cycle-crypt
Variable size symmetric key encryption algorithm.
PHP & JavaScript implementation, small, portable and fast.
The cipher-key is generated by cycling the input key with a variation of XorShift+ random number generator. The bigger the key-size, the longer the period.
Install
PHP
composer require duzun/cycle-crypt
JS
npm i -S cycle-crypt
Browser
<script src="https://unpkg.com/cycle-crypt"></script>
Usage
Here is an example of encrypting on server and decrypting on client, salt auto-generated.
PHP:
use function duzun\cycleCrypt;
$key = '*** *** ***';
$message = 'Lorem Ipsum is simply dummy text of the printing industry...';
$ciphered = cycleCrypt($key, $message, true);
echo base64_encode($ciphered);
Express.js:
const cycleCrypt = require('cycle-crypt');
const key = '*** *** ***';
app.get('/', function (req, res) {
let message = 'Lorem Ipsum is simply dummy text of the printing industry...';
let ciphered = cycleCrypt(key, message, true);
res.send(Buffer.from(ciphered).toString('base64'));
});
Browser:
const key = '*** *** ***';
let message = await fetch('/')
.then((r) => r.text())
.then(atob)
.then((ciphered) => cycleCrypt(key, ciphered, false));
console.log(message.toString('utf8'));
It is also possible to do the reverse: encrypt on client and decrypt on server.
You can also use your salt:
$salt = random_bytes(17);
$ciphered = cycleCrypt($key, $message, $salt);
echo json_encode([
'salt' => base64_encode($salt),
'ciphered' => base64_encode($ciphered)
]);
let message = cycleCrypt(key, ciphered, salt);
On the JS end, message
is an instance of Uint8Array
with a custom .toString(encoding)
,
where encoding
is one of 'binary', 'hex', 'base64', 'utf8' or undefined (guess).
For older browsers you should use a DataView polyfill.
Encrypt in chunks
Here is an example of encrypting a big file in small chunks,
thus avoid using lots of memory.
use duzun\CycleCrypt;
$cc = new CycleCrypt($key);
$salt = $cc->getSalt();
$chunkSize = $cc->getKeyByteSize();
$in = fopen('/path/to/file', '+r');
$out = fopen('/path/to/encrypted_file', '+w');
while(!feof($in)) {
$chunk = fread($in, $chunkSize);
fwrite($out, $cc($chunk));
}
fclose($in);
fclose($out);
file_put_contents('/path/to/encrypted_file.salt', $salt)
You don't have to write the code to encrypt a file for yourself, cause there is a CLI for that:
Node.js
npm install -g cycle-crypt
cycle-crypt -k '**** ****' -s 'the salt' -i /path/to/file -o /path/to/encrypted_file
PHP
composer global require duzun/cycle-crypt
cycry.php -k '**** ****' -s 'the salt' -i /path/to/file -o /path/to/encrypted_file
Note: The Node.js CLI version is much faster than the PHP one.
CLI Usage
cycle-crypt -k <key> [-s <salt> | -si <salt_in> | -so <salt_out>] [-i <file_in>] [-o <file_out>]
cycle-crypt -h|--help
-h, --help Show this help
-k, --key The encryption key. Could be hex if starts with '0x'.
-s, --salt Random bytes to be used as salt. Could be hex if starts with '0x'.
-si, --salt-in Filename or - from where to read the salt.
-so, --salt-out Filename or - where to output the generated salt.
-i, --in Input file to encrypt or - for STDIN
-o, --out Output file or - for STDOUT
You can not combine -s and -si, use just one of them.
-i and -o default to -
Warning!
If you deal with a security critical application, please consider using one of the NIST approved standard encryption algorithms like AES.
If you don't trust any encryption algorithm, here is a hint:
Choose two or more ciphers C1
, C2
... Cn
from two or more vendors.
When ciphering the message M
with C
= M
^ C1
^ C2
^ ... ^ Cn
, the secrecy of the cipher-text C
is not worse than the best of Ci
.
In other words, it can't hurt the secrecy when xor
ing more independent ciphers.
The theory behind this property is analysed and proven in my Masters Thesis:
The sum c = r1 ⊕ r2 ⊕ ... ⊕ rm, where c, ri ∊ 𝔹k (string of bits of length k), i=1,m, is a perfect secret if and only if there is at least one ri perfect secret and the operation ⊕ is a cryptographic safe operation.
To Do
The JS version uses Uint32Array and Uint8Array, which use little endian or big endian, depending on hardware. The current implementation has been tested in little endian HW only!
Have to implement the alternative to big endian too.
link