I try to implement Crypt::encrypt function in php and this code is here:
$key = "ygXa6pBJOWSAClY/J6SSVTjvJpMIiPAENiTMjBrcOGw=";
$iv = random_bytes(16);
$value = \openssl_encrypt(serialize('123456'), 'AES-256-CBC', $key, 0, $iv);
bIv = base64_encode($iv);
$mac = hash_hmac('sha256', $bIv.$value, $key);
$c = ['iv'=>$bIv,'value'=>$value,'mac'=>$mac];
$json = json_encode($c);
$b = base64_encode($json);
But result is wrong.
I am thinking i should do something on $key before set in openssl_encrypt function.
Please help.
Thank you.
SOLVED:
We can implement this method like this:
$text = '123456';
$key = "ygXa6pBJOWSAClY/CFEdOTjvJpMIiPAMQiTMjBrcOGw=";
$key = (string)base64_decode($key);
$iv = random_bytes(16);
$value = \openssl_encrypt(serialize($text), 'AES-256-CBC', $key, 0, $iv);
$bIv = base64_encode($iv);
$mac = hash_hmac('sha256', $bIv.$value, $key);
$c_arr = ['iv'=>$bIv,'value'=>$value,'mac'=>$mac];
$json = json_encode($c_arr);
$crypted = base64_encode($json);
echo $crypted;
This work tor me.
enjoy :)
Be Successful
Here is the implementation, directly from the official source code.
public function encrypt($value)
{
$iv = random_bytes(16);
$value = \openssl_encrypt(serialize($value), $this->cipher, $this->key, 0, $iv);
if ($value === false) {
throw new EncryptException('Could not encrypt the data.');
}
// Once we have the encrypted value we will go ahead base64_encode the input
// vector and create the MAC for the encrypted value so we can verify its
// authenticity. Then, we'll JSON encode the data in a "payload" array.
$mac = $this->hash($iv = base64_encode($iv), $value);
$json = json_encode(compact('iv', 'value', 'mac'));
if (! is_string($json)) {
throw new EncryptException('Could not encrypt the data.');
}
return base64_encode($json);
}
$iv should be the same as in the source
$this->key is the encryption key you set in your .env file, encoded in b64
$this->cipher should be the one you configured in your laravel configurations and compatible to your key-length.
In your example, you have set your $key to the value after the "base64:"-string, which is not the key. You need to encode the key with base64 before passing it.
So the the $key to the base64 encode of ygXa6pBJOWSAClY/J6SSVTjvJpMIiPAENiTMjBrcOGw=, which is eWdYYTZwQkpPV1NBQ2xZL0o2U1NWVGp2SnBNSWlQQUVOaVRNakJyY09Hdz0K
Related
I can't get Libsodium to decrypt a response I'm receiving from a webhook but openssl_decrypt does. I'm not getting an error but I keep getting a blank result which mean I must be doing something wrong.
The reason I want to use Libsodium over OpenSSL is that it's more reliable. In high traffic scenarios, openssl_decrypt becomes quite unreliable.
Here's my code:
public function webhook(Request $request) {
$psp = new Psp();
$transaction_state = new \stdClass();
$transaction_state->state = 'Live';
$key_from_configuration = 'B46FAC78301751BCB489AC6D878877CA9AD8A71278DA777DD91B1AAB82135817';
$iv_from_http_header = $request->header('x-initialization-vector');
$auth_tag_from_http_header = $request->header('x-authentication-tag');
$http_body = file_get_contents('php://input');
$key = hex2bin($key_from_configuration);
$iv = hex2bin($iv_from_http_header);
$auth_tag = hex2bin($auth_tag_from_http_header);
$cipher_text = hex2bin($http_body.$auth_tag_from_http_header);
// This works when $cipher_text = hex2bin($http_body)
$result = openssl_decrypt($cipher_text, 'aes-256-gcm', $key, OPENSSL_RAW_DATA, $iv, $auth_tag);
// This does not work. According to the webhook docs, $cipher_text has to equal hex2bin($http_body.$auth_tag_from_http_header);
$result = sodium_crypto_aead_aes256gcm_decrypt($cipher_text, NULL, $iv, $key);
Storage::put('json.txt', $result);
}
The docs for the webhook aren't that great and the example they have is pre PHP v7.1. Here's their example code...
