Zend Encrypt and Decrypt. Ask Question. Up vote 0 down vote favorite. I have the below class. Browse other questions tagged php security encryption zend-framework cryptography or ask your own question. 2 years, 3 months ago. How to protect sensitive data in PHP using Zend Framework 2.

Prevent reverse engineering through PHP encoding and obfuscation

You worked hard to develop your code. Now you need to protect it. Zend Guard's powerful encoding and obfuscation technologies prevent reverse engineering, copyright infringement and unauthorized modification of your code.
Encoding is a process where the PHP source code is converted to an intermediate machine readable format, just like PHP encryption. This format is hard for humans to read and convert back to source code. As a result it protects your code from casual browsing. This means that if people obtain access to your site's code they will not be able to use that for unintended purposes.
Obfuscation is a process where the code is intentionally made very hard to read as source code or as reverse engineered code. This obfuscation is designed to manage risks that stem from unauthorized access to source code. These risks include loss of intellectual property, ease of probing for application vulnerabilities and loss of revenue that can result when applications are reverse engineered, modified to circumvent licensing and then recompiled. Although reverse engineering always existed in computer software, it is especially important for in computing environments such as PHP which take advantage of dynamic processing of language elements rather than code which has been compiled into machine language before being deployed.

Protect your PHP code from unauthorized use

Zend Guard's licensing capabilities allow Independent Software Vendors (ISVs) to create a variety of licensing policies for their commercial PHP applications. The product supports most commonly used licensing models such as concurrent users, time limited, segment of network, or server specific licensing. These capabilities allow vendors to maximize their revenue by preventing unauthorized use.

All notable changes to this project will be documented in this file, in reversechronological order by release.

3.3.2 - TBD

Added

  • Nothing.

Changed

  • Nothing.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • Nothing.

3.3.1 - 2019-05-14

Added

  • #60 adds support for PHP 7.3.

Changed

  • Nothing.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • Nothing.

3.3.0 - 2018-04-24

Added

  • #52 adds support for PHP 7.2.

Changed

  • #55 updates ZendCryptHmac to use hash_hmac_algos instead of hmac_algoswhen it is present.

  • #50 updates all classes to import functions and constants they use.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • Nothing.

3.2.1 - 2017-07-17

Added

  • #42 Added the CTR modefor OpenSSL.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • #48 Incorrect Rsa typedeclaration in Hybrid constructor.

3.2.0 - 2016-12-06

Added

  • #38 Support of GCM andCCM encryption mode for OpenSSL with PHP 7.1+

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • Nothing.

3.1.0 - 2016-08-11

Added

  • #32 adds a new Hybridencryption utility, to allow OpenPGP-like encryption/decryption of messagesusing OpenSSL. See the documentation for details.
Zend framework encrypt decrypt php code

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • Nothing.

3.0.0 - 2016-06-21

Added

  • #22 adds a requirementon ext/mbstring in order to install successfully.
  • #25 adds a newsymmetric encryption adapter for the OpenSSL extension; this is now thedefault adapter used internally by the component when symmetric encryption isrequired.
  • #25 adds support forzend-math v3.
  • #26 addsZendCryptPasswordBcrypt::benchmarkCost(), which allows you to find themaximum cost value possible for your hardware within a 50ms timeframe.
  • #11 adds a new optionto the ZendCryptPublicKeyRsaOptions class, openssl_padding (orsetOpensslPadding(); this is now consumed inZendCryptPublicKeyRsa::encrypt() andZendCryptPublicKeyRsa::decrypt(), instead of the optional $paddingargument.

Deprecated

  • #25 deprecates usage of themcrypt symmetric encryption adapter when used on PHP 7 versions, as PHP 7.1will deprecate the mcrypt extension.

Removed

  • #11 removes theoptional $padding argument from each of ZendCryptPublicKeyRsa'sencrypt() and decrypt() methods; you can now specify the value via theRsaOptions.
  • #25 removes support forzend-math v2 versions.
  • #29 removes support forPHP 5.5.

Fixed

  • #22 updates alloccurrences of substr() and strlen() to use mb_substr() andmb_strlen(), respectively. This provides better security with binary values.
  • #25 updates theZendCryptPasswordBcrypt implementation to use password_hash() andpassword_verify() internally, as they are supported in all PHP versions wesupport.
  • #19 fixes theDiffieHellman publickey implementation to initialize the BigIntegeradapter from zend-math as the first operation of its constructor, fixing afatal error that occurs when binary data is provided.

2.6.0 - 2016-02-03

Added

  • #18 adds documentation,and publishes it to https://zendframework.github.io/zend-crypt/

Deprecated

  • Nothing.

Removed

  • Removes the (development) dependency on zend-config; tests that used itpreviously have been updated to use ArrayObject, which implements the samebehavior being tested.

Fixed

  • #4 replacesthe zend-servicemanager with container-interop, and refactors thevarious plugin managers to implement that interface instead of extending theAbstractPluginManager.

2.5.2 - 2015-11-23

Added

  • Nothing.

Deprecated

  • Nothing.

Removed

  • Nothing.

Encrypt And Decrypt Password

Fixed

  • ZF2015-10: ZendCryptPublicKeyRsaPublicKey has a call to openssl_public_encrypt()which used PHP's default $padding argument, which specifiesOPENSSL_PKCS1_PADDING, indicating usage of PKCS1v1.5 padding. This paddinghas a known vulnerability, theBleichenbacher's chosen-ciphertext attack,which can be used to recover an RSA private key. This release contains a patchthat changes the padding argument to use OPENSSL_PKCS1_OAEP_PADDING.

    Users upgrading to this version may have issues decrypting previously storedvalues, due to the change in padding. If this occurs, you can pass theconstant OPENSSL_PKCS1_PADDING to a new $padding argument inZendCryptPublicKeyRsa::encrypt() and decrypt() (though typically thisshould only apply to the latter):

    where $rsa is an instance of ZendCryptPublicKeyRsa.

    (The $key and $mode argument defaults are null andZendCryptPublicKeyRsa::MODE_AUTO, if you were not using them previously.)

    We recommend re-encrypting any such values using the new defaults.

2.4.9 - 2015-11-23

Added

  • Nothing.

Deprecated

Zend Framework Encrypt Decrypt Php Online

  • Nothing.

Encrypt Php Files

Removed

  • Nothing.

Fixed

Php Aes Encrypt Decrypt

  • ZF2015-10: ZendCryptPublicKeyRsaPublicKey has a call to openssl_public_encrypt()which used PHP's default $padding argument, which specifiesOPENSSL_PKCS1_PADDING, indicating usage of PKCS1v1.5 padding. This paddinghas a known vulnerability, theBleichenbacher's chosen-ciphertext attack,which can be used to recover an RSA private key. This release contains a patchthat changes the padding argument to use OPENSSL_PKCS1_OAEP_PADDING.

    Users upgrading to this version may have issues decrypting previously storedvalues, due to the change in padding. If this occurs, you can pass theconstant OPENSSL_PKCS1_PADDING to a new $padding argument inZendCryptPublicKeyRsa::encrypt() and decrypt() (though typically thisshould only apply to the latter):

    where $rsa is an instance of ZendCryptPublicKeyRsa.

    (The $key and $mode argument defaults are null andZendCryptPublicKeyRsa::MODE_AUTO, if you were not using them previously.)

    We recommend re-encrypting any such values using the new defaults.

hotfix/5