I had a bit of trouble finding a how-to of how to encrypt and decrypt using RIJNDAEL, so I put together a quick example of how to using a non-blank IV.
However I did find a useful code snippet from Chilkat Software that helped me a lot of the way.
The only gotcha I found is that if you generate an RIJNDAEL 256 CBC key and IV using OpenSSL it will generate a 64-bit key and 32-bit IV, even though using PHP mcrypt it expects them both to be 32-bit. If you generate an AES 128 CBC key and IV though they’re the right length; I’m assuming the encryption is still 256 however.
openssl enc -aes-128-cbc -k [insert-passphrase-here] -P -md sha1
Which should generate something that looks like this:
salt=DD740CB2ABBE8C3A key=23FA93B1A2E5CE60E7F456F9EFC9FE75 iv =B33D526335805E2CB332CAEF643E0C07
Here is a sample PHP script to demonstate the encryption and decryption:
<?php
$text = 'Testing encryption';
$cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
$iv_size = mcrypt_enc_get_iv_size($cipher);
$key = '12345678901234561234567890123456';
$iv = '9532654BD781547023AB4FA7723F2FCD';
echo "<strong>IV:</strong> " . bin2hex($iv) . '<br />';
echo "<strong>Key:</strong> " . bin2hex($key) . '<br />';
echo '<strong>Before encryption:</strong> ' . $text . '<br />';
// Encrypt
if (mcrypt_generic_init($cipher, $key, $iv) != -1)
{
$encrypted = mcrypt_generic($cipher, $text);
mcrypt_generic_deinit($cipher);
echo '<strong>After encryption:</strong> ' . bin2hex($encrypted) . '<br />';
}
// Decrypt
if (mcrypt_generic_init($cipher, $key, $iv) != -1)
{
$decrypted = mdecrypt_generic($cipher, $encrypted);
mcrypt_generic_deinit($cipher);
echo '<strong>After decryption:</strong> ' . $decrypted . '<br />';
}
Thank you! It works very well.
Thank you very much, very helpful
MCRYPT_RIJNDAEL_256 is not equivalent to AES_256
http://aesencryption.net
Here you can find a php class using mcrypt for AES implementation.
Thank you so much, very helpful & after i got long search, nice info…thanks lot…
Andrew ,
Thanks for the code its working fine
I’m sorry to say that but your code is not about AES-256, but RIJNDAEL-256. They are *not* the same.
AES always uses 128 bit block, hence IV is also 128 bit long.
Thanks for your help, this very helpfull for my project.
and this Rijandael 256 not AES
Nice article Andrew. I had implemented the AES 128 Bit encryption in Php you can check out my code https://github.com/vasiqmz/aes
[…] http://en.wikipedia.org/wiki/Advanced_Encryption_Standard http://www.andrew-kirkpatrick.com/2013/01/aes-encryption-with-php-256-bit-using-iv/ […]
thank you dude
RIJNDAEL_256 is *not* AES as indicated multiple times. These pieces of code are completely distinct. 64 bit is not the same as 64 hexadecimal characters either. Static key, static IV, bad algorithm, bad encoding, different padding schemes. Pretty please with sugar on top, don’t use these snippets.
Thanks for the feedback, I’ve had a lot over the past few months about this article (which I wrote when I didn’t know much about the subject) so I’m either going to revise it or take it down