<?php
$string='test data';
$output = '';
$encrypt_method = 'AES-256-CTR';
$key = random_bytes(32); // Store long-term
$secret_iv = random_bytes(16);
$encryption_key = hash_hkdf('sha256', $key, 32, 'encryption');
$authentication_key = hash_hkdf('sha256', $key, 32, 'authentication');
$unauthenticated = openssl_encrypt(
$string,
$encrypt_method,
$encryption_key,
OPENSSL_RAW_DATA,
$secret_iv
);
// NEW: Add an HMAC
$hmac = hash_hmac('sha256', $secret_iv . $unauthenticated, $authentication_key, true);
$output = base64_encode($hmac . $secret_iv . $unauthenticated);
var_dump($output);
preferences:
13.93 ms | 402 KiB | 5 Q