I was hoping someone would be able to clarify something for me. I have a class to encrypt data and I also use the code to make it into functions instead of a class. Now they use the same keys and everything but if I encrypt something using the class I cannot decrypt using the function why is this? is it one way more secure than the other?
this is the class
class Encryption {
var $secret_key;
var $key;
public function __contruct(){
$this->secret_key = 'MYSECRETKEY12345654321';
// hash
$this->key = hash('sha256', $this->secret_key);
}
public function encode($value){
$output = openssl_encrypt($value, 'AES-256-CBC', $this->key, 0, substr(hash('sha256', "0ac35e3825857c810f86e384d1ac59e8"), 0, 16));
$output = base64_encode($output);
return $output;
}
public function decode($value){
return openssl_decrypt(base64_decode($value), 'AES-256-CBC', $this->key, 0, substr(hash('sha256', "0ac35e3825857c810f86e384d1ac59e8"), 0, 16));
}
}
this is the function
function encrypt($value)
{
$secret = 'MYSECRETKEY12345654321';
$key = hash('sha256', $secret);
$output = openssl_encrypt($value, 'AES-256-CBC', $key, 0, substr(hash('sha256', "0ac35e3825857c810f86e384d1ac59e8"), 0, 16));
$output = base64_encode($output);
return $output;
}
function decrypt($value)
{
$secret = 'MYSECRETKEY12345654321';
$key = hash('sha256', $secret);
return openssl_decrypt(base64_decode($value), 'AES-256-CBC', $key, 0, substr(hash('sha256', "0ac35e3825857c810f86e384d1ac59e8"), 0, 16));
}
code example
$encrypt = new Encryption();
$private = $encrypt->encode(10);
$public = decrypt($private);//this will return false;
Related
I am having problems using this code which I managed to get from somewhere on the internet to encrypt/decrypt data which I'll use to encode some documents via QR codes.
encrypt/decrypt works fine when I use this program.
but the problem is if I am using a valid AES 256 CBC the hashes should encrypted via this and can also be decrypted using online AES 256 CBC available on various websites using the right key and IV.
when I try the random online programs say the hash must be a multiplication of 16.
here is a sample hash in which I write my name"ZzNkMDA2VmRzQU5WU01tbFNQcE5YZz09"
here is the iv"42301-4279279-31"
and 256 bit key is "&E)H+MbQeThWmZq4t7w!z%C*F-JaNcRf"
and here is the code
function encrypt_decrypt($string, $action = 'encrypt')
{
$encrypt_method = "AES-256-CBC";
$secret_key = '&E)H+MbQeThWmZq4t7w!z%C*F-JaNcRf'; // user define private key
$secret_iv = '42301-4279279-31'; // user define secret key
$key = hash('sha256', $secret_key);
$iv = substr(hash('sha256', $secret_iv), 0, 16); // sha256 is hash_hmac_algo
if ($action == 'encrypt') {
$output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
$output = base64_encode($output);
} else if ($action == 'decrypt') {
$output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
}
return $output;
}
This works, you forgot base64_encode($output).
function decrypt($encrypted_string, $secretKey,$secretIv) {
$encrypt_method = "AES-256-CBC";
$key = hash('sha256', $secretKey);
$iv = substr(hash('sha256', $secretIv), 0, 16);
return openssl_decrypt(base64_decode($encrypted_string),
$encrypt_method, $key, 0, $iv);
}
function encrypt($string,$secretKey,$secretIv){
$encrypt_method = "AES-256-CBC";
$key = hash('sha256', $secretKey);
$iv = substr(hash('sha256', $secretIv), 0, 16);
$output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
return base64_encode($output);
}
I'm using crypt function to create the hash from the string, but when used the salt parameter it's showing the salt parameter in plain form, I know the salt parameter is optional we can exclude that but what is the way to make the salt to not show in the plain form in the hashed string.
Example code
echo crypt('something','$5$rounds=5000$anexamplestring$');
Output for this code is
$5$rounds=5000$anexamplestring$YuRqx9rDLGE1wLc9Bp01/DetFvo6S7Bphn6TgGViCD8
Here the output starting string is same as the crypt function that looks awkward, is there any way around to fix this, or this is the default behavior?
In your case, you can't decrypt it without salt, it will be in the hash.
