I have this PHP Code for encryption and decryption. This is using OpenSSL
<?php
//$key should have been previously generated in a cryptographically safe way, like
openssl_random_pseudo_bytes
$plaintext = "message to be encrypted";
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
//store $cipher, $iv, and $tag for decryption later
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
echo $original_plaintext."\n";
}
?>
When you run this on your browser and refresh the page the encryption changes. So I want to know how do I use a check like if statement to see if the user input plain text matches the encrypted text.
Related
i'm having some trouble decrypting a string that was encrypted using openssl. I don't have access to change the encryption code, but i do have read access:
Encrypt code (unable to modify)
<?php
$key = hex2bin("24a5d2b96b9aee2fb515c94fb36da508");
$encryptTxt = openssl_encrypt(
"txt to encrypt",
'AES-128-ECB',
$key
);
?>
link
Here is how I have attempted to decrypt:
decrypt.php
$ciphertext = $_GET['un'];
$cipher = "aes-128-ecb";
$key = hex2bin("24a5d2b96b9aee2fb515c94fb36da508");
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key);
echo "text= " . $original_plaintext;
The decrypted text is not returned on the decrypt page
SOLVED: I updated decrypt.php to the following and it returned the decrypted text
$ciphertext = $_GET['un'];
$ciphertext = hex2bin($ciphertext);
$ciphertext = base64_encode($ciphertext);
$cipher = "aes-128-ecb";
$key = hex2bin("24a5d2b96b9aee2fb515c94fb36da508");
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key);
echo "text= " . $original_plaintext;
I'm having problem with decrypting
I have
$key="Gwu078980";
$cipher="aes-128-gcm";
$iv=md5($cipher);
$text="yaw0";
$tag="";
echo $encrypted=openssl_encrypt($text, $cipher, $key, 0, $iv, $tag);
echo $de_ciphertext=openssl_decrypt($encrypted, $cipher, $key, 0, $iv, $tag);
Output
ELRmWQ==
yaw0
So the raw text is yaw0 and the encrypted is ELRmWQ== and the decrypted is yaw0 so perfect.
But when I manually copy the encrypted text and use it as
$encrypted ="ELRmWQ==";
And I run the decryption
the decryption returns null.
Thanks in advance for anyone to help me out.
Your openssl_encrypt message modifies $tag by reference since you're using aes-128-gcm.
That parameter is required for openssl_decrypt aswell (when using AEAD - Authenticated Encryption and Decryption) and is probably an empty string in your case when you omit the openssl_encrypt call.
See Example 1 in the docs:
The comment about storing $cipher, $iv, and $tag is the important part:
<?php
//$key should have been previously generated in a cryptographically safe way, like openssl_random_pseudo_bytes
$plaintext = "message to be encrypted";
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
//store $cipher, $iv, and $tag for decryption later
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
echo $original_plaintext."\n";
}
?>
The following script works fine. The zip is encrypted, txt file created, and immediately decrypted successfully, and the new zip is created successfully.
However, if I run the decrypt portion only subsequently, it fails to decrypt the txt file. It returns an empty $original_plaintext variable and the final zip has size 0. The $key and $iv are not changed for the second run. Security is not the issue - I just need a scrambled text file and then need to be able to decrypt it later.
$key = "sometext";
$iv = "someothertext";
$cipher = "aes-128-gcm";
$tag = NULL;
$fileRoot = "sql_2018_11_10";
if (in_array($cipher, openssl_get_cipher_methods())) {
// Encrypt
$plaintext = file_get_contents("tmp/$fileRoot.zip");
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
file_put_contents("tmp/enc_$fileRoot.txt", $ciphertext);
// Decrypt
$ciphertext = file_get_contents("tmp/enc_$fileRoot.txt");
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
file_put_contents("tmp/uenc_$fileRoot.zip", $original_plaintext);
}
I want to encrypt html data before saving in Database.
this is a sample html text:
<p>test data in normal text</p> <p><b>test data in bold text</b></p> <p><i>test data in italics text</i></p> <p><b><i>test data in bold and italics text</i></b><br></p>
Can anyone help me to find a solution.
use can use OpenSSL encrypt
$plaintext = "message to be encrypted";
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
//store $cipher, $iv, and $tag for decryption later
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
echo $original_plaintext."\n";
}
check following link for more detail
http://php.net/manual/en/function.openssl-encrypt.php
As you guys probably know, the extension mcrypt will be deprecated on php 7.1.
