Created
February 10, 2025 16:43
-
-
Save buren/28da5da3aa06b937b2a59bef54b6cab7 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Encrypts an email address using AES-256 GCM. | |
| * | |
| * @param string $email The email address to encrypt. | |
| * @param string $secretKeyBase64 The base64 encoded secret key (32 bytes when decoded). | |
| * @return string The URL-safe base64 encoded string of the combined nonce and ciphertext. Returns an empty string on error. | |
| * @throws Exception If the key is invalid or encryption fails. | |
| */ | |
| function encryptEmailAESGCM(string $email, string $secretKeyBase64): string { | |
| $cipher = 'aes-256-gcm'; | |
| // Decode the secret key from Base64 | |
| $secretKey = base64_decode($secretKeyBase64); | |
| if (strlen($secretKey) !== 32) { | |
| throw new Exception("Secret key must be 32 bytes long for AES-256 (when base64 decoded)"); | |
| } | |
| // Generate a 96-bit (12-byte) nonce | |
| $nonce = random_bytes(12); | |
| // Encrypt the email | |
| $ciphertext = openssl_encrypt( | |
| $email, | |
| $cipher, | |
| $secretKey, | |
| OPENSSL_RAW_DATA, // Important for interoperability | |
| $nonce, | |
| $tag // Authentication tag is returned by reference | |
| ); | |
| if ($ciphertext === false) { | |
| throw new Exception("Encryption failed: " . openssl_error_string()); | |
| } | |
| // Combine nonce, ciphertext and tag and then URL-safe Base64 encode | |
| return base64UrlEncode($nonce . $ciphertext . $tag); | |
| } | |
| /** | |
| * Encodes data as URL-safe Base64. | |
| * | |
| * @param string $data The data to encode. | |
| * @return string The URL-safe Base64 encoded string. | |
| */ | |
| function base64UrlEncode(string $data): string { | |
| return str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($data)); | |
| } | |
| /** | |
| * Decodes a URL-safe Base64 string. (Only for testing/completeness - NOT used in the main Magento integration) | |
| * | |
| * @param string $data The URL-safe Base64 encoded string. | |
| * @return string The decoded string. | |
| */ | |
| function base64UrlDecode(string $data): string { | |
| return base64_decode(str_replace(['-', '_'], ['+', '/'], $data)); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // --- Example Usage (For Testing) --- | |
| $secretKeyBase64 = 'VGVzdEtleTI1NiBiaXRzIG11c3QgYmUgMzIgYnl0ZXM='; // Your base64 encoded 32-byte key | |
| $email = '[email protected]'; | |
| $encryptedEmail = encryptEmailAESGCM($email, $secretKeyBase64); | |
| echo "Encrypted Email: " . $encryptedEmail . "\n"; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment