Often we find the need to protect certain files so that if they are ever subject to unauthorized accessed, the contents can be safe. Encrypting info in a database is pretty straightforward, however encrypting files in a directory is not always. Here are two functions to encrypt and decrypt whole files using PHP and Mcrypt.
function encrypt_file($source,$destination,$passphrase,$stream=NULL) { // $source can be a local file... if($stream) { $contents = $source; // OR $source can be a stream if the third argument ($stream flag) exists. }else{ $handle = fopen($source, "rb"); $contents = fread($handle, filesize($source)); fclose($handle); } $iv = substr(md5("\x1B\x3C\x58".$passphrase, true), 0, 8); $key = substr(md5("\x2D\xFC\xD8".$passphrase, true) . md5("\x2D\xFC\xD9".$passphrase, true), 0, 24); $opts = array('iv'=>$iv, 'key'=>$key); $fp = fopen($destination, 'wb') or die("Could not open file for writing."); stream_filter_append($fp, 'mcrypt.tripledes', STREAM_FILTER_WRITE, $opts); fwrite($fp, $contents) or die("Could not write to file."); fclose($fp); }
Below is the function to perform decryption.
function decrypt_file($file,$passphrase) { $iv = substr(md5("\x1B\x3C\x58".$passphrase, true), 0, 8); $key = substr(md5("\x2D\xFC\xD8".$passphrase, true) . md5("\x2D\xFC\xD9".$passphrase, true), 0, 24); $opts = array('iv'=>$iv, 'key'=>$key); $fp = fopen($file, 'rb'); stream_filter_append($fp, 'mdecrypt.tripledes', STREAM_FILTER_READ, $opts); return $fp; }
Encryption Example:
encrypt_file('/path/to/source/file', '/path/to/destination/file', 'MySuperSecretPassword');
Decryption Example:
// Output to inline PDF $decrypted = decrypt_file('/path/to/file','MySuperSecretPassword'); header('Content-type: application/pdf'); fpassthru($decrypted); // Output to a string for email attachments, etc. $decrypted = decrypt_file('/path/to/file','MySuperSecretPassword'); $contents = stream_get_contents($fp);
(Just to make sure, you need to change $passphrase
into your very own password and keep it secret.)
Source: Monkey Logic