PHP String Encryption (symmetric)
By Dag, on December 22nd, 20162 functions I wrote for encrypting strings between web pages using simple character level randomization with a reversed idea of private key usage where the data is never shared, and the encrypted string itself is just a map.
Without the randomized key, the map (encrypted string) is totally useless. There is no way of brute force cracking the encrypted data itself without the private key, like with math / semiprime based (e.g. RSA) encryptions. So you can protect the system by limiting failed attempts to avoid hackers from mapping the key, and changing it on a regular basis before enough attempts to map it is possible.
By having your source and target script read the private key from the same protected space in a closed system, you can effectively change it on every usage, making it practically impossible to crack since the encrypted value on its own is useless data without having a key to run it against. If used this way, it's a very strong and simple protective measure for encrypting simple alphanumeric(++) data.
The lock/encrypt function:
function djEncryptString($string, $key) { // $string is a random string to be encrypted. // $key is a randomized string that must contain all // the characters found in $string as an absolute minimum. $key_chars = str_split($key); $string_chars = str_split($string); $key_coords = ''; $key_coord_lengths = ''; foreach($string_chars as $s_char) { for ($loop_a = 0; $loop_a < count($key_chars); $loop_a++) { if ($s_char == $key_chars[$loop_a]) { $key_coords .= (string)$loop_a; $key_coord_lengths .= (string)strlen($loop_a); } } } // Returns a string of coordinates of where the string // characters are to be found within $key as well as the // length of every coordinate since the string is a line // of random numbers. return $key_coords .'-'. $key_coord_lengths; }
The unlock/decrypt function:
function djDecryptString($enc_str, $key) { // $enc_str is the output from djEncryptString(). // $key is the same key as used to encrypt with. $key_chars = str_split($key); $enc_data = explode('-', $enc_str); $key_coords = $enc_data[0]; $key_coord_lengths = str_split($enc_data[1]); $s = ''; foreach ($key_coord_lengths as $c) { $s .= $key_chars[(int)substr($key_coords, 0, (int)$c)]; $key_coords = substr($key_coords, (int)$c); } return $s; }
PHP example usage:
// Create a random key to be used by both functions. $key = str_shuffle('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890. '); $original_string = 'This is a random string.'; $encrypted_string = djEncryptString($original_string, $key); echo 'Key used: '. $key .'<br><br>'; echo 'Original string: '. $original_string .'<br><br>'; echo 'Encrypted string: '. $encrypted_string .'<br><br>'; echo 'Decrypted string: '. djDecryptString($encrypted_string, $key);
The above testing code produces output similar to this:
Key used: L2RZ6oMfcCjpWIuPxKsT5rSzteq.Dmln0O17d8YUX FgV4yNBiEvbJH3Q9AakhwG Original string: This is a random string. Encrypted string: 19614918414918415941215931365294118242149314327-222222222222221222222222 Decrypted string: This is a random string.
Demo
If you keep the contents of $key to a minimum of all alphanumeric characters (a-z, A-Z, 0-9) plus any special characters your $string may have, then just encrypting "Hi!" will have 633 = 250047 combinations.