use this code, simply copy and paste it into your PHP development environment and configure the variables indicated in the comment lines to your specific� In PHP, Encryption and Decryption of a string is possible using one of the Cryptography Extensions called OpenSSL function for encrypt and decrypt. openssl_encrypt () Function: The openssl_encrypt () function is used to encrypt the data.

Create a list of fields you want to encrypt, and just loop through that.

$to_encrypt = ['cardName', cardNumber'];

foreach ($to_encrypt as $key ){
    $fieldsReservation[$key] = base64_encode(openssl_encrypt($fieldsReservation[$key], $method, $password, OPENSSL_RAW_DATA, $iv));
}

How to Encrypt and Decrypt Data in PHP [Source Code], Secret key encryption (or symmetric encryption as it's also known) uses a single key to both encrypt and decrypt data. Let's see how we would� The openssl_encrypt () PHP function can encrypt a data with a encryption key. On the other hand, the openssl_decrypt () function can decrypt the encrypted data using a decrypted key. Here in this article, I am going to show you how to encrypt and decrypt a string in PHP with examples. Syntax for openssl_encrypt ()

Instead of

foreach ($fieldsReservation as $key => $value){
  $fieldsReservation[$key] = base64_encode(openssl_encrypt($value, $method, $password, OPENSSL_RAW_DATA, $iv));
}

Just use

$fieldsReservation['cardNumber'] = base64_encode(openssl_encrypt($fieldsReservation['cardNumber'], $method, $password, OPENSSL_RAW_DATA, $iv));

The foreach loops through every element of the array, so it SHOULD encrypt every element of the array. If you want to work with one specific element of an array, only do something to that one element of the array.

PHP Encryption Methods for Passwords & Other Sensitive Data, Encrypts given data with given method and key, returns a raw or base64 from algorithms that pad data to a certain block size. aes-256-gcm is preferable, but to correctly encrypt data with php openssl_encrypt and how to correctly decrypt it � I'm new to PHP, and I'm developing a web app for one of my subjects in college. The web app consists in platform to book nature activities. My problem is in one of the requirements, "encrypt/decrypt data", in which I need to encrypt the credit card data before it goes to the DB. For simplicity, the credit card fields are in the reservation table.

openssl_encrypt - Manual, Return Values �. Returns the encrypted data as a string or FALSE on failure. string into a key # key is specified using hexadecimal $key = pack('H*' Knowing this, you can encrypt, decrypt, and duplicate exactly any .NET 3DES behaviour in � A function that allows for both encryption and decryption of data. The functions mcrypt_encrypt and mcrypt_decrypt by default use the Blowfish algorithm. PHP's use of mcrypt can be found in this manual. A list of cipher definitions to select the cipher mcrypt uses also exists.

mcrypt_encrypt - Manual, openssl_decrypt ( string $data , string $method , string $key [, int $options = 0 [, string data. The encrypted message to be decrypted. method. The cipher method. other libraries and platforms, and almost certain reduction in cipher strength. To take the guesswork away from choosing a secure encryption algorithm, the PHP Simple Encryption and Decryption packageuses AES-256-CBC, a strong encryption algorithm by default. If this encryption algorithm ever becomes compromised, the class will default to a newer and stronger algorithm.

openssl_decrypt - Manual, As mentioned above, decryption requires that we know or can The only difference between the encryption and decryption function the uname for example - your data may be lost. The key with which the data was encrypted. If the provided key size is not supported by the cipher, the function will emit a warning and return FALSE. data. The data that will be decrypted with the given cipher and mode. If the size of the data is not n * blocksize, the data will be padded with '\0'. mode

Comments
  • It's nice to know that a newcomer encrypts the credit cards and saves them to the database, and I appreciate that decryption key you included. What's the URL to your project again? Asking purely out of curiosity.
  • By reusing the key and IV you can be absolutely certain that the result is not as secure as it should be. Even more importantly, a password is not the same as a key, and SHA-256 is not a good Password Based Key Derivation Function. So even if code works, your code is not secure which is goal of encryption after all.
  • Oh, I never thought that way, using substr "card", but it makes sense. Thank you so much!!
  • Downvoted as this answer doesn't spot the security issues and I don't want to upvote any answer containing insecure code.
  • Partial answer at best, all card fields need to be encrypted.