We Keep Coding

PHP Encrypt Decrypt

I have this PHP Code for encryption and decryption. This is using OpenSSL
<?php
//$key should have been previously generated in a cryptographically safe way, like
openssl_random_pseudo_bytes
$plaintext = "message to be encrypted";
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
//store $cipher, $iv, and $tag for decryption later
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
echo $original_plaintext."\n";
}
?>
When you run this on your browser and refresh the page the encryption changes. So I want to know how do I use a check like if statement to see if the user input plain text matches the encrypted text.

How to decrypt this string using openssl

i'm having some trouble decrypting a string that was encrypted using openssl. I don't have access to change the encryption code, but i do have read access:
Encrypt code (unable to modify)
<?php
$key = hex2bin("24a5d2b96b9aee2fb515c94fb36da508");
$encryptTxt = openssl_encrypt(
"txt to encrypt",
'AES-128-ECB',
$key
);
?>
link
Here is how I have attempted to decrypt:
decrypt.php
$ciphertext = $_GET['un'];
$cipher = "aes-128-ecb";
$key = hex2bin("24a5d2b96b9aee2fb515c94fb36da508");
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key);
echo "text= " . $original_plaintext;
The decrypted text is not returned on the decrypt page

SOLVED: I updated decrypt.php to the following and it returned the decrypted text
$ciphertext = $_GET['un'];
$ciphertext = hex2bin($ciphertext);
$ciphertext = base64_encode($ciphertext);
$cipher = "aes-128-ecb";
$key = hex2bin("24a5d2b96b9aee2fb515c94fb36da508");
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key);
echo "text= " . $original_plaintext;

Why AES can't Decrypt , PHP. Openssl

I'm having problem with decrypting
I have
$key="Gwu078980";
$cipher="aes-128-gcm";
$iv=md5($cipher);
$text="yaw0";
$tag="";
echo $encrypted=openssl_encrypt($text, $cipher, $key, 0, $iv, $tag);
echo $de_ciphertext=openssl_decrypt($encrypted, $cipher, $key, 0, $iv, $tag);
Output
ELRmWQ==
yaw0
So the raw text is yaw0 and the encrypted is ELRmWQ== and the decrypted is yaw0 so perfect.
But when I manually copy the encrypted text and use it as
$encrypted ="ELRmWQ==";
And I run the decryption
the decryption returns null.
Thanks in advance for anyone to help me out.

Your openssl_encrypt message modifies $tag by reference since you're using aes-128-gcm.
That parameter is required for openssl_decrypt aswell (when using AEAD - Authenticated Encryption and Decryption) and is probably an empty string in your case when you omit the openssl_encrypt call.
See Example 1 in the docs:
The comment about storing $cipher, $iv, and $tag is the important part:
<?php
//$key should have been previously generated in a cryptographically safe way, like openssl_random_pseudo_bytes
$plaintext = "message to be encrypted";
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
//store $cipher, $iv, and $tag for decryption later
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
echo $original_plaintext."\n";
}
?>

Subsequent decrypt fails with file size 0

The following script works fine. The zip is encrypted, txt file created, and immediately decrypted successfully, and the new zip is created successfully.
However, if I run the decrypt portion only subsequently, it fails to decrypt the txt file. It returns an empty $original_plaintext variable and the final zip has size 0. The $key and $iv are not changed for the second run. Security is not the issue - I just need a scrambled text file and then need to be able to decrypt it later.
$key = "sometext";
$iv = "someothertext";
$cipher = "aes-128-gcm";
$tag = NULL;
$fileRoot = "sql_2018_11_10";
if (in_array($cipher, openssl_get_cipher_methods())) {
// Encrypt
$plaintext = file_get_contents("tmp/$fileRoot.zip");
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
file_put_contents("tmp/enc_$fileRoot.txt", $ciphertext);
// Decrypt
$ciphertext = file_get_contents("tmp/enc_$fileRoot.txt");
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
file_put_contents("tmp/uenc_$fileRoot.zip", $original_plaintext);
}

Which data format do I need to decrypt data stored in MySQL DB?

I'm using PHP 7.1, studying encryption/decryption topic. I use this functions to enc/dec (based on PHP's official doc):
$key = openssl_random_pseudo_bytes(16);
function encryptName($plaintext) {
global $key;
// $plaintext - string which must be encrypted
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
$ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );
return $ciphertext;
}
function decryptName($ciphertext) {
global $key;
// $ciphertext - encrypted string
$c = base64_decode($ciphertext);
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len=32);
$ciphertext_raw = substr($c, $ivlen+$sha2len);
$original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key,
$options=OPENSSL_RAW_DATA, $iv); // | OPENSSL_ZERO_PADDING
$calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
if (hash_equals($hmac, $calcmac)) {
//echo $original_plaintext."\n";
}
echo openssl_error_string();
return $original_plaintext;
}
When I enc/dec strig "MyTestPhrase" both functions work well. But when I encrypt data and then write it in MySQL table decryption fails with this error code:
error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length
and my $original_plaintext equals bool(false).
I think in this way. AES works with blocks. Decrypted string must be appropriate to block lengt: size of decrypting data must be multiple to 16. If it is not we have to activate PHP option which fullfills it with 0es.
Guess that problem could be with MySQL data format and with encrypted string length, but can't catch it.
Please help me with question posted above.

So in my example I created a base64_encoded string using the pseudo_bytes. That way your key is constant. You can create your own key but for this ex we will use this one. LoPCPKd8iDxHvb8mATzhhg==
Next we will define the key as a constant. This can be done at the top of your script or in a conf.php file.
Next we will use the constant value anywhere you need the key.
Like so:
define("MYKEY_", base64_decode('LoPCPKd8iDxHvb8mATzhhg=='));
function encryptName($plaintext) {
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, MYKEY_, $options=OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, MYKEY_, $as_binary=true);
$ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );
return $ciphertext;
}
function decryptName($ciphertext) {
$c = base64_decode($ciphertext);
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len=32);
$ciphertext_raw = substr($c, $ivlen+$sha2len);
$original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, MYKEY_,
$options=OPENSSL_RAW_DATA, $iv); // | OPENSSL_ZERO_PADDING
$calcmac = hash_hmac('sha256', $ciphertext_raw, MYKEY_, $as_binary=true);
if (hash_equals($hmac, $calcmac)) {
//echo $original_plaintext."\n";
}
echo openssl_error_string();
return $original_plaintext;
}