I'm developing a web app using Symfony 3.4 with PHP 7.2 and a SQLite db.
I want to encrypt some fields of my entity using AES-256 using standard libraries - openssl or sodium - but I'm really not sure on how to properly do it so I'm asking for your guidance before I make many big awful mistakes:
I'm using the following code where my secret is stored in the parameters.yml so it will no be visible if you push it to Git.
/**
* SecurityHelper.
*
* @author Kengy Van Hijfte <development@kengy.be>
*/
class SecurityHelper
{
/** @var string $secret */
private $secret;
public function __construct($secret)
{
$this->secret = $secret;
}
/**
* @param $text
* @return string
*/
public function encrypt($text)
{
if (null == $text)
return null;
// Generate an initialization vector
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
// Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector.
$encrypted = openssl_encrypt($text, 'aes-256-cbc', $this->secret, 0, $iv);
// The $iv is just as important as the key for decrypting, so save it with our encrypted data using a unique separator (::)
return base64_encode($encrypted . '::' . $iv);
}
/**
* @param $text
* @return string
*/
public function decrypt($text)
{
if (null == $text)
return null;
// To decrypt, split the encrypted data from our IV - our unique separator used was "::"
list($encrypted_data, $iv) = explode('::', base64_decode($text), 2);
return openssl_decrypt($encrypted_data, 'aes-256-cbc', $this->secret, 0, $iv);
}
}