how can i encrypt things with php using a key? I would prefer not to have to install Mcrypt. I also need the encryption to be pretty strong.
From http://www.ibm.com/developerworks/opensource/library/os-php-encrypt/:
... With PGP and other public-key encryption methods, there's no way to deduce someone's private key from the public key.
... An added feature of PGP is that the password for the private key isn't really a password; it's a passphrase. And it can be an entire saying, including punctuation, spaces, and all manner of characters.
... One way to use PGP-based public-key encryption is to use GNU Privacy Guard (GPG). Any messages encrypted using GPG can be decrypted with GPG, PGP, or any number of e-mail client plug-ins that support either program. In the example, an online form accepts user input, including a message; encrypts that message for a particular recipient using GPG; then sends it on.
Example:
<?php
//set up users
$from = "[email protected]";
$to = "[email protected]";
//cut the message down to size, remove HTML tags
$messagebody = strip_tags(substr($_POST['msg'],0,5000));
$message_body = escapeshellarg($messagebody);
$gpg_path = '/usr/local/bin/gpg';
$home_dir = '/htdocs/www';
$user_env = 'web';
$cmd = "echo $message_body | HOME=$home_dir USER=$user_env $gpg_path" .
"--quiet --no-secmem-warning --encrypt --sign --armor " .
"--recipient $to --local-user $from";
$message_body = `$cmd`;
mail($to,'Message from Web Form', $message_body,"From:$from\r\n");
?>
For one-way encryption, I always use phpass
I believe it tries a few encryption methods and falls back in case they are not available on your build.
Try openssl_xxx functions. There's RSA and Diffie-Hellmann in there. Maybe more, I only worked with these.