How to Securely Encrypt Data in PHP and Decrypt It Using CryptoJS?

Encrypt with PHP, Decrypt with Javascript (cryptojs)

Problem Statement:

You're facing challenges in basic encryption/decryption, specifically involving encryption in PHP and decryption in Javascript using cryptojs.

Clarification:

Your PHP code encompasses encryption with the mcrypt library and base64 encoding. Meanwhile, your Javascript code attempts to decrypt the encrypted text using CryptoJS, but you encounter difficulties.

Resolution:

The provided code incorporates outdated encryption techniques, specifically mcrypt, which is no longer recommended for use. To achieve your encryption/decryption goals, you can leverage AES encryption implemented in PHP's openssl library.

PHP Encryption/Decryption Implementation:

<?php
function encrypt($passphrase, $value)
{
    $salt = openssl_random_pseudo_bytes(8);
    $salted = '';
    $dx = '';
    while (strlen($salted) < 48) {
        $dx = md5($dx . $passphrase . $salt, true);
        $salted .= $dx;
    }
    $key = substr($salted, 0, 32);
    $iv = substr($salted, 32, 16);
    $encrypted_data = openssl_encrypt(json_encode($value), 'aes-256-cbc', $key, true, $iv);
    $data = array("ct" => base64_encode($encrypted_data), "iv" => bin2hex($iv), "s" => bin2hex($salt));
    return json_encode($data);
}

function decrypt($passphrase, $jsonStr)
{
    $j = json_decode($jsonStr, true);
    $cipherParams = CryptoJS.lib.CipherParams.create({
        ciphertext: CryptoJS.enc.Base64.parse(j.ct)
    });
    if (j.iv) $cipherParams.iv = CryptoJS.enc.Hex.parse(j.iv)
    if (j.s) $cipherParams.salt = CryptoJS.enc.Hex.parse(j.s)

    $key = substr($result, 0, 32);
    $data = openssl_decrypt($ct, 'aes-256-cbc', $key, true, $iv);
    return json_decode($data, true);
}

Javascript Decryption Implementation:

function decrypt(passphrase, encryptedData) {
    var cipherParams = CryptoJSAesJson.parse(encryptedData);
    var decrypted = CryptoJS.AES.decrypt(cipherParams, passphrase, {format: CryptoJSAesJson}).toString(CryptoJS.enc.Utf8);
    return decrypted;
}

Example Usage:

$encrypted = encrypt('my passphrase', 'value to encrypt');
echo $encrypted; // Encrypted data with salt, iv, and cipher text

var decrypted = decrypt('my passphrase', $encrypted);
console.log(decrypted); // Original 'value to encrypt'

This approach ensures secure and interoperable encryption/decryption between PHP and Javascript, leveraging up-to-date encryption techniques and maintaining compatibility with cryptojs.

The above is the detailed content of How to Securely Encrypt Data in PHP and Decrypt It Using CryptoJS?. For more information, please follow other related articles on the PHP Chinese website!