I can successfully encrypt passed data but sadly cannot decrypt it. What is wrong with my decrypt() function? Maybe it is something with my Initialization Vector(iv). Here is my code:
function pad($data, $size) {
$length = $size - strlen($data) % $size;
return $data . str_repeat(chr($length), $length);
}
function unpad($data) {
return substr($data, 0, -ord($data[strlen($data) - 1]));
}
//CORRECT ENCRYPTION METHOD
function encrypt($data) {
$key = "SiadajerSiadajer";
$iv_size = 16;
$iv = openssl_random_pseudo_bytes($iv_size, $strong);
$encryptedData = openssl_encrypt(pad($data, 16), 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
$joinedData = hex2bin(bin2hex($iv).bin2hex($encryptedData));
$encodedJoinedData = base64_encode($joinedData);
return $encodedJoinedData;
}
//WRONG DECRYPTION FUNCTION
function decrypt($encodedJoinedData){
$key = "SiadajerSiadajer";
$DecodedData = base64_decode($encodedJoinedData);
$size = strlen($DecodedData);
$cipheredsize = $size - 16;
$iv = substr($DecodedData, 0, 16);
$halfDecryptedData = substr($DecodedData, 16, $size);
$decryptedData = openssl_decrypt(unpad($halfDecryptedData, 16), 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
return $decryptedData;
}
$test = encrypt("sssss");
print $test;
$test2 = decrypt($test);
print $test2;
In the encrypt-method replace the line
$joinedData = hex2bin(bin2hex($iv).bin2hex($encryptedData));
with
$joinedData = $iv.$encryptedData;
because the conversions in the previous expression are unnecessary. This replacement doesn't change the result.
A possible solution for the decryption-part could be:
function decrypt($encodedJoinedData) {
$joinedData = base64_decode($encodedJoinedData);
$iv = substr($joinedData, 0, 16);
$encryptedData = substr($joinedData, 16);
$key = "SiadajerSiadajer";
$decryptedData = openssl_decrypt($encryptedData, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
$unpaddedData = unpad($decryptedData);
return $unpaddedData;
}
Related
I created this question to share a PHP version (based on the version at CryptoJS extra parameter in AES Encrypt. How to replicate with PHP?) of a script that has the same return as CryptoJS, this version in PHP that no longer uses the mbcrypt methods (which are deprecated after PHP 7.1.0)
<?php
class CryptoJS {
const ALGO_METHOD = 'AES-256-CBC';
public static function encrypt(string $plaintext, string $password) {
$salt = substr(md5(mt_rand(), true), 8);
$block = openssl_cipher_iv_length(self::ALGO_METHOD);
$pad = $block - (strlen($plaintext) % $block);
$data = $plaintext . str_repeat(chr($pad), $pad);
$iv_len = openssl_cipher_iv_length(self::ALGO_METHOD);
$key_len = $iv_len * 2;
$total_len = $key_len + $iv_len;
$salted = '';
$dx = '';
while (strlen($salted) < $total_len) {
$dx = md5($dx . $password . $salt, true);
$salted .= $dx;
}
$key = substr($salted, 0, $key_len);
$iv = substr($salted, $key_len, $iv_len);
$encrypted_data = openssl_encrypt($data, self::ALGO_METHOD, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv);
return base64_encode('Salted__' . $salt . $encrypted_data);
}
public static function decrypt(string $edata, string $pass) {
$data = base64_decode($edata);
$salt = substr($data, 8, 8);
$ct = substr($data, 16);
$rounds = 3;
$data00 = $pass . $salt;
$md5_hash = array();
$md5_hash[0] = md5($data00, true);
$result = $md5_hash[0];
for ($i = 1; $i < $rounds; $i++) {
$md5_hash[$i] = md5($md5_hash[$i - 1] . $data00, true);
$result .= $md5_hash[$i];
}
$key = substr($result, 0, 32);
$iv = substr($result, 32, 16);
return openssl_decrypt($ct, self::ALGO_METHOD, $key, true, $iv);
}
}
$pass = $text = '{TextAndPass}';
$encrypted = CryptoJS::encrypt($text, $pass);
$decrypted = CryptoJS::decrypt($encrypted, $pass);
var_dump($encrypted, $decrypted);
I was hoping someone would be able to clarify something for me. I have a class to encrypt data and I also use the code to make it into functions instead of a class. Now they use the same keys and everything but if I encrypt something using the class I cannot decrypt using the function why is this? is it one way more secure than the other?
