Skip to content

How to encrypt & decrypt

tpkarras edited this page May 13, 2025 · 21 revisions

Encrypting data is a one step process and decrypting data is a two step process. All you need for encrypting and decrypting is the key and/or AAD provided when encrypting and a KEFInfo instance which contains essential information needed to decrypt the data.

Encrypting data

Encrypting data is done through the encryptDataKEF() function which will take the data provided and split it into ranges set by the byte range of which can be the default or manually set as long as it's not less than the MIN_BYTES or MAX_BYTES constants. Anything below or above will either cause a segmentation fault or be too much for OpenSSL to handle.

The description for the encryptDataKEF() function is below.

encryptDataKEF(string $data, string $passphrase, string $cipher, int $byte_range = 0, string|null $aad = null, string|null $output = null)

(Note: $data can be either a file path or the data itself. $output must be a path with a file name at the end, file must not exist prior.)

Decrypting data

Decrypting data requires one more step than encrypting data.

You will have to create a KEFInfo object in order to decrypt the data.

The KEFInfo object has the following parameters required for data decryption and subsequent serving of data.

  1. The MIME content type, this can be passed as an HTTP Content-Type header. The Content-Type can be retrieved using this function.
getContentType()
  1. The length of the KEF data and the original data, this is used to verify the integrity of both the KEF and original data, it can also be passed as an HTTP Content-Length header. The Length of either the original or KEF data can be retrieved using this function.
getLength(bool $type = false)
  1. The length of the KEF data and the original data, both are used to verify the integrity of both the KEF and original data, it can also be passed as an HTTP Content-Length header. The Length of either the original or KEF data can be retrieved using this function.
getLength(bool $type = false)
  1. The MD5 checksum of the KEF data and the original data, both are used to verify the integrity of both the KEF and original data, it can also be passed as an HTTP Etag header. The checksum of either the original or KEF data can be retrieved using this function.
getChecksum(bool $type = false)

To create the KEFInfo object, simply pass the $data into the function.

Clone this wiki locally