How to encrypt with ZF
- Posted by thomasw at 16:58:36 // //
- Announcements, File Transfer, Filter, Validate
Hy fellows,
today I finished some new components which took a long time for finishing them.
Zend Framework can, from today on, encrypt and decrypt content and complete files.
Supported are actually two extensions:
Mcrypt and OpenSSL
As both extensions provide a completly different encryption handling also the usage of this two adapters differ. But still, the encryption and decryption is really simple.
Mcrypt:
Let’s take a look at a simple example for string encryption with Mcrypt:
$filter = new Zend_Filter_Encrypt('myencryptionkey');
// Set a own vector, otherwise you must call getVector()
// and store this vector for later decryption
$filter->setVector('myvector');
$encrypted = $filter->filter('text_to_be_encoded');
print $encrypted;
Really, that’s all :-)
Ok, Mcrypt is really easy. Per default it uses the blowfish algorithm, but you can change it by giving the “algorithm” key. Also the mode, the directories and the vector to be used can be changed. You could also give a Zend_Config object as input where you have defined your encryption options. See the manual for details.
$filter = new Zend_Filter_Encrypt(array( 'key' => 'anotherencryptionkey', 'algorithm' => 'DES', ));
Decryption, is as easy as encryption and can be done with 2 or 3 lines of code:
$filter = new Zend_Filter_Decrypt('myencryptionkey');
// Set the vector with which the content was encrypted
$filter->setVector('myvector');
$decrypted = $filter->filter($encrypted);
print $decrypted;
]]>
Of course, you need key, vector, algorithm and method. Otherwise you will not be able to decrypt the given content. Also for decryption you can give these options eighter as array or as Zend_Config object or simply by calling the related setter methods.
But as you see the handling is really simple.
OpenSSL:
Now let’s take a look at OpenSSL. For OpenSSL you need to have public keys and your private key.
OpenSSL works completly different. Here you encode your content for the people from whom you received the public keys. Other people will not be able to decrypt your content.
So how does a simple example look like:
$filter = new Zend_Filter_Encrypt(
array('adapter' => 'openssl',
'private' => '/path/to/mykey/private.pem'));
// of course you can also give the public keys as array key at initiation
$filter->setPublicKey(
array('first' => '/public/key/path/first.pem',
'second' => '/public/key/path/second.pem')
->setPassphrase('mypassphrase');
$encrypted = $filter->filter('text_to_be_encoded');
$envelope = $filter->getEnvelopeKey();
print $encrypted;
// For decryption look at the Decrypt filter
As you see we are encoding our content for two people as we gave two public keys. Additionally we provided a passphrase which means that the envelope keys we have to provide for decryption will additionally be encrypted with this passphrase.
A malcious user who has stolen the keys will not be able to decrypt the conent when he does not know the passphrase. As it’s optional you can of course supress the passphrase.
There is one emminent change to the usage of Mcrypt. After we encoded our content with filter() we have to get the envelope keys. You have to give your oponent his envelope key.
getEnvelopeKey will return you an array which looks like the one we provided in setPublicKey but instead of the public keys it will hold the related envelope keys. Based on the array key you are able to seperate the right key for the right user.
Also this was quite simple. Only 4 lines of code for encryption of content with OpenSSL.
Now let’s decrypt the content:
$filter = new Zend_Filter_Decrypt(
array('adapter' => 'openssl',
'private' => '/path/to/mykey/private.pem'));
// of course you can also give the envelope keys at initiation
$filter->setEnvelopeKey(array('/key/from/encoder/first.pem',
'/key/from/encoder/second.pem');
->setPassphrase('mypassphrase');
$decrypted = $filter->filter($encrypted);
print $decrypted;
That’s it… when you have no passphrase and use only the options array you can decode with just 2 lines of code.
Encrypting files:
Until now it was simple… but now it get’s even simpler.
You need to encrypt and decrypt files ?
I also added file encryption and decryption filters which can be used with Zend_Form and Zend_File_Transfer. Easy as always:
$element = new Zend_File_Transfer_Adapter_Http();
$element->addFilter('Encrypt',
array('key' => 'myencryptionkey',
'vector' => 'myvector'));
Now all uploaded files will be encrypted.
Of course you can also use the file filter manually:
$filter = new Zend_Filter_File_Encrypt(
array('key' => 'myencryptionkey',
'vector' => 'myvector'));
$filter->filter('/path/to/myfile.ext');
Decryption works the same way.
As you can see the whole encryption and decryption API is simple and easy to use. This features will be available within the next release.
I hope you find it usefull and wish you a good work.
Greetings
Thomas Weidner
I18N Team Leader, Zend Framework
Zend Framework Advisory Board Member
Zend Certified Engineer for Zend Framework