this is the class
class Encryption {
var $secret_key;
var $key;
public function __contruct(){
$this->secret_key = 'MYSECRETKEY12345654321';
// hash
$this->key = hash('sha256', $this->secret_key);
}
public function encode($value){
$output = openssl_encrypt($value, 'AES-256-CBC', $this->key, 0, substr(hash('sha256', "0ac35e3825857c810f86e384d1ac59e8"), 0, 16));
$output = base64_encode($output);
return $output;
}
public function decode($value){
return openssl_decrypt(base64_decode($value), 'AES-256-CBC', $this->key, 0, substr(hash('sha256', "0ac35e3825857c810f86e384d1ac59e8"), 0, 16));
}
}
this is the function
function encrypt($value)
{
$secret = 'MYSECRETKEY12345654321';
$key = hash('sha256', $secret);
$output = openssl_encrypt($value, 'AES-256-CBC', $key, 0, substr(hash('sha256', "0ac35e3825857c810f86e384d1ac59e8"), 0, 16));
$output = base64_encode($output);
return $output;
}
function decrypt($value)
{
$secret = 'MYSECRETKEY12345654321';
$key = hash('sha256', $secret);
return openssl_decrypt(base64_decode($value), 'AES-256-CBC', $key, 0, substr(hash('sha256', "0ac35e3825857c810f86e384d1ac59e8"), 0, 16));
}
code example
$encrypt = new Encryption();
$private = $encrypt->encode(10);
$public = decrypt($private);//this will return false;
I'm using crypt function to create the hash from the string, but when used the salt parameter it's showing the salt parameter in plain form, I know the salt parameter is optional we can exclude that but what is the way to make the salt to not show in the plain form in the hashed string.
Example code
echo crypt('something','$5$rounds=5000$anexamplestring$');
Output for this code is
$5$rounds=5000$anexamplestring$YuRqx9rDLGE1wLc9Bp01/DetFvo6S7Bphn6TgGViCD8
Here the output starting string is same as the crypt function that looks awkward, is there any way around to fix this, or this is the default behavior?
In your case, you can't decrypt it without salt, it will be in the hash.
I do this if you need to encrypt something, then you need openssl and the string can be long, but each time a new one and you can't pick it up without a key.
function get_encrypt($str = false, $key = false)
{
if (!is_string($str)) {
return false;
}
$key = !empty($key) ?: 'b7^FV7867&f)vd6567';
$ivlen = openssl_cipher_iv_length($cipher = "AES-128-CBC");
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($str, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
$encrypttext = base64_encode($iv . $hmac . $ciphertext_raw);
return ($encrypttext);
}
function get_decrypt($str = false, $key = false)
{
$key = !empty($key) ?: 'b7^FV7867&f)vd6567';
$c = base64_decode($str);
$ivlen = openssl_cipher_iv_length($cipher = "AES-128-CBC");
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len = 32);
$ciphertext_raw = substr($c, $ivlen + $sha2len);
$decrypttext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
$calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
if (hash_equals($hmac, $calcmac)) {
return ($decrypttext);
} else {
return false;
}
}
$str = get_encrypt('something'); // out: ccxCvYCQrsCDC8LA1jrxh3OP38KzLXk5NLxIaSH2W7oDsqUSi3gsmZBq8hnVwuAfCZwt3M1lJhHjFAArHXlrcA==
get_decrypt($str); // out: something
I'm trying to make a program where people can chat and I want to encrypt the messages that are being sent. I have 2 scripts for this, one is sendtext.php and another getchat.php.
So my question is how can I encrypt the text that's being sent in one file and then decrypt the messages that will be sent back which is in another file.
So far I have the encryption working but I dont know how to decrypt in the other file.
Also if you know a more secure way of doing this it would be appreciated.
