On the AWS Developer blog they've posted a new tutorial showing you how to use client-side encryption in the AWS PHP SDK for interactions with the AWS S3 service.

The AWS SDK for PHP released an S3EncryptionClient in version 3.38.0. With client-side encryption, data is encrypted and decrypted directly in your environment. This means that this data is encrypted before it’s transferred to Amazon S3, and you don’t rely on an external service to handle encryption for you.

The AWS SDK for PHP implements envelope encryption and uses OpenSSL for its encrypting and decrypting. The implementation is interoperable with other SDKs that match its feature support. It’s also compatible with the SDK’s promise-based asynchronous workflow.

The tutorial then walks you through the setup of a new S3EncryptionClient instance and how to use the putObject method to push the file contents up to S3 automagically using the encryption. It also includes a code example of pulling the file contents down and decrypting the contents via a getObject call.

On the Paragon Initiative site there's a new post that promises a way to solve all of your cryptography problems in PHP with three simple steps.

Last year, we began developing Halite, a FOSS high-level wrapper for the PHP bindings to libsodium. We use Halite extensively in our own projects (including our upcoming CMS which has quite a few of its own innovative cryptography features baked-in).

As of version 2.1.0, we are confident that Halite solves all of the application-layer cryptography problems that most PHP developers face; and it does so in three easy steps. (For transport-layer cryptography, you should still use TLS, of course.)

Their three steps to effectively using Halite and libsodium in your application are:

• Step One: Managing Cryptography Keys
• Step Two: Encrypting or Authenticating with Halite
• Step Three: Decrypt or Verify

Each step comes with example code showing how to use the tool to accomplish it. There's also a few other problems that are solved by using the library including generating encrypted password hashes and whole file cryptography.

On the SitePoint PHP blog today David Brumbaugh shows you how to encrypt large messages with phpseclib and asymmetric keys. phpseclib is a PHP library specifically designed to handle encryption and decryption in an easy-to-use way.

Most of us understand the need to encrypt sensitive data before transmitting it. Encryption is the process of translating plaintext (i.e. normal data) into ciphertext (i.e. secret data). During encryption, plaintext information is translated to ciphertext using a key and an algorithm. To read the data, the ciphertext must be decrypted (i.e. translated back to plaintext) using a key and an algorithm. [...] A core problem to be solved with any encryption algorithm is key distribution. How do you transmit keys to those who need them in order to establish secure communication? The solution to the problem depends on the nature of the keys and algorithms.

He talks some about the difference between symmetric and asymmetric algorithms and some advice about the selection of the right one (or ones) to use in your app. He also talks briefly about the problem with RSA keys, mostly that it has limits on the amount of text it can encrypt. His solution is to "encrypt the message with a symmetric key, then asymmetrically encrypt the key and attach it to the message". He explains the encryption/decryption process step by step and starts in showing the code to make phpseclib do the work. He shows how to generate the keys, build the encrypt function and the decrypt function with about 30 lines of code each.

Hasin Hayder has recently posted a tutorial to his blog showing how to use the Zend_Crypt_Rsa library for encrypting/decrytping data in a Zend Framework application.

Public/private key based encryption is very popular because of the strength it sets in encryption, specially above 1024 bits. Now there are external library to encrypt data using RSA encryption like RSA in phpclasses.org – the fun is we were also using this library in one of our ZF based project. But last week I’ve found that there is a hidden gem in the Library/Zend/Crypt folder (Zend_Crypt_Rsa) which can do the same thing using openssl library.

He couldn't find much in the way of documentation for the component, so he wrote up how to use it in three easy steps:

• Create your RSA public/private key using ssh-keygen
• Encrypt data using your public key
• Decrypt the cipher

The Zend_Crypt_Rsa makes it simple to encrypt/decrypt the data, just taking in a passphrase, a path to the RSA key file and the message contents.

On the NETTUTS.com site there's a new tutorial posted looking at creating a "crypter" class in PHP - a handy class to make encryption and decryption of data simpler.

Think about what we might need a class like this for? We want to encrypt important data with a password for security reasons. We also want, as already mentioned, to be able to decrypt that data when necessary. Why should you use symmetric algorithms? It's easy; when you're offering a password sent via email or something like that, you need the password to be sent in plaintext. The hash algorithms are not reversible. Once you have hashed a string you can't decipher the original text from the hash.

He lays out his basic class with three methods - the constructor that sets up the key and algorithm and the encrypt and decrypt functions. These use to mcrypt functions to handle the heavy lifting.

The Zend Developer Zone has a new tutorial posted today showing how to use the open source encryption tool GnuPG from inside PHP.

While GnuPG works very well as a standalone tool, it also plays very well with PHP. This integration is possible due to PHP's ext/gnupg extension, which provides a flexible and powerful API to access GnuPG functions for encryption, decryption, message signing and verification, and key maintenance. And your mission (should you choose to accept it) will be to accompany me over the next few pages, while I give you a crash course in this API, showing you how easy it is to integrate these functions into your next PHP application.

The tutorial walks you through some of the basic concepts behind the "lock and key" GnuPG implements and how to get the extension installed so you can follow along. His examples range from a basic encryption of a string out to a full encrypt/decrypt example, how to sign information with a key and even a method for sending an encrypted message.

Harry Fuecks came across a need in his development work to bridge a gap between a PHP script and some Java work he'd done. He found the way that fit his situation the best - the encryption of the data on the PHP side via OpenSSL.

Needed a mechanism to be able to pass chunks of data securely from PHP to Java [...] One solution might be something "from scratch" involving mcrypt or PHP libraries like Crypt_RSA. [...] Another approach is GnuPG, either via the command line as discussed in this tutorial or via the GnuPG extension from PECL.

Option 3 is using OpenSSL and PHP's openssl_seal() function. SSL is normally used for encrypting networked communication between peers but that's not all it can do. [...] What's more - and perhaps the biggest win - it also allows us to re-use existing SSL certificates.

He uses the openssl_seal functionality on top of the EVP encrypted envelope on the certificate to handle the encrypt/decrypt of the data. Both the PHP code and Java code (and execution example) are included in the post.

Harry Fuecks came across a need in his development work to bridge a gap between a PHP script and some Java work he'd done. He found the way that fit his situation the best - the encryption of the data on the PHP side via OpenSSL.

Needed a mechanism to be able to pass chunks of data securely from PHP to Java [...] One solution might be something "from scratch" involving mcrypt or PHP libraries like Crypt_RSA. [...] Another approach is GnuPG, either via the command line as discussed in this tutorial or via the GnuPG extension from PECL.

Option 3 is using OpenSSL and PHP's openssl_seal() function. SSL is normally used for encrypting networked communication between peers but that's not all it can do. [...] What's more - and perhaps the biggest win - it also allows us to re-use existing SSL certificates.

He uses the openssl_seal functionality on top of the EVP encrypted envelope on the certificate to handle the encrypt/decrypt of the data. Both the PHP code and Java code (and execution example) are included in the post.