Ask a question

Popular technologies


Latest questions:

841 sql - Reverse the array in php
590 php - Convert long numbers to short and compact
158 php - Codeigniter 4 validation error callback_check_password is not working
59 laravel - How to calculate hour two date difference in php?
175 php - Symfony project shows directory listing index instead of index page
297 php - Test Imagick Image
718 wordpress - I am getting issues with my single Post navigation in single.php with previous_post_link() and next_post_link() is not working with post type "post"
610 PHP bcrypt to PYTHON bycrypt not giving same values
387 php - How to fix error Query array failed: 1064
549 php - What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
  1. Home
  2. How to use bcrypt in mysql with php
998 votes
1 answers

How to use bcrypt in mysql with php

mangohost Get the solution ↓↓↓

Solution:

A very basic encryption class, such as the following, would allow you to encrypt and decrypt data - the encrypted data can be stored in the db or sent via email etc - no promises are made about the levels of security offered however as it was quickly put together.

The longer thepubkey andhashsecret the better...

<?php

    class encryption{
        
        public function __construct(){
            $this->config=array(
                'hashalgo'      =>  'sha256',
                'cipher'        =>  'AES-128-CBC',
                'hashsecret'    =>  'banana womble hippopotamus pomegranate',
                'pubkey'        =>  'CAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4GA1UECxMXR2xv
YmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh
bFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT
aWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln
bjCCASIwDQYJKoZIhvcNAQEBBQADggEPA'
            );
        }
        
        private function makehash( $data, $key ){
            return hash_hmac( $this->config['hashalgo'], $data, $key, true );
        }
    
        public function encrypt( $data=false ){
            $conf=(object)$this->config;
            
            if( !empty( $data ) && in_array( $conf->cipher, openssl_get_cipher_methods() ) ){
                
                $ivlen = openssl_cipher_iv_length( $conf->cipher );
                $iv = openssl_random_pseudo_bytes( $ivlen );
                
                $encrypted = openssl_encrypt( $data, $conf->cipher, $conf->pubkey, $options=OPENSSL_RAW_DATA, $iv );
                $hash = $this->makehash( $encrypted, $conf->pubkey );
                
                return base64_encode( $iv . $hash . $encrypted );
            }
            return false;
        }
        
        public function decrypt( $data ){
            $conf=(object)$this->config;
            if( !empty( $data ) && in_array( $conf->cipher, openssl_get_cipher_methods() ) ){
                
                $shalength=32;
                $data = base64_decode( $data );
                $ivlen = openssl_cipher_iv_length( $conf->cipher );
                $iv = substr( $data, 0, $ivlen );
                $hash = substr( $data, $ivlen, $shalength );
                
                $encrypted = substr( $data, $ivlen + $shalength );
                $decrypted = openssl_decrypt( $encrypted, $conf->cipher, $conf->pubkey, $options=OPENSSL_RAW_DATA, $iv );
                
                if( $decrypted && hash_equals( $hash, $this->makehash( $encrypted, $conf->pubkey ) ) ){
                    return $decrypted;
                }
            }
            return false;
        }   
    }
    
    
    
    $obj=new encryption;
    
    
    $password="pocahontas";
    $encrypted=$obj->encrypt( $password );
    $decrypted=$obj->decrypt( $encrypted );
    
    printf('<pre>
    Password: %s
    Encrypted: %s
    Decrypted: %s
    </pre>',$password,$encrypted,$decrypted);

?>

This will output something like:

Password: pocahontas
Encrypted: Hvx3j9lwtEII3pR+m05TYDv+BV0IwLa8dQavGgaeQCJITSCU88AYhZrt+swMYNKOD3VQX6PN0mcA/rDkdwmqGw==
Decrypted: pocahontas

As you can see the original password is encrypted with different values each time but always decodes to the same original password when decrypted.

86
votes

Answer

Solution:

As stated in other comments the bcrypt-method is good for comparing passwords ("is the password correct?") but not as a source for encryption/decryption.

For a minor security level (saving a telephone number) I believe a combination of a key derivation method (here PBKDF2) and AES in ECB mode is OK for that, because ECB mode is getting unsecure when the data is longer than the block length of 16 bytes (most telephone numbers should fit in this length of 16 :-). If you need a more secure level you should consider to use GCM mode but that would be another question.

My code is simulating an encryption and later decryption within one PHP-class; usually that would be done in separate classes and therefore I'm using "doubled" variable names (e.g. 'salt' and 'saltToDecrypt') and it is using the openssl-library available on almost all modern PHP implementations (I'm using PHP 7.3).

The code is full of echoing to "prove" that the variables on encryption side are the same as on decryption side, they can get commented out in production.

The code does not do ANY error handling (e.g. wrong password given on decryption side) and is for education only.

The result will show the correct decryption and because of the random element in 'salt' each run of the program (with same plaintext and password) gets a different encoded string.

