240 lines
6.2 KiB

* @package FrameworkOnFramework
* @subpackage encrypt
* @copyright Copyright (C) 2010 - 2015 Nicholas K. Dionysopoulos / Akeeba Ltd. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
// No direct access to this file
defined('_JEXEC') or die('Restricted access');
* A simple implementation of AES-128, AES-192 and AES-256 encryption using the
* high performance mcrypt library.
* @package FrameworkOnFramework
* @since 1.0
class LEGACYFOFEncryptAes
/** @var string The AES cipher to use (this is an mcrypt identifier, not the bit strength) */
private $_cipherType = 0;
/** @var string Cipher mode. Can be CBC or ECB. We recommend using CBC */
private $_cipherMode = 0;
/** @var string The cipher key (password) */
private $_keyString = '';
* Initialise the AES encryption object
* @param string $key The encryption key (password). It can be a raw key (32 bytes) or a passphrase.
* @param int $strength Bit strength (128, 192 or 256)
* @param string $mode Ecnryption mode. Can be ebc or cbc. We recommend using cbc.
public function __construct($key, $strength = 256, $mode = 'cbc')
$this->_keyString = $key;
switch ($strength)
case 256:
$this->_cipherType = MCRYPT_RIJNDAEL_256;
case 192:
$this->_cipherType = MCRYPT_RIJNDAEL_192;
case 128:
$this->_cipherType = MCRYPT_RIJNDAEL_128;
switch (strtoupper($mode))
case 'ECB':
$this->_cipherMode = MCRYPT_MODE_ECB;
case 'CBC':
$this->_cipherMode = MCRYPT_MODE_CBC;
* Encrypts a string using AES
* @param string $stringToEncrypt The plaintext to encrypt
* @param bool $base64encoded Should I Base64-encode the result?
* @return string The cryptotext. Please note that the first 16 bytes of
* the raw string is the IV (initialisation vector) which
* is necessary for decoding the string.
public function encryptString($stringToEncrypt, $base64encoded = true)
if (strlen($this->_keyString) != 32)
$key = hash('sha256', $this->_keyString, true);
$key = $this->_keyString;
// Set up the IV (Initialization Vector)
$iv_size = mcrypt_get_iv_size($this->_cipherType, $this->_cipherMode);
$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM);
if (empty($iv))
$iv = mcrypt_create_iv($iv_size, MCRYPT_DEV_RANDOM);
if (empty($iv))
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
// Encrypt the data
$cipherText = mcrypt_encrypt($this->_cipherType, $key, $stringToEncrypt, $this->_cipherMode, $iv);
// Prepend the IV to the ciphertext
$cipherText = $iv . $cipherText;
// Optionally pass the result through Base64 encoding
if ($base64encoded)
$cipherText = base64_encode($cipherText);
// Return the result
return $cipherText;
* Decrypts a ciphertext into a plaintext string using AES
* @param string $stringToDecrypt The ciphertext to decrypt. The first 16 bytes of the raw string must contain the IV (initialisation vector).
* @param bool $base64encoded Should I Base64-decode the data before decryption?
* @return string The plain text string
public function decryptString($stringToDecrypt, $base64encoded = true)
if (strlen($this->_keyString) != 32)
$key = hash('sha256', $this->_keyString, true);
$key = $this->_keyString;
if ($base64encoded)
$stringToDecrypt = base64_decode($stringToDecrypt);
// Calculate the IV size
$iv_size = mcrypt_get_iv_size($this->_cipherType, $this->_cipherMode);
// Extract IV
$iv = substr($stringToDecrypt, 0, $iv_size);
$stringToDecrypt = substr($stringToDecrypt, $iv_size);
// Decrypt the data
$plainText = mcrypt_decrypt($this->_cipherType, $key, $stringToDecrypt, $this->_cipherMode, $iv);
return $plainText;
* Is AES encryption supported by this PHP installation?
* @return boolean
public static function isSupported()
if (!function_exists('mcrypt_get_key_size'))
return false;
if (!function_exists('mcrypt_get_iv_size'))
return false;
if (!function_exists('mcrypt_create_iv'))
return false;
if (!function_exists('mcrypt_encrypt'))
return false;
if (!function_exists('mcrypt_decrypt'))
return false;
if (!function_exists('mcrypt_list_algorithms'))
return false;
if (!function_exists('hash'))
return false;
if (!function_exists('hash_algos'))
return false;
if (!function_exists('base64_encode'))
return false;
if (!function_exists('base64_decode'))
return false;
$algorightms = mcrypt_list_algorithms();
if (!in_array('rijndael-128', $algorightms))
return false;
if (!in_array('rijndael-192', $algorightms))
return false;
if (!in_array('rijndael-256', $algorightms))
return false;
$algorightms = hash_algos();
if (!in_array('sha256', $algorightms))
return false;
return true;