i'm still a newbie and a new coder in encrypting the data in php, i have a data encrypted with iv in the database now the problem is that when the user try to search that data i will compare the data he inputted to the database data in sql kind like of WHERE tbl_column = "user_input". is there any better way to compare two data (plain data check to encrypted data) here is my code.
<?php
$input = 'sample';
$key = "secretkey";
$secretMethod = 'AES-256-CBC';
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
echo $database_data = openssl_encrypt('sample', $secretMethod, $key, 0, $iv);
echo $data = $iv.$emessage;
$iv = substr($data, 0, $iv_size);
echo '<br/>Decrypted: '.openssl_decrypt(substr($data, $iv_size), $umethod, $key, 0, $iv);
if($data == $input) {
echo 'equal';
} else {
echo 'not-equal';
}
?>
i am working with this solution for encryption/decryption
1- encryption:
function crypt_val($val){
$token = $val;
$enc_method = 'AES-128-CTR';
$enc_key = openssl_digest(gethostname() . "|" . $key, 'SHA256', true);
$enc_iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($enc_method));
$crypted_token = openssl_encrypt($token, $enc_method, $enc_key, 0, $enc_iv) . "::" . bin2hex($enc_iv);
return $crypted_token;
}
2- decryption:
function decrypt_val($val){
$crypted_token = $val;
if(preg_match("/^(.*)::(.*)$/", $crypted_token, $regs)) {
list(, $crypted_token, $enc_iv) = $regs;
$enc_method = 'AES-128-CTR';
$enc_key = openssl_digest(gethostname() . "|" . $key, 'SHA256', true);
$decrypted_token = openssl_decrypt($crypted_token, $enc_method, $enc_key, 0, hex2bin($enc_iv));
return $decrypted_token;
}
}
The first function will crypt an entered string, an the second will decrypt it
Note that $key is your secret key, it will be used for encryption/decryption process
Related
I'm using crypt function to create the hash from the string, but when used the salt parameter it's showing the salt parameter in plain form, I know the salt parameter is optional we can exclude that but what is the way to make the salt to not show in the plain form in the hashed string.
Example code
echo crypt('something','$5$rounds=5000$anexamplestring$');
Output for this code is
$5$rounds=5000$anexamplestring$YuRqx9rDLGE1wLc9Bp01/DetFvo6S7Bphn6TgGViCD8
Here the output starting string is same as the crypt function that looks awkward, is there any way around to fix this, or this is the default behavior?
In your case, you can't decrypt it without salt, it will be in the hash.
I do this if you need to encrypt something, then you need openssl and the string can be long, but each time a new one and you can't pick it up without a key.
function get_encrypt($str = false, $key = false)
{
if (!is_string($str)) {
return false;
}
$key = !empty($key) ?: 'b7^FV7867&f)vd6567';
$ivlen = openssl_cipher_iv_length($cipher = "AES-128-CBC");
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($str, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
$encrypttext = base64_encode($iv . $hmac . $ciphertext_raw);
return ($encrypttext);
}
function get_decrypt($str = false, $key = false)
{
$key = !empty($key) ?: 'b7^FV7867&f)vd6567';
$c = base64_decode($str);
$ivlen = openssl_cipher_iv_length($cipher = "AES-128-CBC");
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len = 32);
$ciphertext_raw = substr($c, $ivlen + $sha2len);
$decrypttext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options = OPENSSL_RAW_DATA, $iv);
$calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary = true);
if (hash_equals($hmac, $calcmac)) {
return ($decrypttext);
} else {
return false;
}
}
$str = get_encrypt('something'); // out: ccxCvYCQrsCDC8LA1jrxh3OP38KzLXk5NLxIaSH2W7oDsqUSi3gsmZBq8hnVwuAfCZwt3M1lJhHjFAArHXlrcA==
get_decrypt($str); // out: something
I can successfully encrypt passed data but sadly cannot decrypt it. What is wrong with my decrypt() function? Maybe it is something with my Initialization Vector(iv). Here is my code:
function pad($data, $size) {
$length = $size - strlen($data) % $size;
return $data . str_repeat(chr($length), $length);
}
function unpad($data) {
return substr($data, 0, -ord($data[strlen($data) - 1]));
}
//CORRECT ENCRYPTION METHOD
function encrypt($data) {
$key = "SiadajerSiadajer";
$iv_size = 16;
$iv = openssl_random_pseudo_bytes($iv_size, $strong);
$encryptedData = openssl_encrypt(pad($data, 16), 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
$joinedData = hex2bin(bin2hex($iv).bin2hex($encryptedData));
$encodedJoinedData = base64_encode($joinedData);
return $encodedJoinedData;
}
//WRONG DECRYPTION FUNCTION
function decrypt($encodedJoinedData){
$key = "SiadajerSiadajer";
$DecodedData = base64_decode($encodedJoinedData);
$size = strlen($DecodedData);
$cipheredsize = $size - 16;
$iv = substr($DecodedData, 0, 16);
$halfDecryptedData = substr($DecodedData, 16, $size);
$decryptedData = openssl_decrypt(unpad($halfDecryptedData, 16), 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
return $decryptedData;
}
$test = encrypt("sssss");
print $test;
$test2 = decrypt($test);
print $test2;
In the encrypt-method replace the line
$joinedData = hex2bin(bin2hex($iv).bin2hex($encryptedData));
with
$joinedData = $iv.$encryptedData;
because the conversions in the previous expression are unnecessary. This replacement doesn't change the result.
