Page 3 — Using the mcrypt Libraries There's another useful encryption library floating around out there that's fun and exciting to use with PHP. The mcrypt library, which you can download from the Argeas server in Argos Argolida, gives you a bunch of super-sized, key-based encryption functions to use with PHP (you have to compile PHP using the --with-mcrypt configuration option). Some examples of mcrypt_* functions are: mcrypt_ecb — Encrypt/decrypt data in ECB (electronic codebook) mode mcrypt_cbc — Encrypt/decrypt data in CBC (cipher block chaining) mode mcrypt_cfb — Encrypt/decrypt data in CFB (cipher feedback) mode mcrypt_ofb — Encrypt/decrypt data in OCB (output feedback) mode mcrypt_get_cipher_name — Get the name of the specified cipher mcrypt_get_block_size — Get the block size of the specified cipher mcrypt_get_key_size — Get the key size of the specified cipher mcrypt_create_iv — Create an initialization vector from a random source, required for OFB mode Descriptions and user annotations on the mcrypt functions are part of the PHP Manual. The installation of the mcrypt library, like the mhash library, is simple: download *.tar.gz file gunzip the *.gz file tar -xvf the *.tar file cd mcrypt* ./configure --disable-nls --disable-posix-threads make make install NOTE: The configuration flags "--disable-nls --disable-posix-threads" was built to make Apache, PHP, and the mcrypt library work without any problems. Again, your mileage may vary, and check the PHP mailing list archives if you have any problems with installation. The following example shows basic message encryption, using some of the mcrypt functions. First, create two variables, one to hold the string used as the encryption key, and one to hold the message string: $key = "sockpuppet"; $msg = "This is a message."; Now encrypt the message using the secret key, "sockpuppet". In this case, we're using ECB mode, and the mcrypt_ecb()function takes four arguments: the encryption method (in this case, MCRYPT_LOKI97), the key, the message, and the encrypt or decrypt directive (MCRYPT_ENCRYPT or MCRYPT_DECRYPT). The result will be placed in a variable called $crypted: $crypted = mcrypt_ecb(MCRYPT_LOKI97, $key, $msg, MCRYPT_ENCRYPT); Just like the mhash functions, the encrypted result is in binary data. So, use the bin2hex() function to get something you can echo back to the screen: $crypted = bin2hex($crypted); echo "$crypted"; From top to bottom, this script looks like: <? $key = "sockpuppet"; $msg = "This is a super top-secret message."; $crypted = mcrypt_ecb(MCRYPT_LOKI97, $key, $msg, MCRYPT_ENCRYPT); $crypted = bin2hex($crypted); echo "$crypted"; ?> And the output of this particular script is: cae1c26c8b64fbabc1bb10fc9693d38ba8f96219630860b222d5a0165b73fae9 Fascinating, no? The possibilities are endless, with enough encryption libraries at your disposal. I'm not creative enough to use all of them, but those of you with devious minds and/or math backgrounds could really tickle yourselves pink over all this stuff. For more information on crypto, a good place to start is the RSA Labs Crypto FAQ, followed closely by the lovely folks at attrition.org, who definitely know their stuff. There's also an informative site from the PBS folks regarding the use of the Enigma machine during World War II. And go read Cryptonomicon!