Encrypt a string in PHP where the output is URL safe

Question

I have a requirement where I need to move a string from one place to another via GET. e.g. example.com?string=ENCRYPTED_STRING

Is there a algorithm or some other method to encrypt the string so it is URL safe?

By that I mean it will not have characters like = or & ...

I have tried openssl with AES-256-CBC but no luck.

The data is not overly very sensitive but I would prefer to obfuscate it in someway.

http://php.net/manual/en/function.urlencode.php after encrypt? — AbraCadaver, Oct 22 '15 at 20:45

score 1 · Answer 1 · edited May 23 '17 at 12:29

Oh hey, I've actually done this in one of my applications. My code looks a lot different (because of my custom tools, it's a one-liner), but works basically like this (uses defuse/php-encryption):

use \Defuse\Crypto\Crypto;

$url = "/my/endpoint?".http_build_query([
    'something' => base64_encode(
        Crypto::encrypt('my_secret_info', CRYPTO_SECRET_KEY)
    )
]);
// Then you can either use $url in header('Location: '.$url) or in an HTML link safely.

Further reading:

base64_encode()
http_build_query()
urlencode() (if you don't want to use http_build_query())
Why you want authenticated encryption (which defuse/php-encryption provides) rather than just encryption (which OpenSSL's AES-CBC provides)

Footnote: If you (or anyone else) want a short encrypted URL parameter, read this answer instead. (I know what's not what you were asking for, but just in case someone finds this question years down the line...)

score -1 · Answer 2 · answered Oct 22 '15 at 21:09

The code below allow you to encrypt (alpha/num) and decrypt a string. But you need Mcrypt php module installed to make it run.

static public function encrypt($text){
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);                                                                           
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $key = "useasuperkey";

    return (bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv)));
}

static public function decrypt($text){
    $len = strlen($text);  
    $text = pack("H" . $len, $text);
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);                                                                           
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $key = "useasuperkey";

    return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv));
}

http://stackoverflow.com/a/32930299/2224584 + http://stackoverflow.com/a/32889090/2224584 — Scott Arciszewski, Oct 22 '15 at 21:36

score -1 · Answer 3 · answered Oct 06 '20 at 20:17

-1

I had to do exactly same thing.

My solution was encrypting string with openssl_encrypt($str, "AES-128-CBC", $key).

Then sending the URL using url_encode($str).

Destination page decodes data with openssl_decrypt($str, "AES-128-CBC", $key)

answered Oct 06 '20 at 20:17

Arthur Gelcer

49
7

Encrypt a string in PHP where the output is URL safe

3 Answers3