mcrypt

&reftitle.intro; This is an interface to the mcrypt library, which supports a wide variety of block algorithms such as DES, TripleDES, Blowfish (default), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2 and GOST in CBC, OFB, CFB and ECB cipher modes. Additionally, it supports RC6 and IDEA which are considered "non-free".

&reftitle.required; These functions work using mcrypt. If you linked against libmcrypt 2.4.x or higher, the following additional block algorithms are supported: CAST, LOKI97, RIJNDAEL, SAFERPLUS, SERPENT and the following stream ciphers: ENIGMA (crypt), PANAMA, RC4 and WAKE. With libmcrypt 2.4.x or higher another cipher mode is also available; nOFB.

&reftitle.install; To use it, download libmcrypt-x.x.tar.gz from here and follow the included installation instructions. You need to compile PHP with the --with-mcrypt parameter to enable this extension. Make sure you compile libmcrypt with the option --disable-posix-threads.

&reference.mcrypt.ini;

&reftitle.resources; &no.resource;

&reference.mcrypt.constants;

Here is a list of ciphers which are currently supported by the mcrypt extension. For a complete list of supported ciphers, see the defines at the end of mcrypt.h. The general rule with the mcrypt-2.2.x API is that you can access the cipher from PHP with MCRYPT_ciphername. With the libmcrypt-2.4.x and libmcrypt-2.5.x API these constants also work, but it is possible to specify the name of the cipher as a string with a call to mcrypt_module_open. MCRYPT_3DES MCRYPT_ARCFOUR_IV (libmcrypt > 2.4.x only) MCRYPT_ARCFOUR (libmcrypt > 2.4.x only) MCRYPT_BLOWFISH MCRYPT_CAST_128 MCRYPT_CAST_256 MCRYPT_CRYPT MCRYPT_DES MCRYPT_DES_COMPAT (libmcrypt 2.2.x only) MCRYPT_ENIGMA (libmcrypt > 2.4.x only, alias for MCRYPT_CRYPT) MCRYPT_GOST MCRYPT_IDEA (non-free) MCRYPT_LOKI97 (libmcrypt > 2.4.x only) MCRYPT_MARS (libmcrypt > 2.4.x only, non-free) MCRYPT_PANAMA (libmcrypt > 2.4.x only) MCRYPT_RIJNDAEL_128 (libmcrypt > 2.4.x only) MCRYPT_RIJNDAEL_192 (libmcrypt > 2.4.x only) MCRYPT_RIJNDAEL_256 (libmcrypt > 2.4.x only) MCRYPT_RC2 MCRYPT_RC4 (libmcrypt 2.2.x only) MCRYPT_RC6 (libmcrypt > 2.4.x only) MCRYPT_RC6_128 (libmcrypt 2.2.x only) MCRYPT_RC6_192 (libmcrypt 2.2.x only) MCRYPT_RC6_256 (libmcrypt 2.2.x only) MCRYPT_SAFER64 MCRYPT_SAFER128 MCRYPT_SAFERPLUS (libmcrypt > 2.4.x only) MCRYPT_SERPENT(libmcrypt > 2.4.x only) MCRYPT_SERPENT_128 (libmcrypt 2.2.x only) MCRYPT_SERPENT_192 (libmcrypt 2.2.x only) MCRYPT_SERPENT_256 (libmcrypt 2.2.x only) MCRYPT_SKIPJACK (libmcrypt > 2.4.x only) MCRYPT_TEAN (libmcrypt 2.2.x only) MCRYPT_THREEWAY MCRYPT_TRIPLEDES (libmcrypt > 2.4.x only) MCRYPT_TWOFISH (for older mcrypt 2.x versions, or mcrypt > 2.4.x ) MCRYPT_TWOFISH128 (TWOFISHxxx are available in newer 2.x versions, but not in the 2.4.x versions) MCRYPT_TWOFISH192 MCRYPT_TWOFISH256 MCRYPT_WAKE (libmcrypt > 2.4.x only) MCRYPT_XTEA (libmcrypt > 2.4.x only) You must (in CFB and OFB mode) or can (in CBC mode) supply an initialization vector (IV) to the respective cipher function. The IV must be unique and must be the same when decrypting/encrypting. With data which is stored encrypted, you can take the output of a function of the index under which the data is stored (e.g. the MD5 key of the filename). Alternatively, you can transmit the IV together with the encrypted data (see chapter 9.3 of &book.applied.cryptography; for a discussion of this topic).

&reftitle.examples; Mcrypt can be used to encrypt and decrypt using the above mentioned ciphers. If you linked against libmcrypt-2.2.x, the four important mcrypt commands (mcrypt_cfb, mcrypt_cbc, mcrypt_ecb, and mcrypt_ofb) can operate in both modes which are named MCRYPT_ENCRYPT and MCRYPT_DECRYPT, respectively. ]]> This example will give you the encrypted data as a string in $encrypted_data. If you linked against libmcrypt 2.4.x or 2.5.x, these functions are still available, but it is recommended that you use the advanced functions. ]]> This example will give you the encrypted data as a string in $encrypted_data. For a full example see mcrypt_module_open.

&reference.mcrypt.functions;