I'm not very familiar with encryption, and we are now using PHP's openssl_encrypt/decrypt in our application.
Is it possible to make the encryption/decryption work only before an expiry time? e.g. maybe the keys expire?
I'm not very familiar with encryption, and we are now using PHP's openssl_encrypt/decrypt in our application.
Is it possible to make the encryption/decryption work only before an expiry time? e.g. maybe the keys expire?
Yes, it is possible, you have to append the creation timestamp as bytes before what you need to encrypt:
$time = pack('N', time());
$enc = openssl_encrypt($time . $other_data, ...);
When you decrypt:
$dec = openssl_decrypt($encrypted, ...);
$time = unpack('N', substr($dec, 0, 4));
$other_data = substr($dec, 4);
if (time() - $time[1] > $EXPIRY_SECONDS)
die('Expired');
The N flag i've used in pack/unpack is for Big Endian byte order, you can also use V for little endian or L for machine-dependent, because the timestamp fit in 32 bit integer (4 bytes).