AES Encryption with PHP and MySQL

Occasionally, you may find the need to encrypt information within a database. One of the standards for encryption is AES (Advanced Encryption Standard). In fact, in a lot of government institutions, AES is the required data encryption method.

At this point, I feel I need to make an important distinction. Encryption is a reversible method of masking data; not to be confused with hashing, which is supposed to be a one-way encoding method (though, many hash methods can be cracked through various types of attacks).

If you do need to encrypt your data, you have a few options when working with PHP and MySQL.

The first option is a pair of built-in MySQL functions. AES_ENCRYPT() and AES_DECRYPT() make it easy to encrypt and decrypt your data directly through a MySQL query. In order to use the AES_ENCRYPT() and AES_DECRYPT() functions, you will need to provide the data (original data should be provided to the encryption function, the encrypted data should be provided to the decryption function) as the first parameter and a 16-bit key as the second parameter. The same key will need to be used for both functions (otherwise, the decryption won’t work properly).

Two Good Password-Related Resources

I just wanted to make a good, quick post about two good resources I find myself using quite a bit.  The first is an md5 encrypter.  It’s a very nice, simple tool that simply converts any string into an md5-encrypted string.

At work, I find myself making a lot of very simple scripts that require me to set up administration areas, but don’t really warrant taking the time to set up online registration, etc.  Instead, I simply use the md5 encrypter to encrypt the passwords I want to use, and then I enter those encrypted passwords directly into the database.

You can find that tool, along with quite a few others, at http://www.iwebtool.com/tools.  The link directly to the md5 encryption tool is http://www.iwebtool.com/md5.

The other tool I’ve found myself using quite a bit, for basically the same reasons listed above, is a random password generator.  The one I’ve been using the most is presented by PCTools.com.  It offers a lot of options, and does a very nice job of generating random, secure passwords.  You can find that tool at http://www.pctools.com/guides/password/.