A possible solution for the decryption-part could be:
function decrypt($encodedJoinedData) {
$joinedData = base64_decode($encodedJoinedData);
$iv = substr($joinedData, 0, 16);
$encryptedData = substr($joinedData, 16);
$key = "SiadajerSiadajer";
$decryptedData = openssl_decrypt($encryptedData, 'AES-256-CBC', $key, OPENSSL_RAW_DATA, $iv);
$unpaddedData = unpad($decryptedData);
return $unpaddedData;
}
$data = 'Durgadevi'.date('Y-m-d H:m:s');
$b = encrypt($data);
echo '<b>actual data: </b>'.$data.'<br><b> encrypted code: </b>'.$b;
function encrypt($string)
{
$encrypt_method = "AES-256-CBC";
$secret_key = '123456';
$secret_iv = 'This is my secret iv';
$key = hash('sha256',$secret_key);
$iv = substr(hash('sha256',$secret_iv),0,16);
$output = openssl_encrypt($string,$encrypt_method,$key,0,$iv);
return $output;
}
After executing encrypt function
OUTPUT:
actual data: Durgadevi11:07:40
encrypted code: Fxf6Q73Fs5byu6e2R0nTwG01n4vsoBAyfefSY5HBSWM=
$data = 'Fxf6Q73Fs5byu6e2R0nTwG01n4vsoBAyfefSY5HBSWM=';
$b = decrypt($data);
echo '<b> actual data: </b>'.$data.'<br><b> decrypted code: </b>'.$b;
function decrypt($string)
{
$encrypt_method = "AES-256-CBC";
$secret_key = '123456';
$secret_iv = 'This is my secret iv';
$key = hash('sha256',$secret_key);
$iv = substr(hash('sha256',$secret_iv),0,16);
$output = openssl_decrypt($string,$encrypt_method,$key,0,$iv);
return $output;
}
After executing decrypt function
OUTPUT:
actual data: Fxf6Q73Fs5byu6e2R0nTwG01n4vsoBAyfefSY5HBSWM=
decrypted code: Durgadevi11:07:40
You can use below function for encryption and decryption.
function encryptDecrypt($action, $data) {
$output = false;
$encrypt_method = "AES-256-CBC";
$secret_key ="g3hR0m9FY1r+9ZXLdriXI4U6AxsYqlbISe8Qne9DuJU9R1AlvsV1GWQMQhP0NcvvtnvSB1AoIBAQD8zQp+VhgSH";
$secret_iv = "xaghJBqlqQPkox2djChy3+3tmEPZJpypp4Euy2sDLSgyP+nsecrkP18bfl2i+ChPAoIBAQC3FijLZr74H0m9oGj0hPAlfcAh5bTMvAF4993M8BjncApCzKMOK3CLT+278dquihNCyrbK6/FjDMw9sGl5kctenaOVcvtdupMWtX9U9KmH8G1XCX/Xr/umpgAxjh+l69v4lrDRln48/gT9zfdKjZ5OiuW+M+gbNL6qGAM";
$key = hash('sha256', $secret_key);
$iv = substr(hash('sha256', $secret_iv), 0, 16);
if ($action == 'encrypt') {
$output = openssl_encrypt($data, $encrypt_method, $key, 0, $iv);
$output = base64_encode($output);
} else if ($action == 'decrypt') {
$output = openssl_decrypt(base64_decode($data), $encrypt_method, $key, 0, $iv);
}
return $output;
}
//Call as below
$string = 'Durgadevi'.date('Y-m-d H:m:s');
echo $encString = encryptDecrypt('encrypt', $string);
echo "<br/>";
echo encryptDecrypt('decrypt', $encString);
i created two functions for encryption and decryption like this
function encryption($x) {
$key = 'SuperSecretKey';
$encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $x, MCRYPT_MODE_ECB);
return $encrypted;
}
function decryption($y) {
$key = 'SuperSecretKey';
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $y, MCRYPT_MODE_ECB);
return $decrypted;
}
i inserted the encrypted password in databbase its working fine , when i retrieve the password from database i get the encrypted password like this
$dpass = "select Password from persons where Email='" . $_POST['name'] . "'";
$rpass = mysql_query($dpass);
$line = mysql_fetch_array($rpass);
$lpass = $line['Password'];
echo $lpass;
But the problem is when U use the decryption func
$d_pass = decryption($lpass);
echo $d_pass;
It dont give me the same text I used for password? Can you tell me what the problem is?
