It’s indicated not to develop cryptographic schemes, and let PHP and its mcrypt extension for a standardized interface to many popular encryption algorithms to handle this task. However strong the algorithm used, the keys that it uses and their storage are the most important issues involved. It’s advisable to transmit keys over SSL.