Secure Data Encryption & Decryption in PHP Using AES-256-CBC

Encrypting data in PHP using AES-256-CBC with OpenSSL ensures confidentiality, security, and integrity for web applications handling sensitive user data and private communication.

Key Points

AES-256 is trusted by the U.S. government for securing classified information.
90% of websites use HTTPS encryption, often built on AES algorithms like AES-256.
PHP powers 76.8% of websites, making OpenSSL encryption in PHP widely impactful.

Jr. Web Developer

Lovepreet

3 min read

Skilled web developer with 2+ years of hands-on experience delivering fast and functional websites.

image of a laptop displaying the PHP logo, with a security lock symbol, representing PHP web development and security

Introduction

In today’s digital landscape, data security is a top priority for businesses offering website development services or engaging in custom web development. Protecting sensitive information such as user data, API keys, and private messages is crucial to maintain trust and comply with regulations.

One reliable way to ensure data confidentiality is to use encryption, transforming readable data into an unreadable format unless decrypted with a secret key. PHP provides built-in support for encryption algorithms, and AES-256-CBC stands out as a strong and widely adopted cipher.

This guide will walk you through how to implement secure encryption and decryption in PHP, an essential feature in any custom web development project.

Step 1: Define a Secret Key

AES-256 requires a 32-byte (256-bit) secret key. For security, your key should be a random string of exactly 32 characters.

                                        $key = '12345678901234567890123456789012'; // 32-character secret key

Make sure you store this key securely, ideally in environment variables or a protected configuration file, not hardcoded in your scripts for production.

Step 2: Write the Encryption Function

Encryption requires generating a random initialization vector (IV), which adds randomness to the encrypted output, enhancing security.

                                        function encrypt($data, $key) {
    $ivLength = openssl_cipher_iv_length('AES-256-CBC');
    $iv = openssl_random_pseudo_bytes($ivLength);  // Generate a secure random IV
    $encrypted = openssl_encrypt($data, 'AES-256-CBC', $key, 0, $iv);
    return base64_encode($iv . $encrypted);  // Combine IV and encrypted data and encode in base64
}

Step 3: Write the Decryption Function

The decryption function reverses the process by extracting the IV from the encrypted data and then decrypting the message.

                                        function decrypt($data, $key) {
    $data = base64_decode($data);  // Decode the base64 encoded data
    $ivLength = openssl_cipher_iv_length('AES-256-CBC');
    $iv = substr($data, 0, $ivLength);  // Extract the IV
    $encrypted = substr($data, $ivLength);  // Extract the encrypted message
    return openssl_decrypt($encrypted, 'AES-256-CBC', $key, 0, $iv);
}

Step 4: Test Encryption and Decryption

Let's test the functions by encrypting and decrypting a sample message.

                                        $original = "This is a secret message!";
$encrypted = encrypt($original, $key);
$decrypted = decrypt($encrypted, $key);

Step 5: Display the Results

                                        echo "Original: " . $original . "<br>";
echo "Encrypted: " . $encrypted . "<br>";
echo "Decrypted: " . $decrypted . "<br>";

Full Working Example

                                        <?php
$key = '12345678901234567890123456789012'; // 32-char key

function encrypt($data, $key) {
    $ivLength = openssl_cipher_iv_length('AES-256-CBC');
    $iv = openssl_random_pseudo_bytes($ivLength);
    $encrypted = openssl_encrypt($data, 'AES-256-CBC', $key, 0, $iv);
    return base64_encode($iv . $encrypted);
}

function decrypt($data, $key) {
    $data = base64_decode($data);
    $ivLength = openssl_cipher_iv_length('AES-256-CBC');
    $iv = substr($data, 0, $ivLength);
    $encrypted = substr($data, $ivLength);
    return openssl_decrypt($encrypted, 'AES-256-CBC', $key, 0, $iv);
}

$original = "This is a secret message!";
$encrypted = encrypt($original, $key);
$decrypted = decrypt($encrypted, $key);

echo "Original: " . $original . "<br>";
echo "Encrypted: " . $encrypted . "<br>";
echo "Decrypted: " . $decrypted . "<br>";
?>

Why Choose Custom Encryption for Your PHP Applications?

Implementing encryption and decryption from scratch requires expertise to ensure data security and integrity. By using AES-256-CBC with a strong secret key and random IVs, you significantly improve the protection of sensitive data like passwords, personal info, and API tokens in your PHP projects.

Whether you are building a simple website or a complex web application, employing proper encryption mechanisms is critical to guard against data breaches and cyber threats

Hire Professional Developers

If you want to implement advanced security features like custom encryption and decryption in your PHP applications, hiring PHP developers is a smart investment. They bring deep knowledge of cryptographic best practices and secure coding standards to your projects.

Our website development services focus on delivering secure, scalable, and high-performance PHP and Laravel applications tailored to your business needs. From data encryption to complex backend logic, we help you build trustworthy digital solutions.

Final Words

Implementing custom AES-256-CBC encryption and decryption in PHP using OpenSSL is straightforward yet powerful for protecting your data. Whether you are enhancing your applications or providing secure web development services, this guide offers practical insights.

For complex or large-scale projects, consider working with expert developers, PHP developers who deeply understand encryption best practices and secure application design.

Do you want help implementing this?