Intro to PHP Encryption php[world] 2018 

Why Crypto? ● Your customers’ privacy ● Your business’ privacy ● Regulatory compliance ● The right thing to do ● It’s easy and fun 

PHP 7.2 Enter Libsodium ● Fork of NaCl ● Many implementations ● Originally Pecl ● Core PHP extension ● MODERN CRYPTO 

Symmetric Encryption 

Symmetric Encryption Image by SSL2BUY 

Symmetric Encryption // Generating your encryption key $key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES); // Using your key to encrypt information $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); $ciphertext = sodium_crypto_secretbox($plaintext, $nonce, $key); // Encode $encoded = sodium_bin2hex($ciphertext); 

Symmetric Encryption // Load the same secret key $key = ''; // Decode and split $decoded = sodium_hex2bin($encoded); $nonce = substr($encoded, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); $ciphertext = substr($encoded, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); // Using your key to decrypt information $plaintext = sodium_crypto_secretbox_open($ciphertext, $nonce, $key); // Check for errors if ($plaintext === false) throw new Exception('Bad ciphertext'); 

Asymmetric Encryption 

Asymmetric Encryption Image by SSL2BUY 

Asymmetric Encryption // On Alice's computer: $alice_kp = sodium_crypto_box_keypair(); // Split the key into public/private components $alice_secretkey = sodium_crypto_box_secretkey($alice_kp); $alice_publickey = sodium_crypto_box_publickey($alice_kp); // On Bob's computer: $bob_kp = sodium_crypto_box_keypair(); $bob_secretkey = sodium_crypto_box_secretkey($bob_kp); $bob_publickey = sodium_crypto_box_publickey($bob_kp); 

Asymmetric Encryption // From Alice to Bob $alice_to_bob_kp = sodium_crypto_box_keypair_from_secretkey_and_publickey( $alice_secretkey, $bob_publickey ); $message_nonce = random_bytes(SODIUM_CRYPTO_BOX_NONCEBYTES); $ciphertext = sodium_crypto_box( $message, $nonce, $alice_to_bob_kp ); 

Asymmetric Encryption // Encoding - From Alice to Bob $encoded = sodium_bin2hex($nonce . $ciphertext); // Decoding - From Bob to Alice $decoded = sodium_hex2bin($encoded); $nonce = substr($decoded, 0, SODIUM_CRYPTO_BOX_NONCEBYTES); $ciphertext = substr($decoded, SODIUM_CRYPTO_BOX_NONCEBYTES); 

Asymmetric Encryption // On Bob's end $bob_to_alice_kp = sodium_crypto_box_keypair_from_secretkey_and_publickey( $bob_secretkey, $alice_publickey ); $plaintext = sodium_crypto_box_open( $ciphertext, $nonce, $bob_to_alice_kp ); if ($plaintext === false) throw new Exception('Bad message or MAC'); 

Cryptographic Signatures 

Cryptographic Signatures Image from Crypto StackExchange 

Cryptographic Signatures $message = 'php[world] is the best community event of the year!'; // Generate a keypair $sign_kp = sodium_crypto_sign_keypair(); $sign_secretkey = sodium_crypto_sign_secretkey($sign_kp); $sign_publickey = sodium_crypto_sign_publickey($sign_kp); // Sign the message $signed_msg = sodium_crypto_sign( $message, $alice_sign_secretkey ); 

Cryptographic Signatures - Verification $original_msg = sodium_crypto_sign_open( $signed_msg, $sign_publickey ); // Verify the message if ($original_msg === false) { throw new Exception('Invalid signature'); } else { echo $original_msg; // Displays the original message. } 

Password Hashing 

Password Hashing ● MD5 ● SHA ● Blowfish ● Blake2 

Password Hashing 

Key Derivation 

Key Derivation // Create a high-entropy master key $master_key = sodium_crypto_kdf_keygen(); // Derive any number of sub-keys $s1 = sodium_crypto_kdf_derive_from_key(32, 1, 'one', $master_key); $s2 = sodium_crypto_kdf_derive_from_key(32, 2, 'two', $master_key); $sN = sodium_crypto_kdf_derive_from_key(32, 999, 'N', $master_key); 

Key Derivation ● The Libsodium API can derive up to 2^64 subkeys ● 18,446,744,000,000,000,000 possible subkeys ● Subkeys can have an arbitrary length ○ Between 128 (16 bytes) and 512 bits (64 bytes). 

Secure Remote Passwords 

Secure Remote Passwords 

Secure Remote Passwords 

Cryptography at Rest 

Cryptography in Transit 

Questions? 

Thank You! https://joind.in/talk/95173