PHP Decrypt with special characters - php

I tried to decrypt a string that had been successfully encrypted but the string is not displayed correctly as original. I'm using codeigniter.
Example string to encrypt
$send_param = "sUserID=A1234&sReference=1003AB";
Result the encryption
ai1nFLjRDiyZvognuWe0y%2bhakXxaIydp2DUptUfJXL4NKi2chyhE8tZRTKMlPnslL6Gx7TxsR9%2bLwRmWTpd6FROOzD/rfZb70WTMAip
Result after i tried decrypt
Function to Encrypt
function encrypt($string_to_encrypt)
{
return $this->encryptRJ256($this->key,$this->iv,$string_to_encrypt);
}
function encryptRJ256($key,$iv,$string_to_encrypt)
{
$rtn = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $string_to_encrypt, MCRYPT_MODE_CBC, $iv);
$rtn = base64_encode($rtn);
return($rtn);
}
Function to Decrypt
function decrypt($string_to_encrypt)
{
return $this->decryptRJ256($this->key,$this->iv,$string_to_encrypt);
}
function decryptRJ256($key,$iv,$string_to_decrypt)
{
$string_to_decrypt = str_replace(" ", "+", $string_to_decrypt);
$string_to_decrypt = base64_decode($string_to_decrypt);
$rtn = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $string_to_decrypt, MCRYPT_MODE_CBC, $iv);
$rtn = rtrim($rtn, "\4");
return($rtn);
}

Related

PHP openssl_decrypt random_pseudo_bytes error, help me

I succeeded in encrypting the plaintext using PHP openssl, but with openssl_decrypt, I get this error.
�RC(�ɸ�gQ���삭
What is the reason for alien language to float? I think this is the problem:
openssl_random_pseudo_bytes (16).
openssl_random_pseudo_bytes(opensl_cipher_iv_length ("AES-128-CBC")); is the same situation.
function aes_encode($text, $s_key){
$iv = openssl_random_pseudo_bytes(16);
return base64_encode(openssl_encrypt($text, "AES-128-CBC", $s_key, 0, $iv));
}
$encrypt_text = aes_encode($plaintext, $s_key);
echo $encrypt_text;
function aes_decode($encrypt_text, $s_key){
$iv = openssl_random_pseudo_bytes(16);
return openssl_decrypt(base64_decode($encrypt_text), "AES-128-CBC", $s_key, 0, $iv);
}
$decrypt_text = aes_decode($encrypt_text, $s_key);
echo $decrypt_text;
<result>
QUxwTUxiSTkwWFc2WE0zcmtSOXNHR0cyKzU1RWIvNkxnaGJTZmdnVlB4VT0=
�RC(�ɸ�gQ���삭
You need to use the same IV you encrypted with when decrypting:
function aes_encode($text, $s_key, $iv){
return base64_encode(openssl_encrypt($text, "AES-128-CBC", $s_key, 0, $iv));
}
function aes_decode($encrypt_text, $s_key, $iv){
return openssl_decrypt(base64_decode($encrypt_text), "AES-128-CBC", $s_key, 0, $iv);
}
$plaintext = 'testtest';
$s_key = 'secret';
$iv = openssl_random_pseudo_bytes(16);
$encrypt_text = aes_encode($plaintext, $s_key, $iv);
echo $encrypt_text;
echo "\n";
$decrypt_text = aes_decode($encrypt_text, $s_key, $iv);
echo $decrypt_text;
Output
SVg2Y0FtV1h6RFZac2t5UjhxNDhpdz09
testtest

Same result for openssl_encrypt and mcrypt_encrypt (MCRYPT_CAST_128)

I have old PHP project where used mcrypt_encrypt
But this function doesn't work in new PHP.
I try to convert it to php7+, use openssl_encrypt, but I got no same result, what I do wrong?
Maybe do you know other way to get same result?
mcrypt_encrypt function:
public static function cryptToCode($data)
{
$iv_size = #mcrypt_get_iv_size(MCRYPT_CAST_128, MCRYPT_MODE_ECB);
$iv = #mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM );
$code = #mcrypt_encrypt(MCRYPT_CAST_128, self::KEY_TRANSLATE_ID, $data, MCRYPT_MODE_ECB, $iv);
$code = bin2hex($code);
return $code;
}
openssl_encrypt function:
public static function cryptToCodeSSL($data, $key = self::KEY_TRANSLATE_ID, $method = "cast-128-ecb") //"cast-128-ecb"
{
$iv_size = openssl_cipher_iv_length($method);
$iv = openssl_random_pseudo_bytes($iv_size);
$code = openssl_encrypt($data, $method, $key, OPENSSL_RAW_DATA, $iv);
$code = bin2hex($code);
return $code;
}
Done:
I found library http://www.gilfether.com/phpcrypt/
I got same result.

