PHP Class – OpenSSL Encryption with MCRYPT Randomized Instantiation Vectors

Disclaimer: I am not a computer scientist.  I am not a cryptologist.  I’m just a guy who knows how to code and even that can be debatable from time to time.  DO NOT trust this to secure any sensitive information until you do your own research.

Download the class here:

Requirements: Requires PHP 5.4+.  OpenSSL and MCRYPT libraries must be installed.

If you’re reading this post you already know what this is and why you need it.  The only thing I will say is that the added strategy  of randomized instantiation vectors, based on my research, is the solution to the critical OpenSSL vulnerabilities reported in 2014 (Heartbleed, et al.).

This class should do the trick if you need to encrypt data you need to transmit without using HTTPS.  Each party in the transaction must have knowledge of the same shared key.

Pseudo-randomness is provided on the encryption end when the instantiation vector is created by mcrypt_create_iv() and seeded with MCRYPT_DEV_URANDOM.  Said vector is then prepended to the encrypted data and sent along with the data.  The receiving end uses this vector, together with the private key shared by the sender and receiver, to decrypt the data.

Be sure to understand the algorithms/ciphers/methods used and choose accordingly.