<?php
/* Php 7.1 or later */
$key_from_configuration = "000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f";
$iv_from_http_header = "000000000000000000000000";
$auth_tag_from_http_header = "CE573FB7A41AB78E743180DC83FF09BD";
$http_body = "0A3471C72D9BE49A8520F79C66BBD9A12FF9";
$key = hex2bin($key_from_configuration);
$iv = hex2bin($iv_from_http_header);
$auth_tag = hex2bin($auth_tag_from_http_header);
$cipher_text = hex2bin($http_body);
$result = openssl_decrypt($cipher_text, "aes-256-gcm", $key, OPENSSL_RAW_DATA, $iv, $auth_tag);
print($result);
/* Php prior to 7.1 */
/* Please refer Using Libsodium in PHP Projects */
$key_from_configuration = "000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f";
$iv_from_http_header = "000000000000000000000000";
$auth_tag_from_http_header = "CE573FB7A41AB78E743180DC83FF09BD";
$http_body = "0A3471C72D9BE49A8520F79C66BBD9A12FF9";
$key = hex2bin($key_from_configuration);
$iv = hex2bin($iv_from_http_header);
$cipher_text = hex2bin($http_body . $auth_tag_from_http_header);
$result = \Sodium\crypto_aead_aes256gcm_decrypt($cipher_text, NULL, $iv, $key);
print($result);
?>
Edit: Real world responses
Key: 282F8C1F40FD0BF4E9C130CB5E3CE6624B78E3AEB89FF4E4DFBF5F4360B1488B
IV: D71C4DE2ACEF0EEB40AEAA25
Auth Tag: CE27C16EA5A3D772DBB10A42C5DF99C9
Ciper: DA113CEBD4C6959DAA26B3A4FF4F66B8D403FF6042900F725567FF426A77E7EB46927B574D334A1655C6F631F8096D9E3D889D859E372147017A052F1FC714AA9512E2EAAF1C5375AA0902982215FC6D2F29B112A877EF42D8D70353B0A24D651EE8CA2B224B9310A761EF767C810F1217CF31446C4DD6EA0864ED8F5E99BE6C573FE435333FBDB28A124C66EC44F5B44C0F4FD5D73444B85E1EB20B4F72B4A92D4723928F412231D4AD92381599268AF736D8849B4B3204408D4BD0BA4A386931D31B2A00983FA5BE8054126F34C9FFA1D898203BAB35EE586A5136469B9DBDA391594948F0E5CB066F9F9D69B1D4D6009A93227D172D43D9FCC936B1BD05F2D568B361CAF445FBA7FDFDF651AFD3AADA107C3D6D8A26284D003D29CAD4E111BE6ABBE3AF74AB1F19AAFF3CD7C8CE1F5270CCC9E849AC6D9C4030233EF33EAC8925F7E533395D4B8AF33EA2EB8E22FD138AACE48E9B8A4C7276A7474CA3BED7297E1BBCD2518229143198D9AF0BF987C0E53E4FC4E41149AEA8A1E59559B4ACEC481C67B4F962368A794C687EEBCE0A110CDF2C8FBE53AB3E9E4A8F04FACC783B9974236436828729EB95249B98CDB498CF2A81BBDEF712BD517A44654864B4E083BC8B9ECE153F87E107D55ED279C61313D6E8E8F1C5757E5CC330EEB8F165FACEFC616862FB7644BF0FE5A640DE9A5FD48408CD7EDB697BDD77DD09DE98EEEC7594D8B4B7BED07828B7F1AFB