We propose a comprehensive and efficient optical-cryptographic encryption scheme to improve the security of vulnerable optical encryption systems. Based on cryptography theory, we increase data protection using diffusion-confusion processes acting in the input and output of the optical encryption scheme. The new enhanced ciphertext has attributes of a one-way function that is easy to achieve but almost impossible to revert without the correct random phase masks used for diffusion-confusion operations. Despite the straightforward design, combining optical, cryptographic, and chaos methods increases the number of encryption–decryption keys raising two significant concerns. First, the management and transmission of several keys carry a high storage footprint, and second, it impairs the optical high-speed information processing capability. We overcome these two drawbacks by applying a new optical keystream synthesizer based on the stochastic speckle nature and a maximum entropy constraint in a forward–backward propagation algorithm. This new approach quickly replicates the necessary keystream in the encryption–decryption stations offering higher security and efficiency than other reported systems. We validate the feasibility of this proposal by synthesizing an experimental keystream and performing 24-bit data encryption–decryption. Then, we verify the security improvement of two vulnerable cryptosystems and their robustness against cryptanalysis attacks. Finally, we perform experimental encryption–decryption.