PHP OpenSSL is an extension that enables the use of encryption functions based on the OpenSSL library. This extension is widely used for data security, creating digital certificates, and hashing. Below is an overview of the basic steps and examples of how to use PHP OpenSSL for various encryption tasks.
How to Enable PHP OpenSSL
Before we start using PHP OpenSSL, you need to ensure that the extension is installed and enabled in your environment. You can check this using the following command:
<?php
phpinfo();
?>
Look for the OpenSSL section. If it's not there, you'll need to install the extension. On Linux-based servers, this can be done using the following command:
sudo apt-get install php-openssl
Encryption Using a Symmetric Key
Symmetric encryption is a process where the same key is used for both encryption and decryption. PHP OpenSSL offers simple methods for encryption and decryption using algorithms like AES.
Step 1: Defining the encryption algorithm, key, and initialization vector (IV):
<?php
$data = "Secret message";
$key = "secret_key";
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
$cipher_method = 'aes-256-cbc';
?>
Step 2: Encrypting the data:
<?php
$encrypted_data = openssl_encrypt($data, $cipher_method, $key, 0, $iv);
?>
Step 3: Decrypting the data:
<?php
$decrypted_data = openssl_decrypt($encrypted_data, $cipher_method, $key, 0, $iv);
?>
Asymmetric Encryption Using Public and Private Keys
Asymmetric encryption uses a pair of keys – public and private. Data encrypted with the public key can only be decrypted with the private key and vice versa.
Step 1: Generating a key pair:
<?php
$config = array(
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$res = openssl_pkey_new($config);
openssl_pkey_export($res, $priv_key);
$pub_key = openssl_pkey_get_details($res)['key'];
?>
Step 2: Encrypting the data with the public key:
<?php
$public_key = openssl_pkey_get_public($pub_key);
openssl_public_encrypt($data, $encrypted_data, $public_key);
?>
Step 3: Decrypting the data with the private key:
<?php
$private_key = openssl_pkey_get_private($priv_key);
openssl_private_decrypt($encrypted_data, $decrypted_data, $private_key);
?>
Digital Signatures with OpenSSL
Digital signatures ensure data integrity and verify the identity of the sender. The following steps show how to sign a message and verify the signature using PHP OpenSSL.
Step 1: Creating a digital signature:
<?php
openssl_sign($data, $signature, $private_key, OPENSSL_ALGO_SHA256);
?>
Step 2: Verifying the signature:
<?php
$verification = openssl_verify($data, $signature, $public_key, OPENSSL_ALGO_SHA256);
?>
If the value returned by $verification is 1, the signature is valid. If it returns 0, the signature is invalid.
Working with Certificates
OpenSSL allows working with X.509 certificates, which are essential for securing communications over the internet, especially in HTTPS.
Step 1: Loading the certificate:
<?php
$cert = file_get_contents('cert.pem');
?>
Step 2: Extracting information from the certificate:
<?php
$cert_info = openssl_x509_parse($cert);
?>
Step 3: Verifying the certificate:
<?php
$public_key_from_cert = openssl_pkey_get_public($cert);
$cert_verification = openssl_x509_check_private_key($cert, $private_key);
?>
Conclusion
PHP OpenSSL is a powerful tool for working with encryption, decryption, digital signatures, and certificates. Understanding the basic operations like symmetric and asymmetric encryption, or working with certificates, is essential for securely handling data.