357E160B3844414BA8764BA06B8318ED82943FB3D270F9DAA415E3A35B1A2E1D2523177831BE2FE793416707C88E4A9CAC2FD787541B40CBB08BED5702A6229DAD4C81855AE014B1AFD42B84AFD13065DC2508B5B8C1345CDF787188F6ADA880ED6CBA5002B4241DE8E27BE368CF1D7D17AAE83926A5BD1EF4815A764FD39A8C7326FCA2D87A1C102CCB51F1504310AD7BEFC6DF1B5A7707196E504D6170E520198EBBB6F1026433F99A4A0AD593064E602E83C16F25D7484AE9EE00C4EBA51F23104DC2B071B88D71763B38CD5E0446E25D8D633408F28315C9B250CF5ACCAA83DE6EE793A0FFDB2DB13A66572A170A7DB70E5BA3B62A4241C5E162FBCD2DAC2072D853A45CDB67883CA61EB11552AB8E8CE0DAC7B30656B808631AED23FB6FE3C8DA738ADB4B18B5F450CD62182A86CAB520C22A53155B9644C6967F657F78A89A11E98475FD4E691B90FC49DE5CF499780491FE001EE22972FDEB14A18C5A28B97F67976E0B662CF80B0A7693272C175A1CEE65AB4C72A5F8BB125D79AE7C1E654A63AECB4AC559368DF5859FACC6982A28569FB1FD1799B6430FB7351D3CF2BB69A1C2BFE72FEB731699D0D48449B15E95A6EAD7E4AD99EF72820E942D806BF52F9FC18E3D523C1F0F0236611ABD3F46B74734E52B7CE9EBAF240C11454E21E10AFED954C5DB61EF9063935E237AB774934FE1C1E1BC6ACBC5BDE49C792B86635EAC9820680DD44B6F13C0A79CD3249825998C85142C5E3BC681FAE0B9648975446F9836A13E9BFC969D870B2166C62CB25A6802563C6228F284343967F61EEF958EC2CEA5BC7E7905D1A516376B6D66A6DD583F1ED0352DC3BAC491645969F67ED3FFDE9C59F858A334A545F46F710B07728C7658C2E5D8B853DF91DA9B4902C3754D14ABF38CEBFF6B0B495C8B84FE256D3237733CA0D4AD61F09CE2736EC3E710C64372C94030B520B843384B4CB255BF3B76803DB754530A5B63BD20F5B786BFDED980015F9EE7F13376DECDD4FB5DF57459A8E5CAE76AF2F1A21A0C596A8246A1934FCFF5BC087D0EB4A07E7F4E0BF8E79214453110B123DB94D84A76C40199C3CFFE0D9087A59C795ADAAE49315F9AEAF48E79D30313D74B9CDDADD572857491E56EB08B020A0F68186FF28008A7E42FE9815DEE15D785AB094E0CEC12548406616D8FF08C2DDF19712929348ABFB8C1B56A23C29FAB9C4AD7F608ADA5BBC13B97E34C36B3E0E15A5D0D1E932BC7AFB239AB608ED8E60C539EEE06399FC7956E3C2DFA760627F9E98E3AE83B4C399E589410A72F05B1D90C9F839B477AE91C29D3E3925341DD3AD201176C7B22D58387C3E2DD7C920D1C900E254AE351C19EA6EE7350E2B4B1E287A8A35C3D0644F7DA83B252ADA4884473728418D6942AD60209A0899DA0B9246F9D937CAD009F1C82C1D15C31B1BEFE49CBC4273CF7882EB56B6D886969399733E1078A5376509DBAB8714EC44FF1307A380FE39CD58011AA6076CCB3FFA732429DFE5B48DBADB3CAF70D3B9A376C01CC38C3408C448BAC232555666157EB7FD0F2210C6E2586D80814E0E2AA9DDAD42C0EC0E4362726ACCF747987D7EC876030C352D10BBF16D845006AABB27CE4BDDDA28BEF4CB1932AD1CB2C839B8B41C692C4ECB666073D6C1AF8F1E7889FCA3BD53DA33E055413EE00E74C2131377DC980B2B66CC38C15A4BC21A4FE1E7093C7DF11DF534EE3FE702211FA02941E2F4FE8D68DBFD616A3978574C67302E5E1B05377DBCA080DEFCE218CEFC3DA5CEEC703D040BE2FCE2DE6CEB6B73845C65B627A5FAD0CF519016B80E1B9B2A41CE976DF75CD554FF356599469EBA4C06FFE4AD5CA56226CE3475FC02EAC07B7BDD4384CB02B5FA28DB094041B0DBD708681841E97F70A910CFA3267E0AA3608E0CD33E65A6F4F2C31AD48D74C64C4E51E8A327882439894A49EC4FBE2175076255D0053B7E4C2DD938937CC3820F44306EC087D3A38DE7D994D7265B491058036206D3A7C2654E9DA569E54DAE951E339C6A8F8BA1F1F179A83025EF8C207182DD7344399463B99B3991504447E353D02AF3359769CA10D6D0AB1870FB9D9BD9EA9F73A4A0A60008BF5150F0A1EEB7A7A2AB888EE8709C767CEC7F0FD2FF8A140B92E26615EECDC58EFD9DFE4EEB49EC9494D75A01A629554EBD2EBF183C12679CD3CEE09BB02ED7D4DC2D623AB3C965D2F6034D266A311CBFB8C8D4A1526A039E592944C6227AC276ED78D2259AC5F2B07D7C6FC02D29540D01136F91693005ACFD5DBAD06FF7E88434D73B3D1FB59D16E4B0EC5020D07567CF962F8437BDF365E601EC76CFD405D3A6FD4E3EE0A5044AA294AFAEAA26449E4C5BDD5A3610BF6F94DFBD4C415D
Key: 282F8C1F40FD0BF4E9C130CB5E3CE6624B78E3AEB89FF4E4DFBF5F4360B1488B
IV: 8C7A8CA57FA6EC8B78EFB4AE
Auth Tag: E2A22DA77F0C508403816A802AE00CEF
Ciper: 179DB919FBD81E8B3436724479F81CE83B4E6CBE41BCF585FD56C89C9B292BD7B140AE2582B456ED3990FDF2C2D02D3E46028185AF0271C54E089807D6C95B05F6D824BF8BF4DAA4B9423BD5688F19DDC3D592F67908C7F9DE03112422318A1C8E83247ACF7FA6D36C96995D1FE6C95696857C5E1F1F4B13D508ADD58DC3C14C000C7E23AFC677D10901CD19A0DCCBC19C87F80660E1C986DE0A258578B5105B9952FB2A59015BE7D6DC84095529A21E67EEE8DA29E8C7920862C5F729616C2EF4F7949E9E6529E29C49D26054B3234DA7501C18E7818CF8AA5CA1335A02438F0090BE9D22B1C5576535E9B2DF58765EDD0FBA629A86B8B9E0D2074EA5A0D5F2275CCF9EDAABF77C2E1CE1B74FCAC4F70991CB32F4309DBD59157D199F65B6FA84410C305F4DBD21288BD23A3A0A925F24F387C4F7B1527D5D9CDEE2B52090614D779DD0C4ED64ADDB395BAA5468B35889A0881D217F430681EE749DE0ABF8FCFA203CACB636A8A193EA716D503F8E60AE510A47A91B9A246528A89B665F18321F29AA3B3F0CA1952890ED562351EB3B20F71169872C44DDE54B71B79526A392EDF5941F88B8878525F002E1CCCC18E002C4EE779942931BD0AE4192497532F48939F3F4531EF2DDBD0893C79D060010D3C4943F71515D0BCDDE9AA497ACF8453325EC831F2269E16830BEF96D2B791F7570AF0313D7C35B8B1D69F7E1A127E110101A32B1B5669F51A07957A0968C7DE3A7294EED68B0EB661AFBB2384173D404708414731C4AC08C47FF128FAAA0E89C33B8BE9082B97C7A205989915489FC186D6931CE5A48A3E666D23A4BB0C37A07456037BD2EB9924FA714D149933B828BF1F74A7A6EA22979FAF7CE6F03247ED931656EFCDB891A2C7D781759FA9176D34E1244B9133297D42E8E3E3BAA066B218D5431C9CEA593ABD79E821A75634D13E0EAA50A626695AD6BC8DCA94812D4A44B90584803D6822F7BAB3C806454F7A88D1ADCE4D31F28914EEADD0E05F82BCB5E75503EF79E05ED3B0550B5D57A632226E9312232C6D1BE4B42D9
Key: 282F8C1F40FD0BF4E9C130CB5E3CE6624B78E3AEB89FF4E4DFBF5F4360B1488B
IV: 34227A5F7EF770D06AFF5802
Auth Tag: 0378EEE7AD576220256882D6084A4EAA
Ciper: 3B28A15C7103AB068A191618863C267E65A07AB9882BE0EF20CF32C137509D30E8066E26C7C2CE2C3F4DE2FB86E3A5409A90D2E772790434A789274ACCA93960CB65BF93066FC7D53CF7C74E8DEFE43A9DFB918F3F7109BF17F01C7378D44F24B78B15B8905DB06525A00135037B5B52E4F899D10111F3A2EBCA49A17C5272F98F97971051DCE89EBAF8412A585FE38B53DF4DEA2A9944CDAD2834F079A49F4247507253FD6AD769AB53F5C2B809B71C303D02E4321FD7A28F918FB4C0CF7963C2437D14A3273DDAB98231B15634D9E143D623B850FB8B8803717B4FDC647063C939DF677F6E90308F3824448179326C2C5AA1A2406B13F048BF908502D613DC1F2043D1A9AF13571287C8F4B98B5CE31E54D8E7BB0D963E451A5C0B9C2226B95967FCCA5AD754788C9F75080D458785B77AA6647A12F49FD07D7C3EFA79C6145E61AD101F3427920288891E6BFD05289D98CE030D5CCCDC55016A231B60E118127AFA49B9DB1FFD413DEFCEE72CD1361580F969811EA5AA31E4F5C095C5D12038D1BADDF1A6605B05EE4BF4009929E44F24017DD64D59B75381458BAC548BBDFC2F2AEF7CAE79A8EE0524747B69DD8C257521ED43CE4F9EBCCF2ADF7F708B53764177B49FFD8D8311F47A015A77FF2B2913F781C86C2E5D5ACBE866E18F6E859A118980DACAF3880722F95B75584B0B5171B8BC42309FD58C09F459818E33E49064D9436A6BD4F2F0E13EBBB2465C407711E6C9F2B47FE958B867A5AE433D7BBB164EBD847675480A1275093A1339C921EF527519B41550FF34B7BBB1EBD2DC4A1EC1A5DD3067D0BFC27AB5B527DC7BD388A66C1EBF4CAE403976834174E4681B66DFF867FAB023EC88567A60D8235ED8A0F55EEFF48602E9826C762E47B4441B18C378B529FFF002AEE98497974EA916699FD511C3D0FBE1FB4A6FA2721F3B614F9DFF2592CEF21CB25CE8057326AE6ECE484367B5EDBEF91424FD599F731B316626C51728A045FC2C7F1D01
Your simplified example, using both OpenSSL and Libsodium, producing the same output:
$key = hex2bin("000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f");
$nonce = hex2bin("000000000000000000000000");
$tag = hex2bin("CE573FB7A41AB78E743180DC83FF09BD");
$ciphertext = hex2bin("0A3471C72D9BE49A8520F79C66BBD9A12FF9");
$msg = openssl_decrypt($ciphertext, "aes-256-gcm", $key, OPENSSL_RAW_DATA, $nonce, $tag);
assert($msg === '{"type":"PAYMENT"}');
$msg = sodium_crypto_aead_aes256gcm_decrypt($ciphertext . $tag, NULL, $nonce, $key);
assert($msg === '{"type":"PAYMENT"}');
Update: with your real-world data:
$key = hex2bin("282F8C1F40FD0BF4E9C130CB5E3CE6624B78E3AEB89FF4E4DFBF5F4360B1488B");
$nonce = hex2bin("34227A5F7EF770D06AFF5802");
$tag = hex2bin("0378EEE7AD576220256882D6084A4EAA");
$ciphertext = hex2bin("3B28A15C7103AB068A191618863C267E65A07AB9882BE0EF20CF32C137509D30E8066E26C7C2CE2C3F4DE2FB86E3A5409A90D2E772790434A789274ACCA93960CB65BF93066FC7D53CF7C74E8DEFE43A9DFB918F3F7109BF17F01C7378D44F24B78B15B8905DB06525A00135037B5B52E4F899D10111F3A2EBCA49A17C5272F98F97971051DCE89EBAF8412A585FE38B53DF4DEA2A9944CDAD2834F079A49F4247507253FD6AD769AB53F5C2B809B71C303D02E4321FD7A28F918FB4C0CF7963C2437D14A3273DDAB98231B15634D9E143D623B850FB8B8803717B4FDC647063C939DF677F6E90308F3824448179326C2C5AA1A2406B13F048BF908502D613DC1F2043D1A9AF13571287C8F4B98B5CE31E54D8E7BB0D963E451A5C0B9C2226B95967FCCA5AD754788C9F75080D458785B77AA6647A12F49FD07D7C3EFA79C6145E61AD101F3427920288891E6BFD05289D98CE030D5CCCDC55016A231B60E118127AFA49B9DB1FFD413DEFCEE72CD1361580F969811EA5AA31E4F5C095C5D12038D1BADDF1A6605B05EE4BF4009929E44F24017DD64D59B75381458BAC548BBDFC2F2AEF7CAE79A8EE0524747B69DD8C257521ED43CE4F9EBCCF2ADF7F708B53764177B49FFD8D8311F47A015A77FF2B2913F781C86C2E5D5ACBE866E18F6E859A118980DACAF3880722F95B75584B0B5171B8BC42309FD58C09F459818E33E49064D9436A6BD4F2F0E13EBBB2465C407711E6C9F2B47FE958B867A5AE433D7BBB164EBD847675480A1275093A1339C921EF527519B41550FF34B7BBB1EBD2DC4A1EC1A5DD3067D0BFC27AB5B527DC7BD388A66C1EBF4CAE403976834174E4681B66DFF867FAB023EC88567A60D8235ED8A0F55EEFF48602E9826C762E47B4441B18C378B529FFF002AEE98497974EA916699FD511C3D0FBE1FB4A6FA2721F3B614F9DFF2592CEF21CB25CE8057326AE6ECE484367B5EDBEF91424FD599F731B316626C51728A045FC2C7F1D01");
$msg = sodium_crypto_aead_aes256gcm_decrypt($ciphertext . $tag, NULL, $nonce, $key);
var_dump($msg);
As a side note, you should use sodium_hex2bin() instead of hex2bin() when decoding sensitive data, and if you are using the PECL libsodium extension, sodium_crypto_aead_aes256gcm_decrypt_detached() lets you provide the ciphertext and the tag as distinct parameters instead of having to concatenate them.
I have old PHP project where used mcrypt_encrypt
But this function doesn't work in new PHP.
I try to convert it to php7+, use openssl_encrypt, but I got no same result, what I do wrong?
Maybe do you know other way to get same result?
mcrypt_encrypt function:
public static function cryptToCode($data)
{
$iv_size = #mcrypt_get_iv_size(MCRYPT_CAST_128, MCRYPT_MODE_ECB);
$iv = #mcrypt_create_iv($iv_size, MCRYPT_DEV_URANDOM );
$code = #mcrypt_encrypt(MCRYPT_CAST_128, self::KEY_TRANSLATE_ID, $data, MCRYPT_MODE_ECB, $iv);
$code = bin2hex($code);
return $code;
}
openssl_encrypt function:
public static function cryptToCodeSSL($data, $key = self::KEY_TRANSLATE_ID, $method = "cast-128-ecb") //"cast-128-ecb"
{
$iv_size = openssl_cipher_iv_length($method);
$iv = openssl_random_pseudo_bytes($iv_size);
$code = openssl_encrypt($data, $method, $key, OPENSSL_RAW_DATA, $iv);
$code = bin2hex($code);
return $code;
}
Done:
I found library http://www.gilfether.com/phpcrypt/
I got same result.
I have an issue using mcrypt to encrypt a file on filesystem to e.g. store it into Mysql database. I have reduced the issue to the following lines of code:
<?php
$key = vzc_generateKey();
$file_content = file_get_contents("test.pdf"); // Fails
$file_content = file_get_contents("test2.docx"); // Fails
//$file_content = "12323"; // Works great
$hash_start = md5($file_content);
$encrypt = vzc_encryptV3($file_content, $key);
$decrypt = vzc_decryptV3($encrypt, $key);
$hash_end = md5($decrypt);
echo ($hash_end == $hash_start)."##";
function vzc_generateKey()
{
$cstrong = false;
while ($cstrong == false)
{
$bytes = openssl_random_pseudo_bytes(16, $cstrong);
}
return bin2hex($bytes);
}
function vzc_decryptV3($crypt,$key) {
$content = base64_decode($crypt['crypt']);
$iv = $crypt['iv'];
$rijndael = 'rijndael-256';
$cp = mcrypt_module_open($rijndael, '', 'ofb', '');
$ks = mcrypt_enc_get_key_size($cp);
$key = substr(md5($key), 0, $ks);
mcrypt_generic_init($cp, $key, $iv);
$decrypted = mdecrypt_generic($cp, $content);
mcrypt_generic_deinit($cp);
mcrypt_module_close($cp);
return trim(base64_decode($decrypted));
}
function vzc_encryptV3($file_content,$key) {
$content = base64_encode($file_content);
$rijndael = 'rijndael-256';
$cp = mcrypt_module_open($rijndael, '', 'ofb', '');
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($cp), MCRYPT_RAND);
else
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($cp), MCRYPT_DEV_RANDOM);
$ks = mcrypt_enc_get_key_size($cp);
$key = substr(md5($key), 0, $ks);
mcrypt_generic_init($cp, $key, $iv);
$encrypted = mcrypt_generic($cp, $content);
$returnvalue = array("crypt"=>trim(base64_encode($encrypted)), "iv"=>$iv);
mcrypt_generic_deinit($cp);
mcrypt_module_close($cp);
return $returnvalue;
}
?>
Using the String "12323" everything works fine, both Hashes do equal. But those two test files (one pdf and one docx) fail. It seems that the decryption returns different values then the origin data.
What can I do to solve this issue?
Thank you very much in advance for any tip you can provide.
It is probably the fact that the files are not exactly n * blocksize long. This leads the algorithm to pad the end of the file with '\0' and this changes the content of the file when you do the md5 calculation.
One way around this is to strip the padding off of the last block, if you can reliably find the end of the file.
How to encrypt and decrypt data in php?
