PHP String Encryption (symmetric)
By Dag, on December 22nd, 20162 functions I wrote for encrypting strings between web pages using simple character level randomization with a reversed idea of private key usage where the data is never shared, and the encrypted string itself is just a map.
Without the randomized key, the map (encrypted string) is totally useless. There is no way of brute force cracking the encrypted data itself without the private key, like with math / semiprime based (e.g. RSA) encryptions. So you can protect the system by limiting failed attempts to avoid hackers from mapping the key, and changing it on a regular basis before enough attempts to map it is possible.
By having your source and target script read the private key from the same protected space in a closed system, you can effectively change it on every usage, making it practically impossible to crack since the encrypted value on its own is useless data without having a key to run it against. If used this way, it's a very strong and simple protective measure for encrypting simple alphanumeric(++) data.
The lock/encrypt function:
function djEncryptString($string, $key)
{
// $string is a random string to be encrypted.
// $key is a randomized string that must contain all
// the characters found in $string as an absolute minimum.
$key_chars = str_split($key);
$string_chars = str_split($string);
$key_coords = '';
$key_coord_lengths = '';
foreach($string_chars as $s_char) {
for ($loop_a = 0; $loop_a < count($key_chars); $loop_a++) {
if ($s_char == $key_chars[$loop_a]) {
$key_coords .= (string)$loop_a;
$key_coord_lengths .= (string)strlen($loop_a);
}
}
}
// Returns a string of coordinates of where the string
// characters are to be found within $key as well as the
// length of every coordinate since the string is a line
// of random numbers.
return $key_coords .'-'. $key_coord_lengths;
}
The unlock/decrypt function:
function djDecryptString($enc_str, $key)
{
// $enc_str is the output from djEncryptString().
// $key is the same key as used to encrypt with.
$key_chars = str_split($key);
$enc_data = explode('-', $enc_str);
$key_coords = $enc_data[0];
$key_coord_lengths = str_split($enc_data[1]);
$s = '';
foreach ($key_coord_lengths as $c) {
$s .= $key_chars[(int)substr($key_coords, 0, (int)$c)];
$key_coords = substr($key_coords, (int)$c);
}
return $s;
}
PHP example usage:
// Create a random key to be used by both functions.
$key = str_shuffle('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890. ');
$original_string = 'This is a random string.';
$encrypted_string = djEncryptString($original_string, $key);
echo 'Key used: '. $key .'<br><br>';
echo 'Original string: '. $original_string .'<br><br>';
echo 'Encrypted string: '. $encrypted_string .'<br><br>';
echo 'Decrypted string: '. djDecryptString($encrypted_string, $key);
The above testing code produces output similar to this:
Key used: L2RZ6oMfcCjpWIuPxKsT5rSzteq.Dmln0O17d8YUX FgV4yNBiEvbJH3Q9AakhwG Original string: This is a random string. Encrypted string: 19614918414918415941215931365294118242149314327-222222222222221222222222 Decrypted string: This is a random string.
Demo
If you keep the contents of $key to a minimum of all alphanumeric characters (a-z, A-Z, 0-9) plus any special characters your $string may have, then just encrypting "Hi!" will have 633 = 250047 combinations.