aes 256 encryption decryption php

Secure AES-256 Encryption and Decryption in PHP

In today’s digital age, ensuring the confidentiality of sensitive information is paramount.

AES-256 encryption is a robust method widely used to protect data from unauthorized access.

In this tutorial, we’ll explore how to implement AES-256 encryption and decryption in PHP, a popular server-side programming language.

By the end of this guide, you’ll have a solid understanding of how to safeguard your secrets using this state-of-the-art encryption technique.

What is AES-256 Encryption?

AES, short for Advanced Encryption Standard, is a symmetric encryption algorithm widely considered unbreakable when implemented correctly.

The “256” in AES-256 refers to the key size in bits, making it highly secure against brute-force attacks.

AES-256 encryption operates on fixed-size blocks of data and uses a secret key to transform plaintext into ciphertext, rendering it unreadable without the correct key.

Setting Up AES-256 Encryption in PHP

To get started, let’s examine the PHP code provided for AES-256 encryption and decryption:

$plaintext = 'My secret message 1234';
$password = '3sc3RLrpd17';
$method = 'aes-256-cbc';

$key = password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]);

// IV must be exact 16 chars (128 bit)
$iv = random_bytes(16);

$encrypted = base64_encode(openssl_encrypt($plaintext, $method, $key, OPENSSL_RAW_DATA, $iv));
$decrypted = openssl_decrypt(base64_decode($encrypted), $method, $key, OPENSSL_RAW_DATA, $iv);

echo 'plaintext=' . $plaintext . "\n";
echo 'cipher=' . $method . "\n";
echo 'encrypted to: ' . $encrypted . "\n";
echo 'decrypted to: ' . $decrypted . "\n\n";

Understanding the Code

  • $plaintext: This variable holds the message we want to encrypt. In this example, “My secret message 1234” is the plaintext.
  • $password: Here, we define the password used to derive the encryption key.
  • $method: We set the encryption method to “aes-256-CBC,” which is the AES-256 encryption mode in Cipher Block Chaining (CBC) mode.
  • $key: The code generates the encryption key using the password provided, utilizing the password_hash() function with the PASSWORD_BCRYPT algorithm and a cost factor of 12.
  • $iv: The Initialization Vector (IV) is required for AES-256 in CBC mode and must be exactly 16 bytes long (128 bits).
  • $encrypted: The encrypted ciphertext is obtained by using the openssl_encrypt() function, which takes the plaintext, encryption method, encryption key, IV, and other parameters. The ciphertext is then Base64 encoded for easy representation.
  • $decrypted: To ensure the decryption process works, we use the openssl_decrypt() function to reverse the encryption process. This returns the original plaintext after decoding the Base64 representation.

Implementing AES-256 Encryption in PHP

To utilize AES-256 encryption in your PHP projects, follow these steps:

  1. Install Required Libraries: Ensure you have OpenSSL and Mcrypt extensions enabled in your PHP environment.
  2. Create a Secure Password: Choose a strong password to generate a reliable encryption key. It’s crucial to use a cryptographically secure pseudorandom number generator to generate the password.
  3. Encrypting Data: Use the openssl_encrypt() function to encrypt your sensitive data. Ensure you choose a secure encryption method and provide a strong key and IV for optimal security.
  4. Decrypting Data: To retrieve the original plaintext, utilize the openssl_decrypt() function. Remember to pass the same encryption method, key, and IV that were used during encryption.


In this tutorial, we’ve explored AES-256 encryption and decryption in PHP, a fundamental technique for safeguarding sensitive information.

By implementing strong encryption algorithms like AES-256, you can enhance the security of your applications and protect your users’ data from prying eyes.

Remember always to use secure passwords, strong encryption keys, and robust initialization vectors to maximize the protection of your encrypted data.

With these best practices in place, you can confidently protect your secrets and maintain data confidentiality in the ever-evolving digital landscape.