Skip to content
This repository has been archived by the owner on Aug 15, 2024. It is now read-only.

Commit

Permalink
upgraded cryptojs to v4.2.0
Browse files Browse the repository at this point in the history
  • Loading branch information
brainfoolong committed Nov 30, 2023
1 parent a945869 commit 8fc6393
Showing 1 changed file with 46 additions and 25 deletions.
71 changes: 46 additions & 25 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,21 +1,25 @@
# CryptoJS 3.x AES encryption/decryption on client side with Javascript and on server side with PHP
# CryptoJS 3.x AES encryption/decryption on client side with Javascript and on server side with PHP

[![Tests](https://github.com/brainfoolong/cryptojs-aes-php/actions/workflows/tests.yml/badge.svg)](https://github.com/brainfoolong/cryptojs-aes-php/actions/workflows/tests.yml)

A tool to AES encrypt/decrypt data in javascript and/or PHP. You can use it for PHP only, for Javascript only or mix it
together.

A tool to AES encrypt/decrypt data in javascript and/or PHP. You can use it for PHP only, for Javascript only or mix it together.

It uses default `aes-256-cbc` implementation with random salts and random initialization vector. This library does not support other ciphers or modes.
It uses default `aes-256-cbc` implementation with random salts and random initialization vector. This library does not
support other ciphers or modes.

## Features

* Encrypt any value in Javascript (objects/array/etc...) - Everything that can be passed to `JSON.stringify`
* Encrypt any value in PHP (object/array/etc...) - Everything that can be passed to `json_encode`
* Decrypt in PHP/Javascript, doesn't matter where you have encrypted the values


## How to use

###### PHP | See [dist/example-php.php](https://github.com/brainfoolong/cryptojs-aes-php/blob/master/dist/example-php.php)

You need the file `src/CryptoJsAes.php`

```php
<?php
use Nullix\CryptoJsAes\CryptoJsAes;
Expand All @@ -35,58 +39,75 @@ $decrypted = CryptoJsAes::decrypt($encrypted, $password);
echo "Encrypted: " . $encrypted . "\n";
echo "Decrypted: " . print_r($decrypted, true) . "\n";
```

###### Javascript | See [dist/example-js.html](https://github.com/brainfoolong/cryptojs-aes-php/blob/master/dist/example-js.html)

You need the file `dist/cryptojs-aes.min.js` and `dist/cryptojs-aes-format.js`

```html

<script src="dist/cryptojs-aes.min.js"></script>
<script src="dist/cryptojs-aes-format.js"></script>
<script>
(function () {
(function () {
// encrypt value
let valueToEncrypt = 'foobar' // this could also be object/array/whatever
let password = '123456'
let encrypted = CryptoJSAesJson.encrypt(valueToEncrypt, password)
console.log('Encrypted:', encrypted)
// something like: {"ct":"10MOxNzbZ7vqR3YEoOhKMg==","iv":"9700d78e12910b5cccd07304333102b7","s":"c6b0b7a3dc072248"}
})()
</script>
<script>
(function () {
// decrypt value
})()
</script>
<script>
(function () {
// decrypt value
let encrypted = '{"ct":"hQDvpbAKTGp1mXgzSShR9g==","iv":"57fd85773d898d1f9f868c53b436e28f","s":"a2dac436512077c5"}'
let password = '123456'
let decrypted = CryptoJSAesJson.decrypt(encrypted, password)
console.log('Decrypted:', decrypted)
})()
</script>
})()
</script>
```

## Composer Install

composer require brainfoolong/cryptojs-aes-php

## Supported PHP versions

* 8.x
* 7.x
* 5.x (head to the [legacy branch](https://github.com/brainfoolong/cryptojs-aes-php/tree/legacy))

## Security Notes
Since the time that this library has been created, encryption technologies has been evolved. This library and using AES-256-CBC encryption is still good and safe but there are (maybe) already better alternatives than this library or CryptoJS itself. If you require really high security, you should invest more time for what is suitable for you.

Also, there's a good article about PHP issues/info related to this library: https://stackoverflow.com/questions/16600708/how-do-you-encrypt-and-decrypt-a-php-string/30159120#30159120
Since the time that this library has been created, encryption technologies has been evolved. This library and using
AES-256-CBC encryption is still good and safe but there are (maybe) already better alternatives than this library or
CryptoJS itself. If you require really high security, you should invest more time for what is suitable for you.

Also, there's a good article about PHP issues/info related to this
library: https://stackoverflow.com/questions/16600708/how-do-you-encrypt-and-decrypt-a-php-string/30159120#30159120

## Requirements

* PHP with OpenSSL Support: http://php.net/manual/en/openssl.installation.php
* Does not work with following php.ini option enabled: http://php.net/manual/en/mbstring.overload.php

## Changelog

* 2.3.0 - Dez 2023
* upgraded CryptoJS to v4.2.0

* 2.2.0 - 13. June 2023
* fixed implicit true to 1 conversion by using proper OPENSSL flag (thx @benjumanji)
* added tests for php and js
* added a js console warning for passphrases with non ASCII characters, as it is and was never supported
* minor improved php decrypt to avoid one useless hash cycle
* 2.1.1 - 15. January 2021
* just a few documentation and composer fixes
* 2.1.0 - 30. December 2020
* added quick decrypt and encrypt functions: `CryptoJSAesJson.encrypt()` and `CryptoJSAesJson.decrypt()` - See examples for more information
* 2.x.x - 7. April 2020
* Upgraded project to namespaces
* fixed implicit true to 1 conversion by using proper OPENSSL flag (thx @benjumanji)
* added tests for php and js
* added a js console warning for passphrases with non ASCII characters, as it is and was never supported
* minor improved php decrypt to avoid one useless hash cycle

* 2.1.1 - 15. January 2021
* just a few documentation and composer fixes
* 2.1.0 - 30. December 2020
* added quick decrypt and encrypt functions: `CryptoJSAesJson.encrypt()` and `CryptoJSAesJson.decrypt()` - See
examples for more information
* 2.x.x - 7. April 2020
* Upgraded project to namespaces

0 comments on commit 8fc6393

Please sign in to comment.