{"id":21689109,"url":"https://github.com/tinram/openssl-file-encrypt","last_synced_at":"2025-06-26T20:09:13.645Z","repository":{"id":83640102,"uuid":"122755432","full_name":"Tinram/OpenSSL-File-Encrypt","owner":"Tinram","description":"Simple file encryption using OpenSSL.","archived":false,"fork":false,"pushed_at":"2020-01-29T18:45:21.000Z","size":41,"stargazers_count":4,"open_issues_count":0,"forks_count":2,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-03-26T04:22:12.649Z","etag":null,"topics":["encryption","file-encryption","openssl","openssl-extension"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Tinram.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-02-24T16:03:32.000Z","updated_at":"2020-01-29T18:45:23.000Z","dependencies_parsed_at":null,"dependency_job_id":"df3e7e2e-45bb-4d8c-9f75-e2b66141de9d","html_url":"https://github.com/Tinram/OpenSSL-File-Encrypt","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tinram%2FOpenSSL-File-Encrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tinram%2FOpenSSL-File-Encrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tinram%2FOpenSSL-File-Encrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Tinram%2FOpenSSL-File-Encrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Tinram","download_url":"https://codeload.github.com/Tinram/OpenSSL-File-Encrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248544903,"owners_count":21122050,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encryption","file-encryption","openssl","openssl-extension"],"created_at":"2024-11-25T17:21:15.368Z","updated_at":"2025-04-12T09:24:44.537Z","avatar_url":"https://github.com/Tinram.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"\r\n# OpenSSL File Encrypt\r\n\r\n#### Simple symmetric file encryption using OpenSSL.\r\n\r\n\r\n## Purpose\r\n\r\nProvide simple-to-use and strong file encryption with OpenSSL and HMAC authentication, via an easy-to-use PHP wrapper.\r\n\r\n\r\n## Background\r\n\r\nOpenSSL includes tools for encrypting files; however, its command-line usage could be considered 'unfriendly':\r\n\r\n```console\r\n    openssl enc -e -aes-256-cbc -in abc.txt -out abc.enc -k password -S deadbeef\r\n```\r\n\r\nThis package can replace the above file encryption command with something simpler:\r\n\r\n```console\r\n    php cmdline_example.php -e abc.txt\r\n```\r\n\r\n\r\n## Example\r\n\r\n### Encrypt\r\n\r\n```console\r\n    php cmdline_example.php -e abc.txt\r\n```\r\n\r\nresults in the encrypted file *abc.txt.osl*\r\n\r\n### Decrypt\r\n\r\n```console\r\n    php cmdline_example.php -d abc.txt.osl\r\n```\r\n\r\nresults in *abc.txt* (with the correct password)\r\n\r\n\u0026ndash; and ***overwrites*** the original file *abc.txt* if it is present in the same directory.\r\n\r\n\r\n## Set-up\r\n\r\n### Improve Encryption Security\r\n\r\nIn *cmdline_example.php* (and any new files based on this file):\r\n\r\n+ increase the value of `MY_KEY_STRETCHES`\r\n    + high values will cause a noticeable processing delay \u0026ndash; which is desirable to slow brute-force attacks against encrypted files\r\n+ replace `MY_SALT` string with a new CSPRNG-generated string of random bytes, separating your key-derivation salt from the publicly-available (GitHub) default values\r\n    + ideally the `MY_SALT` string should be unique for each encryption transaction, voiding a rainbow table created against a static salt\r\n    + however, in a command-line script context, this impedes usability (effectively two passwords, one always different per transaction)\r\n+ securely backup the new `MY_KEY_STRETCHES` and `MY_SALT` values\r\n    + if the the new values are lost, the ***encrypted data will be unrecoverable***.\r\n\r\n\r\n## Testing\r\n\r\n```bash\r\n    cd tests/\r\n\r\n    sh test_openssl-file-encrypt.sh\r\n```\r\n\r\nor\r\n\r\n```bash\r\n    ./test_openssl-file-encrypt.sh\r\n```\r\n\r\n\r\n## Max File Size\r\n\r\nThe maximum file size that can be processed is approximately 1.8GB (with no *php.ini* memory limitations).\r\n\r\nThe 1.8GB limit is apparently dictated by the PHP *openssl* module (the OpenSSL executable will process files larger than 2GB).\r\n\r\n\r\n## Speed\r\n\r\nCounter (CTR) cipher modes appear to be the fastest.\r\n\r\nEncryption and decryption rates of approximately 170MB/sec are possible on mid-range hardware in CTR mode.\r\n\r\n\r\n## Low Memory Systems\r\n\r\nA file-chunking version for limited memory availability works with the non-counter mode ciphers.\r\n\r\nAdding the HMAC to the final file and decrypting successfully is not yet ready.\r\n\r\n\r\n## References\r\n\r\n### OpenSSL\r\n\r\n+ [Usability](https://jameshfisher.com/2017/12/02/the-sorry-state-of-openssl-usability)\r\n\r\n### Key Derivation\r\n\r\n+ [StackExchange](https://security.stackexchange.com/questions/29106/openssl-recover-key-and-iv-by-passphrase)\r\n+ [EVP_BytesToKey](https://www.openssl.org/docs/manmaster/man3/EVP_BytesToKey.html)\r\n+ [Source](https://github.com/openssl/openssl/blob/master/apps/enc.c)\r\n\r\n\r\n## License\r\n\r\nOpenSSL File Encrypt is released under the [GPL v.3](https://www.gnu.org/licenses/gpl-3.0.html).\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftinram%2Fopenssl-file-encrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftinram%2Fopenssl-file-encrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftinram%2Fopenssl-file-encrypt/lists"}