← Back to glossary

Symmetric Encryption

cryptography PHP 7.2+ Advanced

Also Known As

AES AES-256-GCM ChaCha20 AEAD

TL;DR

Encryption where the same key encrypts and decrypts data — fast and suitable for bulk data, but key distribution is the primary challenge.

Explanation

Symmetric algorithms (AES, ChaCha20) use one key for both operations. AES-256-GCM is the current gold standard: 256-bit key, Galois/Counter Mode provides both encryption and authentication (AEAD). A unique random IV (nonce) must be used for every encryption with the same key. ChaCha20-Poly1305 is preferred on systems without AES hardware acceleration. The key distribution problem — securely sharing the key — is solved using asymmetric encryption or key exchange protocols.

Common Misconception

✗ AES-256 in any mode is secure — AES-256-ECB (Electronic Codebook) encrypts identical blocks identically, leaking data patterns; always use GCM or another authenticated mode.

Why It Matters

Using the wrong cipher mode (ECB) or reusing an IV turns strong AES into weak or broken encryption — implementation choices matter as much as key length.

Common Mistakes

Using ECB mode — identical plaintext blocks produce identical ciphertext, revealing patterns.
Reusing the same IV with the same key — completely breaks GCM security.
Not using authenticated encryption (GCM) — unauthenticated ciphertext can be silently tampered with.
Storing the IV separately from the ciphertext in an unreliable way — prepend IV to ciphertext for simple management.

Code Examples

✗ Vulnerable

// AES-256-ECB — insecure mode, no authentication:
$encrypted = openssl_encrypt($data, 'AES-256-ECB', $key);
// Identical 16-byte blocks encrypt identically — patterns visible
// No IV — deterministic, dictionary-attackable
// No authentication — tampering undetectable

✓ Fixed

// AES-256-GCM — authenticated, random IV:
function encrypt(string $plaintext, string $key): string {
    $iv = random_bytes(12); // GCM standard IV size
    $tag = '';
    $ciphertext = openssl_encrypt(
        $plaintext, 'AES-256-GCM', $key,
        OPENSSL_RAW_DATA, $iv, $tag
    );
    return base64_encode($iv . $tag . $ciphertext); // IV + auth tag + ciphertext
}

function decrypt(string $encoded, string $key): string {
    $data = base64_decode($encoded);
    $iv = substr($data, 0, 12);
    $tag = substr($data, 12, 16);
    $ciphertext = substr($data, 28);
    return openssl_decrypt($ciphertext, 'AES-256-GCM', $key, OPENSSL_RAW_DATA, $iv, $tag);
}

References

↗ https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html

Tags

cryptography security encryption

Added 15 Mar 2026

Edited 22 Mar 2026

Curated in Warsaw under one editorial standard. 1,444 terms, single voice. About this reference →

Rate this term

No ratings yet

🤖 AI Guestbook educational data only

| |

Last 30 days

Agents 0

No pings yet today

No pings yesterday

Amazonbot 8 Perplexity 7 Unknown AI 2 Google 2 Ahrefs 2

Also referenced

Weak Cryptography 27 Encryption at Rest 24 Key Management & Rotation 23 openssl_encrypt() 20

How they use it

crawler 20 crawler_json 1

Related categories

php 6.3k security 4k cryptography 412

⚡ DEV INTEL Tools & Severity

🟠 High ⚙ Fix effort: Medium

⚡ Quick Fix

Use PHP's Sodium extension (sodium_crypto_secretbox) for authenticated symmetric encryption — it's simpler and safer than OpenSSL's AES-GCM because it handles nonce generation and authentication automatically

📦 Applies To

PHP 7.2+ web cli queue-worker

🔗 Prerequisites

Block Cipher Modes Encryption at Rest Entropy

🔍 Detection Hints

openssl_encrypt without verifying the authentication tag; reusing nonces; encryption without authentication (no GCM tag)

Auto-detectable: ✓ Yes semgrep psalm

⚠ Related Problems

Block Cipher Modes Encryption at Rest Key Derivation Functions

🤖 AI Agent

Confidence: Medium False Positives: Medium ✗ Manual fix Fix: Medium Context: Function Tests: Update

CWE-327 CWE-326