Encryption Without mcrypt??

Anon

Is there a simple, and secure way to en/decrypt a short string (like a credit card number) in PHP without mcrypt? (my host doesn't have it installed.)
Thanks for any ideas!
Lucas

van__

Well, you can make it look encrypted
by parsing it in and out of binary format,
not human readable, but definantly not encrypted.

...but hey, it's better than nothing 😉

<?
$str = "mydata is sooooo secret 🙂";

//the easy part is 'encrypting' it...
for($i=0;$i<strlen($str);$i++) { $enc .= pack('C',decbin(ord(substr($str,$i,1)))); }
echo "Here's the binary output<br>\n";
echo $enc;

//now to decode...
$dump = unpack('C*',$enc);
echo "<p>Here is what we found...</p>\n";
print_r($dump);

foreach ($dump as $key=>$val) {
for ($x=0;$x<(8-strlen($val));$x++) { $val .= '0'; }
$test = chr(decbin($val));
	if (ord($test) < 255) {
  $str .= $test;
  }
}

echo "<p>And here's the decrypted string: " . $str;

Anon

Unfortunately I don't think that's good enough -- it will be credit card numbers so it really needs to be encrypted I think... Anyway, I totally forgot about PGP. I think that's probably my best option, no?
Thanks anyway!!
Lucas

van__

Hey, I didn't even think about PHP either.
Well there you go.

And actually, you could in theory turn the example I gave you into actual encryption by bit masking the information just before you pack it. It would take a lil bit of doing to be able to use a key to control a bit mask and then undo the masking on the encrypted value. But that would give you a binary encrypted cypher.

And who knows, maybe you'll become some ace at crypto 🙂

van__

Actually, the bitmaking concept would probably take you a bit, but I thought of that right after I posted the example as it occured to me that it could infact be possible to code an actual encryption algorhythm with php, since they are all open source, and freely available.

But, I'm probably way more interested in that than you are, since I was already thinking of how I could afford encryption with my software to those whose hosts didn't have it.

But, if PGP doesn't work out for you, you could also consider getting a merchant provider to take care of it for you. There are a plethora of service providers who store all the credit card information for you on their servers, so you wouldn't have to provide anything but an SSL connection.

Anyway, good luck