These are two simple functions I built for 256-bit encryption/decryption with mcrypt. I've decided to use MCRYPT_RIJNDAEL_128 because it's AES-compliant, and MCRYPT_MODE_CBC. (ECB mode is inadequate for many purposes because it does not use an IV.)
This function stores a hash of the data to verify that the data was decrypted successfully, but this could be easily removed if necessary.
<?php
function encrypt($decrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
$key = hash('SHA256', $salt . $password, true);
srand(); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
if (strlen($iv_base64 = rtrim(base64_encode($iv), '=')) != 22) return false;
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $decrypted . md5($decrypted), MCRYPT_MODE_CBC, $iv));
return $iv_base64 . $encrypted;
}
function decrypt($encrypted, $password, $salt='!kQm*fF3pXe1Kbm%9') {
$key = hash('SHA256', $salt . $password, true);
$iv = base64_decode(substr($encrypted, 0, 22) . '==');
$encrypted = substr($encrypted, 22);
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($encrypted), MCRYPT_MODE_CBC, $iv), "\0\4");
$hash = substr($decrypted, -32);
$decrypted = substr($decrypted, 0, -32);
if (md5($decrypted) != $hash) return false;
return $decrypted;
}
?>