Sign upLogin

qcubed/framework

View on GitHub
Star
assets/php/examples/communication/crypto.php

Summary

Maintainability
A
2 hrs
Test Coverage
<?php require_once('../qcubed.inc.php'); ?>
<?php require('../includes/header.inc.php'); ?>

<div id="instructions">
    <h1>Implementing Cryptography</h1>

    <p>The <strong>QCryptography</strong> class is used to implement cryptography for your site and
        back-end. QCryptography uses methods from <strong>openssl</strong> library integrated into PHP </p>

    <p>By default, <strong>QCryptography</strong> will use the <strong>AES 256-bit</strong> cipher in <strong>CBC (Cipher Block Chaining)</strong> mode. We choose AES-256-CBC because it is a strong cipher and is recommended by the US government for it's own secret documents and hence is widely accepted too. QCryptography can also conveniently do base64 conversion (similar to MIME-based
        Base64 encoding) so that the resulting encrypted data can be used in text-based streams,
        GET/POST data, URLs, etc.  By default Base64 encoding is enabled, since we mostly deal with HTTP on the web and it's just easier to transport text than binary.</p>

    <p>However, note that any of these options can be changed at any time.  Through the <strong>openssl</strong>
        library, <strong>QCryptography</strong> supports most of the industry accepted ciphers. You can use the <strong><a href="http://php.net/manual/en/function.openssl-get-cipher-methods.php" target="_blank">openssl-get-cipher-methods</a></strong> method to see the list of supported encryption methods.</p>

    <p>You can specify a "default" cipher, base64 flag, key and Initialization Vector by modifying
        the arguments when constructing a new instance of <strong>QCryptography</strong>.</p>

    <p><em>Asymmetric Cryptography (using public-private key pairs) is not yet supported.</em></p>

    <p><strong>QCryptography</strong> also supports the encryption and decryption of entire files.</p>

    <p><strong>TIP:</strong> Remember to change the default Key in the configuration file after installation. QCubed is an open-source project. Leaving the defaults in your configuration will open a vulnerability in your cryptographic attempts.</p>
</div>

<div id="demoZone">
    <h2>Default Settings - AES 256-bit CBC with default IV and Key</h2>
    <ul>
        <?php
            $strOriginal = 'The quick brown fox jumps over the lazy dog.';

            try {
                $objCrypto = new QCryptography();
                $strEncrypted = $objCrypto->Encrypt($strOriginal);
                $strDecrypted = $objCrypto->Decrypt($strEncrypted);

                printf('<li>Original Data: <strong>%s</strong></li>', $strOriginal);
                printf('<li>Encrypted Data: <pre><code>%s</code></pre></li>', $strEncrypted);
                printf('<li>Decrypted Data: <strong>%s</strong></li>', $strDecrypted);
            } catch (QCryptographyException $e) {
                throw $e;
            }
        ?>
    </ul>

    <h2>Blowfish, Cipher Block Chaining, with Base64 encoding and a custom IV)</h2>
    <ul>
        <?php
            $strOriginal = 'The quick brown fox jumps over the lazy dog.';

            // Modify the base64 mode while making the specification on the constructor, itself
            // By default, let's instantiate a QCryptography object with Base64 encoding enabled
            // Note: while the resulting encrypted data is safe for any text-based stream, including
            // use as GET/POST data, inside the URL, etc., the resulting encrypted data stream will
            // be 33% larger.
            try {
                $objCrypto = new QCryptography(null, true, 'BF-CBC', 'QCUBED12');
                $strEncrypted = $objCrypto->Encrypt($strOriginal);
                $strDecrypted = $objCrypto->Decrypt($strEncrypted);

                printf('<li>Original Data: <strong>%s</strong></li>', $strOriginal);
                printf('<li>Encrypted Data: <pre><code>%s</code></pre></li>', $strEncrypted);
                printf('<li>Decrypted Data: <strong>%s</strong></li>', $strDecrypted);
            } catch (QCryptographyException $e) {
                throw $e;
            }
        ?>
    </ul>

    <h2>Blowfish, Cipher Block Chaining, without Base64 encoding and the same custom IV as above)</h2>
    <ul>
        <?php
            $strOriginal = 'The quick brown fox jumps over the lazy dog.';

            // Modify the base64 mode while making the specification on the constructor, itself
            // By default, let's instantiate a QCryptography object with Base64 encoding enabled
            // Note: while the resulting encrypted data is safe for any text-based stream, including
            // use as GET/POST data, inside the URL, etc., the resulting encrypted data stream will
            // be 33% larger.
            try {
                $objCrypto = new QCryptography(null, false, 'BF-CBC', 'QCUBED12');
                $strEncrypted = $objCrypto->Encrypt($strOriginal);
                $strDecrypted = $objCrypto->Decrypt($strEncrypted);

                printf('<li>Original Data: <strong>%s</strong></li>', $strOriginal);
                printf('<li>Encrypted Data: <pre><code>%s</code></pre></li>', $strEncrypted);
                printf('<li>Decrypted Data: <strong>%s</strong></li>', $strDecrypted);
            } catch (QCryptographyException $e) {
                throw $e;
            }
        ?>
    </ul>
</div>

<?php require('../includes/footer.inc.php'); ?>