Try this
function encryption($x) {
$key = 'SuperSecretKey';
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $x, MCRYPT_MODE_CBC, md5(md5($key))));
return $encrypted;
}
function decryption($y) {
$key = 'SuperSecretKey';
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($y), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
return $decrypted;
}
Currently im using
$key="pass";
$val="secret";
$encp=mcrypt_encrypt(MCRYPT_DES, $key, $val, MCRYPT_MODE_ECB);
But when i call printf($encp)
No value is displayed,im using PHP version 5.2.17
Is there a better way to do it.Please help.
EDIT:
<?PHP
define('SECURE_KEY','Somekey');
function encrypt($value){
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
return mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SECURE_KEY, $value, MCRYPT_MODE_ECB, $iv);
}
function decrypt($value){
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, SECURE_KEY, $value, MCRYPT_MODE_ECB, $iv));
}
$temp=encrypt("teststring");
printf($temp);
?>
Update (27/09/17):
Since mcrypt_encrypt is DEPRECATED as of PHP 7.1.0. Ive added a simple encrypt/decrypt using openssl.
function encrypt($string, $key = 'PrivateKey', $secret = 'SecretKey', $method = 'AES-256-CBC') {
// hash
$key = hash('sha256', $key);
// create iv - encrypt method AES-256-CBC expects 16 bytes
$iv = substr(hash('sha256', $secret), 0, 16);
// encrypt
$output = openssl_encrypt($string, $method, $key, 0, $iv);
// encode
return base64_encode($output);
}
function decrypt($string, $key = 'PrivateKey', $secret = 'SecretKey', $method = 'AES-256-CBC') {
// hash
$key = hash('sha256', $key);
// create iv - encrypt method AES-256-CBC expects 16 bytes
$iv = substr(hash('sha256', $secret), 0, 16);
// decode
$string = base64_decode($string);
// decrypt
return openssl_decrypt($string, $method, $key, 0, $iv);
}
$str = 'Encrypt this text';
echo "Plain: " .$str. "\n";
// encrypt
$encrypted_str = encrypt($str);
echo "Encrypted: " .$encrypted_str. "\n";
// decrypt
$decrypted_str = decrypt($encrypted_str);
echo "Decrypted: " .$decrypted_str. "\n";
Try these: (PHP < 7.1.0) If your using > PHP 7.1.0 see above.
define('SECURE_KEY','Somekey');//Assigned within a config, pref outside of root dir
function encrypt($value){
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
return mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SECURE_KEY, $value, MCRYPT_MODE_ECB, $iv);
}
function decrypt($value){
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, SECURE_KEY, $value, MCRYPT_MODE_ECB, $iv));
}
//Simple usage
$encryptedString = encrypt('This String Will Be encrypted');
echo decrypt($encryptedString);
Edited from source - http://php.net/manual/en/function.mcrypt-encrypt.php
Try these PHP functions convert_uuencode and convert_uudecode:
function encrypt_decrypt ($data, $encrypt) {
if ($encrypt == true) {
$output = base64_encode (convert_uuencode ($data));
} else {
$output = convert_uudecode (base64_decode ($data));
}
return $output;
}
$enc_txt = encrypt_decrypt ("PASSWORD TEXT", true);
echo $enc_txt."\n";
// LTQkJTM0VT0vNEQwQDUkNTg1YGBgCmAK
echo encrypt_decrypt ($enc_txt, false);
// PASSWORD TEXT
This is much simpler and does not depend on libraries installed in PHP