Laravel decrypt with secret key

Question

I need to store credit card details into database in encrypted form. And then for further use I want to decrypt that cipher with a password or secret key.

I am new with laravel. I have already converted password into hash with laravel, if I will use laravel password encryption then I wont be able to decrypt card details. Because I know that is one way algorithm.

I did search on stackoverflow and on google but didn't find any useful info.

Now, I want to know how I can save card details in mysql database with secure encryption which should be decryptable with secret key or password.

Answer 1

When you encrypt password it uses Hash::make() which uses PHP's password_hash() function internally

But when you encrypt using Crypt::encrypt() it uses openssl, base_64, your .env APP_KEY as a salt and some other stuff which is here

 /**
     * Encrypt the given value.
     *
     * @param  mixed  $value
     * @param  bool  $serialize
     * @return string
     *
     * @throws \Illuminate\Contracts\Encryption\EncryptException
     */
    public function encrypt($value, $serialize = true)
    {
        $iv = random_bytes(openssl_cipher_iv_length($this->cipher));

        // First we will encrypt the value using OpenSSL. After this is encrypted we
        // will proceed to calculating a MAC for the encrypted value so that this
        // value can be verified later as not having been changed by the users.
        $value = \openssl_encrypt(
            $serialize ? serialize($value) : $value,
            $this->cipher, $this->key, 0, $iv
        );

        if ($value === false) {
            throw new EncryptException('Could not encrypt the data.');
        }

        // Once we get the encrypted value we'll go ahead and base64_encode the input
        // vector and create the MAC for the encrypted value so we can then verify
        // its authenticity. Then, we'll JSON the data into the "payload" array.
        $mac = $this->hash($iv = base64_encode($iv), $value);

        $json = json_encode(compact('iv', 'value', 'mac'), JSON_UNESCAPED_SLASHES);

        if (json_last_error() !== JSON_ERROR_NONE) {
            throw new EncryptException('Could not encrypt the data.');
        }

        return base64_encode($json);
    }

So in other words password_hash does not have a key to decrypt but Crypt::encrypt() has and if you chose to go with crypt::encrypt and save it in database make sure that you get a copy of your .env file APP_KEY

Answer 2

Laravel has built in encrypt/decypt features.

$cc = encrypt($value);

Save $cc into the database.

To retrieve it:

$cc = decrypt($ccfromdatabase);

These features utilize the app key that was generated on install to manage the encryption but you can override the key by digging in a little deeper. Full documents are here: https://laravel.com/docs/7.x/encryption

There is also a helpful package that will automatically encrypt/decrypt data as it comes in and out of database via your Models. It works with Laravel 6.0+

https://github.com/betterapp/laravel-db-encrypter

This package allows you to define what fields get encrypted/decrypted on storage.