Skip to content

Tinram/OpenSSL-File-Encrypt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
classes
classes
 
 
file_examples
file_examples
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cmdline_example.php
cmdline_example.php
 
 

Repository files navigation

OpenSSL File Encrypt

Simple symmetric file encryption using OpenSSL.

Purpose

Provide simple-to-use and strong file encryption with OpenSSL and HMAC authentication, via an easy-to-use PHP wrapper.

Background

OpenSSL includes tools for encrypting files; however, its command-line usage could be considered 'unfriendly':

    openssl enc -e -aes-256-cbc -in abc.txt -out abc.enc -k password -S deadbeef

This package can replace the above file encryption command with something simpler:

    php cmdline_example.php -e abc.txt

Example

Encrypt

    php cmdline_example.php -e abc.txt

results in the encrypted file abc.txt.osl

Decrypt

    php cmdline_example.php -d abc.txt.osl

results in abc.txt (with the correct password)

– and overwrites the original file abc.txt if it is present in the same directory.

Set-up

Improve Encryption Security

In cmdline_example.php (and any new files based on this file):

  • increase the value of MY_KEY_STRETCHES
    • high values will cause a noticeable processing delay – which is desirable to slow brute-force attacks against encrypted files
  • replace MY_SALT string with a new CSPRNG-generated string of random bytes, separating your key-derivation salt from the publicly-available (GitHub) default values
    • ideally the MY_SALT string should be unique for each encryption transaction, voiding a rainbow table created against a static salt
    • however, in a command-line script context, this impedes usability (effectively two passwords, one always different per transaction)
  • securely backup the new MY_KEY_STRETCHES and MY_SALT values
    • if the the new values are lost, the encrypted data will be unrecoverable.

Testing

    cd tests/

    sh test_openssl-file-encrypt.sh

or

    ./test_openssl-file-encrypt.sh

Max File Size

The maximum file size that can be processed is approximately 1.8GB (with no php.ini memory limitations).

The 1.8GB limit is apparently dictated by the PHP openssl module (the OpenSSL executable will process files larger than 2GB).

Speed

Counter (CTR) cipher modes appear to be the fastest.

Encryption and decryption rates of approximately 170MB/sec are possible on mid-range hardware in CTR mode.

Low Memory Systems

A file-chunking version for limited memory availability works with the non-counter mode ciphers.

Adding the HMAC to the final file and decrypting successfully is not yet ready.

References

OpenSSL

Key Derivation

License

OpenSSL File Encrypt is released under the GPL v.3.

About

Simple file encryption using OpenSSL.

Topics

encryption openssl openssl-extension file-encryption

Resources

Readme

License

GPL-3.0 license
Activity

Stars

4 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages