PHP Encryption Why Crypto? ● Your customers’ privacy ● Your business’ privacy ● Regulatory compliance ● The right thing to do ● It’s easy and fun PHP 7.2 Enter Libsodium ● Fork of NaCl ● Many implementations ● Originally Pecl ● Core PHP extension ● MODERN CRYPTO Symmetric Encryption Symmetric Encryption Symmetric Encryption // Generating your encryption key $key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES); // Using your key to encrypt information $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); $ciphertext = sodium_crypto_secretbox($plaintext, $nonce, $key); // Encode $encoded = sodium_bin2hex($ciphertext); Symmetric Encryption // Load the same secret key $key = ''; // Decode and split $decoded = sodium_hex2bin($encoded); $nonce = substr($encoded, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); $ciphertext = substr($encoded, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); // Using your key to decrypt information $plaintext = sodium_crypto_secretbox_open($ciphertext, $nonce, $key); // Check for errors if ($plaintext === false) throw new Exception('Bad ciphertext'); Asymmetric Encryption Asymmetric Encryption Asymmetric Encryption // On Alice's computer: $alice_kp = sodium_crypto_box_keypair(); // Split the key into public/private components $alice_secretkey = sodium_crypto_box_secretkey($alice_kp); $alice_publickey = sodium_crypto_box_publickey($alice_kp); // On Bob's computer: $bob_kp = sodium_crypto_box_keypair(); $bob_secretkey = sodium_crypto_box_secretkey($bob_kp); $bob_publickey = sodium_crypto_box_publickey($bob_kp); Asymmetric Encryption // From Alice to Bob $alice_to_bob_kp = sodium_crypto_box_keypair_from_secretkey_and_publickey( $alice_secretkey, $bob_publickey ); $message_nonce = random_bytes(SODIUM_CRYPTO_BOX_NONCEBYTES); $ciphertext = sodium_crypto_box( $message, $nonce, $alice_to_bob_kp ); Asymmetric Encryption // Encoding - From Alice to Bob $encoded = sodium_bin2hex($nonce . $ciphertext); // Decoding - From Bob to Alice $decoded = sodium_hex2bin($encoded); $nonce = substr($decoded, 0, SODIUM_CRYPTO_BOX_NONCEBYTES); $ciphertext = substr($decoded, SODIUM_CRYPTO_BOX_NONCEBYTES); Asymmetric Encryption // On Bob's end $bob_to_alice_kp = sodium_crypto_box_keypair_from_secretkey_and_publickey( $bob_secretkey, $alice_publickey ); $plaintext = sodium_crypto_box_open( $ciphertext, $nonce, $bob_to_alice_kp ); if ($plaintext === false) throw new Exception('Bad message or MAC'); Cryptographic Signatures Cryptographic Signatures Cryptographic Signatures $message = 'php[world] is the best community event of the year!'; // Generate a keypair $sign_kp = sodium_crypto_sign_keypair(); $sign_secretkey = sodium_crypto_sign_secretkey($sign_kp); $sign_publickey = sodium_crypto_sign_publickey($sign_kp); // Sign the message $signed_msg = sodium_crypto_sign( $message, $alice_sign_secretkey ); Cryptographic Signatures - Verification $original_msg = sodium_crypto_sign_open( $signed_msg, $sign_publickey ); // Verify the message if ($original_msg === false) { throw new Exception('Invalid signature'); } else { echo $original_msg; // Displays the original message. } Password Hashing Password Hashing ● MD5 ● SHA ● Blowfish ● Blake2 Password Hashing