Encrypt files in PHP

Have you ever think of encrypting your secret files yourself? If you dunno how to do it yourself, here’s the rescue! In this article, I’ll teach you how to encrypt/decrypt files entirely in PHP!

First, please make sure Mcrypt is with your PHP bundle. If you don’t have this extension, please install it first as we need this to encrypt/decrypt files.

Then, it’s time to code! The code is pretty short as it uses the Mcrypt stream filter which also brings a huge performance increase when handling large files.

<?php
// The password
$passphrase = 'My secret';

// Turn a human readable passphrase
// into a reproducible iv/key pair

$iv = substr(md5("\x1B\x3C\x58".$passphrase, true), 0, 8);
$key = substr(md5("\x2D\xFC\xD8".$passphrase, true) .
md5("\x2D\xFC\xD9".$passphrase, true), 0, 24);
$opts = array('iv' => $iv, 'key' => $key, 'mode' => 'stream');

// Open the file
$fp = fopen('secret-file.enc', 'wb');

// Add the Mcrypt stream filter
// We use Triple DES here, but you
// can use other encryption algorithm here
stream_filter_append($fp, 'mcrypt.tripledes', STREAM_FILTER_WRITE, $opts);

// Wrote some contents to the file
fwrite($fp, 'Secret secret secret data');

// Close the file
fclose($fp);

This is the code that encrypt contents written into the files. Isn’t this pretty short? But, how can I make the contents readable again? Here’s the way to decrypt the files:

<?php
// The password
$passphrase = 'My secret';

// Turn a human readable passphrase
// into a reproducible iv/key pair

$iv = substr(md5("\x1B\x3C\x58".$passphrase, true), 0, 8);
$key = substr(md5("\x2D\xFC\xD8".$passphrase, true) .
md5("\x2D\xFC\xD9".$passphrase, true), 0, 24);
$opts = array('iv' => $iv, 'key' => $key, 'mode' => 'stream');

// Open the file
$fp = fopen('secret-file.enc', 'rb');

// Add the Mcrypt stream filter
// We use Triple DES here, but you
// can use other encryption algorithm here
stream_filter_append($fp, 'mdecrypt.tripledes', STREAM_FILTER_READ, $opts);

// Read the file contents
fpassthru($content);

Now we have a nice and easy solution to keep things secret in PHP. (Just to make sure, you need to change $passphrase into your very own password and keep it secret.)

Finally got my root domain – now with CloudFlare on!

Do all you guys found that the domain for this site has been changed? Yeah, I finally got my own root domain: licson.net. Actually, I wanted my root domain for a long time but I hadn’t got enough money to buy one myself. Finally, with help of Allen Chou, my furious dreams can now come true. (There’s some payoffs after I purchased the root domain. E.g. lost my SSL certificate. I’ll talk about that in the following post.)

Now with my own domain, I can finally do something big! After this domain has been successfully activated, I can now try using a CDN service (What I’m using is CloudFlare, it’s really great!) to speed up my site. Originally with the sub-domains provided by my cloud hosting, OpenShift, I cannot leverage the power of CloudFlare’s global CDN network to speed up my site as I cannot change the DNS records of the sub-domains. Now, I can finally give CloudFlare a try and the performance speed ups are great! The response speed of my site before using CloudFlare is 266 ms and the response speed of my site now is 66 ms. What a great speed-up!

Receiving such a great speed up, I think my site will make a better impression to all the visitors. (Also, I’m sorry that I didn’t write posts as often as before as I’m also writing articles for other sites and I don’t have many time to write posts for my blog.) However, I got some problems when login to the backend. As I forced WordPress to use secure connections when login, the SSL certificate doesn’t match the new root domain I’m using. I’m forced to disable that in order to login normally. Now, it’s less secure when I login. I missed the secure connections that I used to have.

You may ask: why I don’t buy another SSL certificate so as to get the secure connections back? You need to know: SSL certificates are super expensive for a student like me. I’m so sure that I won’t be able to get my secure connections back unless I start to save some money for that.

OK that’s what I feel about my new root domain. Remember to follow-up my latest posts!

I have my personal website!

Here’s a good news: I have a personal website! After a few days of designing, it finally came true. This is great!

Here’s my personal website: http://s0.licson.net/

(Of course I won’t discontinue writing blog posts. That’s just my nice-looking webpage that represents me.)

Hope you like it.

Asynchronous – Multithreading or Event Loops?

Asynchronous programming is a big hit as it does not block other code’s execution when something is ongoing. Usually, asynchronous states can be achieved in a few ways.

1. Using threads
In multi-core machines, we can spawn different threads to do different things asynchronously. However, the process of spawning threads requires time and each thread consumes memory, which may not scale well when many jobs are needed to be done. Examples are Apache and IIS.

2. Using event loops
The jobs are executed immediately and an event loop is used to check for the execution state of each job. This structure does not involve spawning threads so the memory usage is lower and can handle many jobs easily. Examples are Nginx and node.js.

Since the rise of node.js, the event loop structure has been proven to work well even with thousands or even millions of jobs. However, in multi-core machines the event loop structure cannot uses all the power provided by the CPU as only one thread (core) is used for computation. This can be solved by combining two structures to maximize the pros of them.