(PHP 5 >= 5.4.0, PHP 7)
Examples:
Using SessionHandler to add encryption to internal PHP save handlers.
<?php /** * decrypt AES 256 * * @param data $edata * @param string $password * @return decrypted data */ function decrypt($edata, $password) { $data = base64_decode($edata); $salt = substr($data, 0, 16); $ct = substr($data, 16); $rounds = 3; // depends on key length $data00 = $password.$salt; $hash = array(); $hash[0] = hash('sha256', $data00, true); $result = $hash[0]; for ($i = 1; $i < $rounds; $i++) { $hash[$i] = hash('sha256', $hash[$i - 1].$data00, true); $result .= $hash[$i]; } $key = substr($result, 0, 32); $iv = substr($result, 32,16); return openssl_decrypt($ct, 'AES-256-CBC', $key, true, $iv); } /** * crypt AES 256 * * @param data $data * @param string $password * @return base64 encrypted data */ function encrypt($data, $password) { // Set a random salt $salt = openssl_random_pseudo_bytes(16); $salted = ''; $dx = ''; // Salt the key(32) and iv(16) = 48 while (strlen($salted) < 48) { $dx = hash('sha256', $dx.$password.$salt, true); $salted .= $dx; } $key = substr($salted, 0, 32); $iv = substr($salted, 32,16); $encrypted_data = openssl_encrypt($data, 'AES-256-CBC', $key, true, $iv); return base64_encode($salt . $encrypted_data); } class EncryptedSessionHandler extends SessionHandler { private $key; public function __construct($key) { $this->key = $key; } public function read($id) { $data = parent::read($id); if (!$data) { return ""; } else { return decrypt($data, $this->key); } } public function write($id, $data) { $data = encrypt($data, $this->key); return parent::write($id, $data); } } // we'll intercept the native 'files' handler, but will equally work // with other internal native handlers like 'sqlite', 'memcache' or 'memcached' // which are provided by PHP extensions. ini_set('session.save_handler', 'files'); $key = 'secret_string'; $handler = new EncryptedSessionHandler($key); session_set_save_handler($handler, true); session_start(); // proceed to set and retrieve values by key from $_SESSION