AES 256 Encryption with PHP
I promised in my previous blog post (“PHP Cryptography Padding: ANSI X.923, ISO 10126, PKCS7, Bit, Zero“) that I would publish an example for AES encryption in PHP. Now I am delivering. I whipped up a class to handle AES Encryption that also implements block padding using padCrypt.
The AES_Encryption class is dependent on PHP’s mcrypt extension as well as my padCrypt class, but to make it easier for you, I have packaged both in to one download.
Using the class is super simple. At minimum, all you need to do is pass it your key, initialization vector, and the message that you want to encrypt or decrypt. See sample usage below.
<?php require_once('padCrypt.php'); require_once('AES_Encryption.php'); $key = "12345678901234561234567890123456"; $iv = "1234567890123456"; $message = "The quick brown fox jumped over the lazy dog"; $AES = new AES_Encryption($key, $iv); $encrypted = $AES->encrypt($message); $decrypted = $AES->decrypt($encrypted); $base64_encrypted = base64_encode($encrypted); ?>
It should be noted that the AES_Encryption class does not automatically generate keys and/or initialization vectors. You need to build these yourself and keep track of them as they are both needed for decryption of a message at a later time. By default, the class uses ZERO padding, but you have the option to choose which method you want to use.
You can see this class in action in this little online AES encryption tool that I built: PHP – AES Encryption (128, 192, 256 Bit)
Encryption Strength: 128, 192, and 256 Bit
The AES_Encryption class determines the encryption strength automatically based on your key length. The allowed key lengths are 16 bytes, 24 bytes, and 32 bytes which translate to 128, 192, and 256 bits respectively.
Can I use other encryption modes and padding methods?
You sure can, the AES_Encryption class also accepts $mode and $padding parameters. The accept mode values are ecb, cfb, cbc, stream, nofb, ofb. The padding parameter accepts any method that is supported by the padCrypt class, which at the time of writing are the following: ANSI_X.923, ISO_10126, PKCS7 (PKCS5 is identical), BIT, ZERO
What does Base64-Encoding have to do with AES encryption?
It is industry standard to transfer AES encrypted messages between systems in ASCII compliant Base64 format. This ensures compatibility across multiple platforms and programming languages.
Why not use phpseclib AES implementation?
The phpseclib implementation of AES uses PKCS#1 padding which is RSA Cryptography Standard which is used for SSH and sFTP. My AES_Encryption implementation allows you to choose which padding method use, including PKCS#7 which is Cryptographic Message Syntax Standard. There is no right or wrong here, it depends on the padding method you need to use. I created my class because I needed to use ISO 10126 padding with AES encryption. It is noteworthy that the phpseclib implementation is a native PHP solution and does not require mcrypt. Mine does, but most people have access to mcrypt now days.