Here is the output:

Encryption with AES ECB mode and PBKDF2 key derivation<br>
plaintext              : 0123-45678-90123<br>
password               : myPassword<br>
salt                   : 2dccc75991638322d6b1954726f969bcbfc86b00e9928a759c0ea9618eedd4f8<br>
hash                   : a86178ca7aebf3cde4b8472ac5825cea<br>
ecbEncrypt             : NWt6Cyi11m7Vzwm1tsRhE6l8S5IH8Ko9HIgYeKg7yFQ=<br>
token                  : Tld0NkN5aTExbTdWendtMXRzUmhFNmw4UzVJSDhLbzlISWdZZUtnN3lGUT06Oi3Mx1mRY4Mi1rGVRyb5aby/yGsA6ZKKdZwOqWGO7dT4<br>

Decryption
passwordToDecrypt      : myPassword<br>
dataToDecrypt          : NWt6Cyi11m7Vzwm1tsRhE6l8S5IH8Ko9HIgYeKg7yFQ=<br>
saltToDecrypt          : 2dccc75991638322d6b1954726f969bcbfc86b00e9928a759c0ea9618eedd4f8<br>
hashToDecrypt          : a86178ca7aebf3cde4b8472ac5825cea<br>
decrypted plaintext    : 0123-45678-90123<br>

Code:

<?php
echo PHP_EOL . "Encryption with AES ECB mode and PBKDF2 key derivation" . '<br>' . PHP_EOL;
// https://stackoverflow.com/questions/62930372/how-to-use-bcrypt-in-mysql-with-php/62931080#62931080

$plaintext = "0123-45678-90123"; // telephone number
$password = "myPassword";
echo "plaintext              : " . $plaintext . '<br>' . PHP_EOL;
echo "password               : " . $password . '<br>' . PHP_EOL;
$iterations = 10000; // better to use higher iterations but this slows down the process (but this is wanted !)

// generate password hash with pbkdf2 and encrypt
$salt = openssl_random_pseudo_bytes(32);
$hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 32);
echo "salt                   : " . bin2hex($salt) . '<br>' . PHP_EOL;
echo "hash                   : " . $hash . '<br>' . PHP_EOL;
$ecbEncrypt = openssl_encrypt($plaintext, "aes-256-ecb", $hash, $options=0);
echo "ecbEncrypt             : " . $ecbEncrypt . '<br>' . PHP_EOL;
$token = base64_encode($ecbEncrypt . '::' . $salt);
echo "token                  : " . $token . '<br>' . PHP_EOL;
// save this token in the database

// load the token from the database and decrypt
echo PHP_EOL . "Decryption" . PHP_EOL;
$passwordToDecrypt = "myPassword";
$iterationsToDecrypt = 10000; // better to use higher iterations but this slows down the process (but this is wanted !)
$tokenLoad = $token;
list($dataToDecrypt, $saltToDecrypt) = explode('::', base64_decode($tokenLoad), 2);
echo "passwordToDecrypt      : " . $passwordToDecrypt . '<br>' . PHP_EOL;
echo "dataToDecrypt          : " . $dataToDecrypt . '<br>' . PHP_EOL;
echo "saltToDecrypt          : " . bin2hex($saltToDecrypt) . '<br>' . PHP_EOL;
$hashToDecrypt = hash_pbkdf2("sha256", $passwordToDecrypt, $saltToDecrypt, $iterationsToDecrypt, 32);
echo "hashToDecrypt          : " . $hashToDecrypt. '<br>' . PHP_EOL;
$ecbDecrypt = openssl_decrypt($dataToDecrypt, "aes-256-ecb", $hashToDecrypt, $options=0);
echo "decrypted plaintext    : " . $ecbDecrypt . '<br>' . PHP_EOL;
?>

Source

Share

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Similar questions

Find the answer in similar questions on our website.

826 mysql - Order by After Where clause not working in MySQLi PHP
581 How to include a PHP variable inside a MySQL statement
143 Getting Class "mysqli" not found when using docker container to load mysql and php
36 php - This page isn??�t working error showing because session not set
927 php - How can I set a specific PhpSession Cookie for a webpage?
306 php - Is it possible to put a time restriction on user detail changes on wordpress/
801 linux - PHP-FPM Exporter Binary can not access php unix socket
192 php - How to fix Connection failed: Access denied for user 'webroot'@'localhost' (using password: YES)
477 php - Integrate JQuery Image Magnification with Dynamic Bootstrap 5 Carousel
730 php - PHPUnit test not sharing the entity manager with Symfony

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.




About the technologies asked in this question

PHP

PHP (from the English Hypertext Preprocessor - hypertext preprocessor) is a scripting programming language for developing web applications. Supported by most hosting providers, it is one of the most popular tools for creating dynamic websites. The PHP scripting language has gained wide popularity due to its processing speed, simplicity, cross-platform, functionality and distribution of source codes under its own license.
https://www.php.net/


MySQL

DBMS is a database management system. It is designed to change, search, add and delete information in the database. There are many DBMSs designed for similar purposes with different features. One of the most popular is MySQL. It is a software tool designed to work with relational SQL databases. It is easy to learn even for site owners who are not professional programmers or administrators. MySQL DBMS also allows you to export and import data, which is convenient when moving large amounts of information.
https://www.mysql.com/

Welcome to webdevask.com

Welcome to webdevask.com

Welcome to the Q&A site for web developers. Here you can ask a question about the problem you are facing and get answers from other experts. We have created a user-friendly interface so that you can quickly and free of charge ask a question about a web programming problem. We also invite other experts to join our community and help other members who ask questions. In addition, you can use our search for questions with a solution.

Get answers to specific questions

Ask about the real problem you are facing. Describe in detail what you are doing and what you want to achieve.

Help Others Solve Their Issues

Our goal is to create a strong community in which everyone will support each other. If you find a question and know the answer to it, help others with your knowledge.