I use to maintain a "legacy" application that I want to migrate eventually to this version so I ran the tests and verified that I can't get 100% of coverage anymore, since there's a piece of code that use the following code:
$key = 'sA*(DH';
// initialization vector
$iv = md5(md5($key));
$output = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, $iv));
I tried to port this piece of code to openssl_encrypt using this code
$key = md5('sA*(DH');
$iv = md5($key);
echo base64_encode(openssl_encrypt($data, "aes-256-cbc", $key, OPENSSL_RAW_DATA, $iv));
But I have 2 problems with this:
The IV lenght should be 16 chars (and md5 gives me 32), so I get a PHP Warning
The output it's not the same (even if I truncate to 16 chars)
Anyone had similar problems (or know how to fix it?)
BTW: I'm using the dev master version of PHP (supposed to be 7.1.0 alpha 3).
Yet another tested solution taking and returning ANSI text to replace Mcrypt function with the openssl_encrypt() and openssl_decrypt():
//Return encrypted string
public function stringEncrypt ($plainText, $cryptKey = '7R7zX2Urc7qvjhkr') {
$cipher = 'aes-128-cbc';
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt(
$plainText, $cipher, $cryptKey, $options=OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $cryptKey, $as_binary=true);
$encodedText = base64_encode( $iv.$hmac.$ciphertext_raw );
}
return $encodedText;
}
//Return decrypted string
public function stringDecrypt ($encodedText, $cryptKey = '7R7zX2Urc7qvjhkr') {
$c = base64_decode($encodedText);
$cipher = 'aes-128-cbc';
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len=32);
$ivlenSha2len = $ivlen+$sha2len;
$ciphertext_raw = substr($c, $ivlen+$sha2len);
$plainText = openssl_decrypt(
$ciphertext_raw, $cipher, $cryptKey, $options=OPENSSL_RAW_DATA, $iv);
}
return $plainText;
}
More read in openssl documentation
You should really get out of the habit of using md5 for anything.
$iv = openssl_random_pseudo_bytes(16);
$key = substr(hash('sha256', 'sA*(DH'), 0, 32)
mcrypt_encrypt and openssl_encrypt will not output the same crypttext given the same plaintext and key.
also, mcrypt is deprecated in PHP 7.1, not removed...so you can update to 7.1 without changing from mcrypt to openssl ... but it is a good idea to remove mcrypt in general.
There are 2 problems :
MCrypt uses zero padding while Openssl uses by default PKCS#7
Openssl needs the input string to be of proper length (multiple of block length)
To solve this problems :
add OPENSSL_ZERO_PADDING flag to openssl_encrypt/openssl_decrypt
if input string length is not multiple of block length then append to the input string zero chars "\0" [aka chr(0)];
That being said this should solve the problem:
// key/iv in ASCII binary data, $str base64
function decrypt_stuff($key, $str, $iv) {
// $plaintext_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($str), MCRYPT_MODE_CBC, $iv);
$plaintext_dec = openssl_decrypt(base64_decode($str), "aes-256-cbc", $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
return $plaintext_dec;
}
// key/iv in ascii binary data, $str ascii
function encrypt_stuff($key, $str, $iv) {
// $ciphertext = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $str, MCRYPT_MODE_CBC, $iv));
if (($l = (strlen($str) & 15)) > 0) { $str .= str_repeat(chr(0), 16 - $l); }
$ciphertext = base64_encode(openssl_encrypt($str, "aes-256-cbc", $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv));
return $ciphertext;
}