My code so far is:-
function encrypter($plaintext)
{
$plaintext = strtolower($plaintext);
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256,FLENCKEY,$plaintext,MCRYPT_MODE_ECB);
return trim(base64_encode($crypttext));
}
function decrypter($crypttext)
{
$crypttext = base64_decode($crypttext);
$plaintext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256,FLENCKEY,$crypttext,MCRYPT_MODE_ECB);
return trim($crypttext);
}
$test = "abc#gmail.com";
echo encrypter(test);
Output is
iLmUJHKPjPmA9vY0jfQ51qGpLPWC/5bTYWFDOj7Hr08=
echo decrypter(test);
Output is
��-
In your decrypter() function, you return the wrong data.
You should return $plaintext instead of $crypttext:
function decrypter($crypttext)
{
$crypttext = base64_decode($crypttext);
$plaintext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256,FLENCKEY,$crypttext,MCRYPT_MODE_ECB);
//return trim($crypttext);
return trim($plaintext);
}
The other code samples on this page (including the question) are not secure.
To be secure:
Don't use mcrypt.
Use authenticated encryption.
Never use ECB mode (a.k.a. MCRYPT_MODE_ECB).
See this answer for secure encryption in PHP.
This is what I use. Super simple.
function encrypt_decrypt($action, $string) {
$output = false;
$key = '$b#bl2I#?%%4K*mC6r273~8l3|6#>D';
$iv = md5(md5($key));
if( $action == 'encrypt' ) {
$output = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, $iv);
$output = base64_encode($output);
}
else if( $action == 'decrypt' ){
$output = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($string), MCRYPT_MODE_CBC, $iv);
$output = rtrim($output, "");
}
return $output;
}
You can change $key to whatever you want, or leave it. (this is not my key, btw)
encrypt_decrypt('encrypt', $str) to encrypt
encrypt_decrypt('decrypt', $str) to decrypt
Inside the decrypter function, change the
return trim($crypttext);
to
return trim($plaintext);
But looking at your function, I am not quite sure whether it will return exactly the same string, because of the strtolower function. You can't just do a strtoupper function as the original text may not be all in capital letters.
Warning
mcrypt_encrypt has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged.
Use openssl_encrypt instead.
I need two functions/methods, one to encode, one to decode. This is not for storing passwords. Each user will have a specific key/salt to encode the data.
This is how I would like it to work:
function encode($str, $key) {
// something fancy
}
function decode($str, $key) {
// something fancy
}
$key = $logged_in_user->get_key();
$plain = 'abc abc 123 123';
$encoded_data = encode($plain, $key);
// some_fancy_encrypted_data_that_is_really_cooooool
$decoded_data = decode($encoded_data, $key);
// abc abc 123 123
Another thing is that every time I use this function it needs to return the same thing every time I use the encode function with the same user key.
How would I do this??
$myVarIWantToEncodeAndDecode
Define key (salt, broth etc..): $key = "#&$sdfdfs789fs7d";
To encode:
$encoded = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $myVarIWantToEncodeAndDecode, MCRYPT_MODE_CBC, md5(md5($key))));
To decode:
$decoded = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encoded), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
Note: mcrypt_decrypt has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged.
Use openssl_encrypt instead of mcrypt_encrypt
mcrypt_encrypt DEPRECATED as of PHP 7.1.0 and REMOVED as of PHP 7.2.0.
So, Try this..
function encrypt_decrypt($string, $action = 'encrypt')
{
$encrypt_method = "AES-256-CBC";
$secret_key = 'AA74CDCC2BBRT935136HH7B63C27'; // user define private key
$secret_iv = '5fgf5HJ5g27'; // user define secret key
$key = hash('sha256', $secret_key);
$iv = substr(hash('sha256', $secret_iv), 0, 16); // sha256 is hash_hmac_algo
if ($action == 'encrypt') {
$output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
$output = base64_encode($output);
} else if ($action == 'decrypt') {
$output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv);
}
return $output;
}
echo "Your Encrypted password is = ". $pwd = encrypt_decrypt('spaceo', 'encrypt');
echo "Your Decrypted password is = ". encrypt_decrypt($pwd, 'decrypt');