Monthly Archives: April 2014

Whole File Encryption/Decryption With PHP

Often we find the need to protect certain files so that if they are ever subject to unauthorized accessed, the contents can be safe. Encrypting info in a database is pretty straightforward, however encrypting files in a directory is not always. Here are two functions to encrypt and decrypt whole files using PHP and Mcrypt.

function encrypt_file($source,$destination,$passphrase,$stream=NULL) {
	// $source can be a local file...
	if($stream) {
		$contents = $source;
	// OR $source can be a stream if the third argument ($stream flag) exists.
	}else{
		$handle = fopen($source, "rb");
		$contents = fread($handle, filesize($source));
		fclose($handle);
	}
 
	$iv = substr(md5("\x1B\x3C\x58".$passphrase, true), 0, 8);
	$key = substr(md5("\x2D\xFC\xD8".$passphrase, true) . md5("\x2D\xFC\xD9".$passphrase, true), 0, 24);
	$opts = array('iv'=>$iv, 'key'=>$key);
	$fp = fopen($destination, 'wb') or die("Could not open file for writing.");
	stream_filter_append($fp, 'mcrypt.tripledes', STREAM_FILTER_WRITE, $opts);
	fwrite($fp, $contents) or die("Could not write to file.");
	fclose($fp);
 
}

Below is the function to perform decryption.

function decrypt_file($file,$passphrase) {
 
	$iv = substr(md5("\x1B\x3C\x58".$passphrase, true), 0, 8);
	$key = substr(md5("\x2D\xFC\xD8".$passphrase, true) .
	md5("\x2D\xFC\xD9".$passphrase, true), 0, 24);
	$opts = array('iv'=>$iv, 'key'=>$key);
	$fp = fopen($file, 'rb');
	stream_filter_append($fp, 'mdecrypt.tripledes', STREAM_FILTER_READ, $opts);
 
	return $fp;
}

Decryption Example Usage:

// Output to inline PDF
$decrypted = decrypt_file('/path/to/file','MySuperSecretPassword');
header('Content-type: application/pdf');
fpassthru($decrypted);
 
// Output to a string for email attachments, etc.
$decrypted = decrypt_file('/path/to/file','MySuperSecretPassword');
$contents = stream_get_contents($fp);

Adapted from Licson Lee’s Article, Encrypt files in PHP