I want to put an extra layer of security to my hashed password (using password_hash function with argon2i) by encrypting the hashed password with a secure pepper, which is safed in a directory outside of the public aera of my wordpress site.
I did many research and came up with the following php code. But I am not a professional programmer so I am just asking myself, if this is the right way, how I used the both functions "openssl_encrypt()" and "hash_hmac()".
It would be great, to get some professional feedback from you guys.
Here is my code so far:
// Encryption Function
function secured_encrypt($data) {
$first_key = base64_decode(FIRSTKEY);
$second_key = base64_decode(SECONDKEY);
$method = "aes-256-cbc";
$iv_length = openssl_cipher_iv_length($method);
$iv = openssl_random_pseudo_bytes($iv_length);
$first_encrypted = openssl_encrypt($data,$method,$first_key, OPENSSL_RAW_DATA ,$iv);
$second_encrypted = hash_hmac('sha3-512', $first_encrypted, $second_key, TRUE);
$output = base64_encode($iv.$second_encrypted.$first_encrypted);
return $output;
}
function secured_decrypt($input) {
$first_key = base64_decode(FIRSTKEY);
$second_key = base64_decode(SECONDKEY);
$mix = base64_decode($input);
$method = "aes-256-cbc";
$iv_length = openssl_cipher_iv_length($method);
$iv = substr($mix,0,$iv_length);
$second_encrypted = substr($mix,$iv_length,64);
$first_encrypted = substr($mix,$iv_length+64);
$data = openssl_decrypt($first_encrypted,$method,$first_key,OPENSSL_RAW_DATA,$iv);
$second_encrypted_new = hash_hmac('sha3-512', $first_encrypted, $second_key, TRUE);
if (hash_equals($second_encrypted,$second_encrypted_new)) return $data;
return false;
}
My Answer:
is PHP?
PHP is a popular server-side scripting language used for web development. It is used to create dynamic web pages and can be embedded into HTML code. PHP is open-source and can be used on various operating systems, making it a versatile and widely-used language for web development.
Rate this post
3 of 5 based on 6616 votesComments