I do this if you need to encrypt something, then you need openssl and the string can be long, but each time a new one and you can't pick it up without a key.
function get_encrypt($str = false, $key = false)
{
if (!is_string($str)) {
return false;
}
$key = !empty($key) ?: 'b7^FV7867&f)vd6567';
$ivlen = openssl_cipher_iv_length($cipher = "AES-128-CBC");
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($str, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
$encrypttext = base64_encode($iv . $hmac . $ciphertext_raw);
return ($encrypttext);
}
function get_decrypt($str = false, $key = false)
{
$key = !empty($key) ?: 'b7^FV7867&f)vd6567';
$c = base64_decode($str);
$ivlen = openssl_cipher_iv_length($cipher = "AES-128-CBC");
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len = 32);
$ciphertext_raw = substr($c, $ivlen + $sha2len);
$decrypttext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
$calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
if (hash_equals($hmac, $calcmac)) {
return ($decrypttext);
} else {
return false;
}
}
$str = get_encrypt('something'); // out: ccxCvYCQrsCDC8LA1jrxh3OP38KzLXk5NLxIaSH2W7oDsqUSi3gsmZBq8hnVwuAfCZwt3M1lJhHjFAArHXlrcA==
get_decrypt($str); // out: something
I can successfully encrypt passed data but sadly cannot decrypt it. What is wrong with my decrypt() function? Maybe it is something with my Initialization Vector(iv). Here is my code:
function pad($data, $size) {
$length = $size - strlen($data) % $size;
return $data . str_repeat(chr($length), $length);
}
function unpad($data) {
return substr($data, 0, -ord($data[strlen($data) - 1]));
}
//CORRECT ENCRYPTION METHOD
function encrypt($data) {
$key = "SiadajerSiadajer";
$iv_size = 16;
$iv = openssl_random_pseudo_bytes($iv_size, $strong);
$encryptedData = openssl_encrypt(pad($data, 16), 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
$joinedData = hex2bin(bin2hex($iv).bin2hex($encryptedData));
$encodedJoinedData = base64_encode($joinedData);
return $encodedJoinedData;
}
//WRONG DECRYPTION FUNCTION
function decrypt($encodedJoinedData){
$key = "SiadajerSiadajer";
$DecodedData = base64_decode($encodedJoinedData);
$size = strlen($DecodedData);
$cipheredsize = $size - 16;
$iv = substr($DecodedData, 0, 16);
$halfDecryptedData = substr($DecodedData, 16, $size);
$decryptedData = openssl_decrypt(unpad($halfDecryptedData, 16), 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
return $decryptedData;
}
$test = encrypt("sssss");
print $test;
$test2 = decrypt($test);
print $test2;
In the encrypt-method replace the line
$joinedData = hex2bin(bin2hex($iv).bin2hex($encryptedData));
with
$joinedData = $iv.$encryptedData;
because the conversions in the previous expression are unnecessary. This replacement doesn't change the result.
A possible solution for the decryption-part could be:
function decrypt($encodedJoinedData) {
$joinedData = base64_decode($encodedJoinedData);
$iv = substr($joinedData, 0, 16);
$encryptedData = substr($joinedData, 16);
$key = "SiadajerSiadajer";
$decryptedData = openssl_decrypt($encryptedData, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
$unpaddedData = unpad($decryptedData);
return $unpaddedData;
}
$data = 'Durgadevi'.date('Y-m-d H:m:s');
$b = encrypt($data);
echo '<b>actual data: </b>'.$data.'<br><b> encrypted code: </b>'.$b;
function encrypt($string)
{
$encrypt_method = "AES-256-CBC";
$secret_key = '123456';
$secret_iv = 'This is my secret iv';
$key = hash('sha256',$secret_key);
$iv = substr(hash('sha256',$secret_iv),0,16);
$output = openssl_encrypt($string,$encrypt_method,$key,0,$iv);
return $output;
}
After executing encrypt function
OUTPUT:
actual data: Durgadevi11:07:40
encrypted code: Fxf6Q73Fs5byu6e2R0nTwG01n4vsoBAyfefSY5HBSWM=
$data = 'Fxf6Q73Fs5byu6e2R0nTwG01n4vsoBAyfefSY5HBSWM=';
$b = decrypt($data);
echo '<b> actual data: </b>'.$data.'<br><b> decrypted code: </b>'.$b;
function decrypt($string)
{
$encrypt_method = "AES-256-CBC";
$secret_key = '123456';
$secret_iv = 'This is my secret iv';
$key = hash('sha256',$secret_key);
$iv = substr(hash('sha256',$secret_iv),0,16);
$output = openssl_decrypt($string,$encrypt_method,$key,0,$iv);
return $output;
}
After executing decrypt function
OUTPUT:
actual data: Fxf6Q73Fs5byu6e2R0nTwG01n4vsoBAyfefSY5HBSWM=
decrypted code: Durgadevi11:07:40
You can use below function for encryption and decryption.
