Ad

Laravel Decrypt With Secret Key

- 1 answer

I need to store credit card details into database in encrypted form. And then for further use I want to decrypt that cipher with a password or secret key.

I am new with laravel. I have already converted password into hash with laravel, if I will use laravel password encryption then I wont be able to decrypt card details. Because I know that is one way algorithm.

I did search on stackoverflow and on google but didn't find any useful info.

Now, I want to know how I can save card details in mysql database with secure encryption which should be decryptable with secret key or password.

Ad

Answer

When you encrypt password it uses Hash::make() which uses PHP's password_hash() function internally

But when you encrypt using Crypt::encrypt() it uses openssl, base_64, your .env APP_KEY as a salt and some other stuff which is here

 /**
     * Encrypt the given value.
     *
     * @param  mixed  $value
     * @param  bool  $serialize
     * @return string
     *
     * @throws \Illuminate\Contracts\Encryption\EncryptException
     */
    public function encrypt($value, $serialize = true)
    {
        $iv = random_bytes(openssl_cipher_iv_length($this->cipher));

        // First we will encrypt the value using OpenSSL. After this is encrypted we
        // will proceed to calculating a MAC for the encrypted value so that this
        // value can be verified later as not having been changed by the users.
        $value = \openssl_encrypt(
            $serialize ? serialize($value) : $value,
            $this->cipher, $this->key, 0, $iv
        );

        if ($value === false) {
            throw new EncryptException('Could not encrypt the data.');
        }

        // Once we get the encrypted value we'll go ahead and base64_encode the input
        // vector and create the MAC for the encrypted value so we can then verify
        // its authenticity. Then, we'll JSON the data into the "payload" array.
        $mac = $this->hash($iv = base64_encode($iv), $value);

        $json = json_encode(compact('iv', 'value', 'mac'), JSON_UNESCAPED_SLASHES);

        if (json_last_error() !== JSON_ERROR_NONE) {
            throw new EncryptException('Could not encrypt the data.');
        }

        return base64_encode($json);
    }

So in other words password_hash does not have a key to decrypt but Crypt::encrypt() has and if you chose to go with crypt::encrypt and save it in database make sure that you get a copy of your .env file APP_KEY

Ad
source: stackoverflow.com
Ad