sendtext.php
$username = $_POST["name"];
$text = $_POST["message"];
$key = openssl_random_pseudo_bytes(32, $cstrong);
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext = openssl_encrypt($text, $cipher, $key, $options=0, $iv, $tag);
echo "Encrytped: " . $ciphertext;
//store $cipher, $iv, and $tag for decryption later
//$original_text = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
//echo $original_text."\n";
}
//Add text to the table
$inserttextquery = "INSERT INTO ".$username." (username, message)
VALUES ('$username', '$ciphertext');";
mysqli_query($con, $inserttextquery) or die("#: send text failed");
getchat.php
$username = $_POST["name"];
$sql = "SELECT username, message FROM ".$username."";
$result = $con->query($sql);
if ($result->num_rows > 0)
{
// output data of each row
while($row = $result->fetch_assoc()) {
echo $row["username"] . "\t" . $row["message"] . "\t";
}
}
I wrote this encryption/decryption class awhile ago:
<?php
class Cryptography
{
private static $secret_key = 'gsdgsg423b523b5432bjbjm24vbjn2hv';
const CIPHER_16 = 'AES-128-CBC';
const CIPHER_32 = 'AES-256-CBC';
public static function encrypt($str, $cl = 32)
{
return static::encyptedDecypted('encrypt', $str, $cl);
}
public static function decrypt($str, $cl = 32)
{
return static::encyptedDecypted('decrypt', $str, $cl);
}
public static function encyptedDecypted($action, $str, $cl)
{
$cl = (int) $cl;
if ($cl === 16) {
$cipher = static::CIPHER_16;
$length = 16;
} elseif ($cl === 32) {
$cipher = static::CIPHER_32;
$length = 32;
} else {
throw new Exception('Error Processing Request', 1);
}
$iv = $iv = substr(hash('sha256', static:: $secret_key), 0, 16);
$key = hash('sha512', static::$secret_key);
if ($action == 'encrypt') {
$output = openssl_encrypt($str, $cipher, $key, 0, $iv);
$output = base64_encode($output);
$output = static::securesalts($length).$output.static::securesalts($length);
} elseif ($action == 'decrypt') {
$str = $text = substr($str, $length, -$length);
$output = openssl_decrypt(base64_decode($str), $cipher, $key, 0, $iv);
}
return $output;
}
private static function securesalts($length)
{
if (is_int($length) && $length >= 5) {
$chars = array_merge(range(0, 9), range('a', 'z'), range('A', 'Z'));
$stringlength = count($chars); //Used Count because its array now
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $chars[rand(0, $stringlength - 1)];
}
return $randomString;
} else {
return false;
}
}
}
Use it like this:
$str = "Simple String";
//for encryption
$encrypted = Cryptography::encrypt($str);
//for decryption
$decrypted = Cryptography::decrypt($encrypted);
Don't forget to change the $secret_key ;)
class Auth extends MySQLi {
public function aes_enc($encrypt, $mc_key, $iv) {
$passcrypt = trim(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, substr($mc_key, 0, 32), trim($encrypt), MCRYPT_MODE_CBC, $iv));
return $passcrypt;
}
public function aes_dec($decrypt, $mc_key, $iv) {
$decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, substr($mc_key, 0, 32), trim($decrypt), MCRYPT_MODE_CBC, $iv));
return $decrypted;
}
public function salt() {
return str_shuffle('abcdefghijklmnoprsquvzyx0123456789-.,;:_<>');
}
public function iv() {
return mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
}
}
And on test.php, following code:
<?
require('Auth.php');
$Auth = new Auth;
$str = "verygudlongpassword";
for ($i = 0; $i < 1000; $i++) {
$salt = sha1($Auth->salt());
$iv = $Auth->iv();
$enc = $Auth->aes_enc($str, $salt, $iv);
$dec = $Auth->aes_dec($enc, $salt, $iv);
if ($str != $dec) {
echo $salt . "<br>\n";
}
}
?>
Sometimes, $dec != $str. Why is this happening? I am not even saving anything into DB atm, so it's not that.
Thanks for help.
i dont really have anything more to say, but site isnt letting me post. (nvm that part)
After reviewing your code and playing with it locally. It would appear that your decryption leaves some whitespace on the decrypted text. I removed the trim() function from all locations except the return value from aes_dec() and the code now encrypts/decrypts your string successfully 1000 times.
So it would seem trimming was the problem and the solution.
class Auth extends MySQLi {
public function aes_enc($encrypt, $mc_key, $iv)
{
$passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, substr($mc_key, 0, 32), $encrypt, MCRYPT_MODE_CBC, $iv);
return $passcrypt;
}
public function aes_dec($decrypt, $mc_key, $iv)
{
$decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, substr($mc_key, 0, 32), $decrypt, MCRYPT_MODE_CBC, $iv));
return $decrypted;
}
public function salt()
{
return str_shuffle('abcdefghijklmnoprsquvzyx0123456789-.,;:_<>');
}
public function iv()
{
return mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
}
}
$Auth = new Auth;
$str = "verygudlongpassword";
for ($i = 0; $i < 1000; $i++) {
$salt = sha1($Auth->salt());
$iv = $Auth->iv();
$enc = $Auth->aes_enc($str, $salt, $iv);
$dec = $Auth->aes_dec($enc, $salt, $iv);
if ($str != $dec) {
echo "Decryption failed!<br>\n";
} else {
echo "Decryption success! String: $dec<br>\n";
}
}