How to remove mcrypt functions in php

The mcrypt module is deprecated in PHP 7.1, so I have to refactor my old encrypt / decrypt functions with the openssl functions. Actually I found no way doing this.
My major problem is: The script still must be able to decrypt existing crypted data. I have no chance to decrypt with my function und re-crypt the data with a new function again!
Here's my existing code:
function _encrypt($cleartext, $key = "th1s1sav3rys3cr3tk3y") {
if ($cleartext) {
$td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$encrypted_data_raw = mcrypt_generic($td, $cleartext);
$encrypted_data = bin2hex($encrypted_data_raw);
mcrypt_generic_deinit($td);
return $encrypted_data;
} else {
return false;
}
}
function _decrypt($crypttext, $key = "th1s1sav3rys3cr3tk3y") {
if ($crypttext) {
$td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$decrypted_data = trim(mcrypt_decrypt(MCRYPT_TripleDES, $key, hex2bin($crypttext), MCRYPT_MODE_ECB, $iv));
mcrypt_generic_deinit($td);
return $decrypted_data;
} else {
return false;
}
}
UPDATE:
This is the way I tried so solve it - to get the same $iv i took simply the same code as in the old function and try to implement it in the way described here: php: mcrypt_encrypt to openssl_encrypt, and OPENSSL_ZERO_PADDING problems
function _encrypt2($cleartext, $key = "th1s1sav3rys3cr3tk3y") {
$td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$message_padded = $cleartext;
if (strlen($message_padded) % 8) {
$message_padded = str_pad($message_padded,
strlen($message_padded) + 8 - strlen($message_padded) % 8, "\0");
}
$encrypted_openssl = openssl_encrypt($message_padded, "DES-EDE3-CBC", $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, $iv);
return bin2hex($encrypted_openssl);
}
I hope you can give me good hints.
Finally I got the solution - thank you all for your help and support by pushing me into the right direction and asking the right questions. The main thing I missed was ECB-Mode (I took CBC...). So all the stuff with the $iv wasn't really needed.
To complete the answer here my new functions:
function _encrypt_openssl($cleartext, $key = "th1s1sav3rys3cr3tk3y") {
if ($m = strlen($cleartext) %8) {
$cleartext .= str_repeat("\0", 8-$m);
}
$encrypted_openssl = openssl_encrypt($cleartext , "DES-EDE3-ECB", $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, null);
return bin2hex($encrypted_openssl);
}
function _decrypt_openssl($crypttext, $key = "th1s1sav3rys3cr3tk3y") {
return openssl_decrypt(hex2bin($crypttext), 'DES-EDE3-ECB', $key, OPENSSL_RAW_DATA | OPENSSL_NO_PADDING, null);
}

Im trying encrypt some text using a fucntion in php

I found a tutorial online on how to encrypt strings in php but when I call the function and try echo the processed data I'm getting 500 internal error. Here is my code below.
<?php
$iv_to_pass_to_decryption = 'mysecretpass';
function encrypt($text, $key)
{
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_RAND);
$iv_to_pass_to_decryption = base64_encode($iv);
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv);
}
function decrypt($text, $key, $iv)
{
$text = base64_decode($text);
$iv = base64_decode($iv);
return mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv);
}
$txt = "hello";
$mykey = "mysecretkey";
$somedata = encrypt($txt, $mykey);
echo $somedata;
?>
The first problem is, you missed a ) in line 8.
The second problem is mcrypt_decrypt()function is deprecated.
The third problem is mcrypt_encrypt(): Key of size 11 not supported by this algorithm. Only keys of sizes 16, 24 or 32 supported. The 'mysecretkey' key is wrong.
I can recommend use the crypt() function: http://php.net/manual/en/function.crypt.php
When validating passwords, a string comparison function that isn't
vulnerable to timing attacks should be used to compare the output of
crypt() to the previously known hash. PHP 5.6 onwards provides
hash_equals() for this purpose.
use below code hope it will help you
$iv_to_pass_to_decryption = 'mysecretpass';
function encrypt($text, $key)
{
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_RAND);
$iv_to_pass_to_decryption = base64_encode($iv);
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv));
}
function decrypt($text, $key, $iv)
{
$text = base64_decode($text);
$iv = base64_decode($iv);
return mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv);
}
$txt = "hello";
$mykey = "mysecretkey12345";
$somedata = encrypt($txt, $mykey);
echo $somedata;

Encryption/Decryption results in replacement and incorrect characters at start of string

Here are my encrypt and decrypt functions
public function encrypt($text){
$key = hash("md5", KEY);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_TWOFISH, MCRYPT_MODE_CBC), MCRYPT_RAND);
$result = base64_encode(mcrypt_encrypt(MCRYPT_TWOFISH, $key, $text, MCRYPT_MODE_CBC, $iv));
return $result;
}
public function decrypt($text){
$key = hash("md5", KEY);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_TWOFISH, MCRYPT_MODE_CBC), MCRYPT_RAND);
$result = trim(mcrypt_decrypt(MCRYPT_TWOFISH, $key, base64_decode($text), MCRYPT_MODE_CBC, $iv));
return $result;
}
When encryption is run on a JSON string to be stored as a text file and then retrieved and decrypted the front section of the resulting string has replacement and/or incorrect characters:
Expected:
{"players":[{"label":"...
Actual:
�Ӹ�!G#${�W�Rՙ�bel":"...
If it makes any difference the actual placement/incorrect chars are different each time I refresh the page on the same file.
In case anyone comes across this...
The IV needs to be prepended to the file before encoding, like so:
public function encrypt($text){
$key = hash("md5", KEY);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_TWOFISH, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM);
$result = base64_encode($iv.mcrypt_encrypt(MCRYPT_TWOFISH, $key, $text, MCRYPT_MODE_CBC, $iv));
return $result;
}
Then when decrypting take the IV from the decoded string and use it to decrypt, like so:
public function decrypt($text){
$key = hash("md5", KEY);
$decode = base64_decode($text);
$iv = substr($decode, 0, 16);
$decrypt = substr($decode, 16);
$result = mcrypt_decrypt(MCRYPT_TWOFISH, $key, $decrypt, MCRYPT_MODE_CBC, $iv);
return $result;
}

Categories