Reputation: 283203
Encrypt array as string
I'm looking for an two-way encryption algorithm to encode an array as a string, so that I can securely store some data in a cookie. The algorithm shouldn't just implode the array, I want it to be obfuscated too. My data contains all printable characters.
A link to something would be sufficient, I just can't seem to dig anything up on Google. Maybe I should just implode the array with some obscure character, and then encrypt it somehow? I'm not sure what method to encrypt it with though... it doesn't have too secure, the cookie data isn't that sensitive.
Oh... yeah, the encryption algorithm should let me use a key/salt. mcrypt_encrypt seems to be giving back messy long results, but perhaps I'm not using the right cipher. Which is the simplest cipher (produces short clean strings)?
Upvotes: 0
Views: 22603
Answers (7)
Reputation: 106392
serialize() will get your information from an array to a string - and you could pass it through base64_encode() if you just want obfuscation - but not security.
If you want some security - look into mcrypt and blowfish: blowfish example
Regarding mcrypt
Warning This function has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged.
Upvotes: 11
Reputation: 23216
Use serialize() to convert the array to a string and unserialize() to turn it back into an array. It's far superior to implode and manual parsing. For simple obfuscation (which any programmer can see through) you can use simple base64 encoding, but you should really look into the mcrypt library to provide some real security.
The best thing would probably be to not store the array in a cookie at all. Store the array in a session variable instead so that all the user ever sees is a session ID. Of course this only works if you need the array just for the duration of the session.
You say in your comment that this is for a "remember me" cookie, so this is about authentication. In that case, don't store anything sensitive in the array. Just store a salted hash instead and use that. For example, your cookie could contain the username and a salted hash of (database password hash + ip address range). When the user comes on the site, read the cookie and construct the hash from the information in your database. If it matches the hash in the cookie, log him in automatically. If not, delete the cookie and pretend it never existed.
This way no sensitive data is stored in the cookie and you don't need to encrypt it.
Upvotes: 4
Reputation: 5849
If it doesn't need to be secure either plain base64, or rot13, might be worth looking at.
Upvotes: 0
Reputation: 283203
Based on gnarf's answer, this should do the trick:
function encode_arr($data) {
return base64_encode(serialize($data));
}
function decode_arr($data) {
return unserialize(base64_decode($data));
}
Just in case anyone else wants a copy-and-paste solution.
Upvotes: 9
Reputation: 131690
I'd just implode then encrypt using Blowfish or (for so-so security) DES or something...
Upvotes: 2
Reputation: 30646
Try XOR-ing all of the elements in the array store the resulting char in the string -- the the same in reverse to decrypt.
Upvotes: 0
Reputation: 20237
If security doesn't matter use JSON to encode the array and then rot13 the string ;-)
Upvotes: 1