function encryptDecrypt($action, $data) {
$output = false;
$encrypt_method = "AES-256-CBC";
$secret_key ="g3hR0m9FY1r+9ZXLdriXI4U6AxsYqlbISe8Qne9DuJU9R1AlvsV1GWQMQhP0NcvvtnvSB1AoIBAQD8zQp+VhgSH";
$secret_iv = "xaghJBqlqQPkox2djChy3+3tmEPZJpypp4Euy2sDLSgyP+nsecrkP18bfl2i+ChPAoIBAQC3FijLZr74H0m9oGj0hPAlfcAh5bTMvAF4993M8BjncApCzKMOK3CLT+278dquihNCyrbK6/FjDMw9sGl5kctenaOVcvtdupMWtX9U9KmH8G1XCX/Xr/umpgAxjh+l69v4lrDRln48/gT9zfdKjZ5OiuW+M+gbNL6qGAM";
$key = hash('sha256', $secret_key);
$iv = substr(hash('sha256', $secret_iv), 0, 16);
if ($action == 'encrypt') {
$output = openssl_encrypt($data, $encrypt_method, $key, 0, $iv);
$output = base64_encode($output);
} else if ($action == 'decrypt') {
$output = openssl_decrypt(base64_decode($data), $encrypt_method, $key, 0, $iv);
}
return $output;
}
//Call as below
$string = 'Durgadevi'.date('Y-m-d H:m:s');
echo $encString = encryptDecrypt('encrypt', $string);
echo "<br/>";
echo encryptDecrypt('decrypt', $encString);
class Auth extends MySQLi {
public function aes_enc($encrypt, $mc_key, $iv) {
$passcrypt = trim(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, substr($mc_key, 0, 32), trim($encrypt), MCRYPT_MODE_CBC, $iv));
return $passcrypt;
}
public function aes_dec($decrypt, $mc_key, $iv) {
$decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, substr($mc_key, 0, 32), trim($decrypt), MCRYPT_MODE_CBC, $iv));
return $decrypted;
}
public function salt() {
return str_shuffle('abcdefghijklmnoprsquvzyx0123456789-.,;:_<>');
}
public function iv() {
return mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
}
}
And on test.php, following code:
<?
require('Auth.php');
$Auth = new Auth;
$str = "verygudlongpassword";
for ($i = 0; $i < 1000; $i++) {
$salt = sha1($Auth->salt());
$iv = $Auth->iv();
$enc = $Auth->aes_enc($str, $salt, $iv);
$dec = $Auth->aes_dec($enc, $salt, $iv);
if ($str != $dec) {
echo $salt . "<br>\n";
}
}
?>
Sometimes, $dec != $str. Why is this happening? I am not even saving anything into DB atm, so it's not that.
Thanks for help.
i dont really have anything more to say, but site isnt letting me post. (nvm that part)
After reviewing your code and playing with it locally. It would appear that your decryption leaves some whitespace on the decrypted text. I removed the trim() function from all locations except the return value from aes_dec() and the code now encrypts/decrypts your string successfully 1000 times.
So it would seem trimming was the problem and the solution.
class Auth extends MySQLi {
public function aes_enc($encrypt, $mc_key, $iv)
{
$passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, substr($mc_key, 0, 32), $encrypt, MCRYPT_MODE_CBC, $iv);
return $passcrypt;
}
public function aes_dec($decrypt, $mc_key, $iv)
{
$decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, substr($mc_key, 0, 32), $decrypt, MCRYPT_MODE_CBC, $iv));
return $decrypted;
}
public function salt()
{
return str_shuffle('abcdefghijklmnoprsquvzyx0123456789-.,;:_<>');
}
public function iv()
{
return mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
}
}
$Auth = new Auth;
$str = "verygudlongpassword";
for ($i = 0; $i < 1000; $i++) {
$salt = sha1($Auth->salt());
$iv = $Auth->iv();
$enc = $Auth->aes_enc($str, $salt, $iv);
$dec = $Auth->aes_dec($enc, $salt, $iv);
if ($str != $dec) {
echo "Decryption failed!<br>\n";
} else {
echo "Decryption success! String: $dec<br>\n";
}
}