i want to decrypt magento data using the data encrypted and config key to show the data as plan test
i tried alotof ways but no one has done with me is there any way
i mean is there any way as php script to do it
and thanks
i used this code i found here but doesn't show anything
<?php
class Encryption
{
const CIPHER = MCRYPT_RIJNDAEL_128; // Rijndael-128 is AES
const MODE = MCRYPT_MODE_CBC;
/* Cryptographic key of length 16, 24 or 32. NOT a password! */
private $key;
public function __construct($key) {
$this->key = $key;
}
public function encrypt($plaintext) {
$ivSize = mcrypt_get_iv_size(self::CIPHER, self::MODE);
$iv = mcrypt_create_iv($ivSize, MCRYPT_DEV_RANDOM);
$ciphertext = mcrypt_encrypt(self::CIPHER, $this->key, $plaintext, self::MODE, $iv);
return base64_encode($iv.$ciphertext);
}
public function decrypt($ciphertext) {
$ciphertext = base64_decode($ciphertext);
$ivSize = mcrypt_get_iv_size(self::CIPHER, self::MODE);
if (strlen($ciphertext) < $ivSize) {
throw new Exception('Missing initialization vector');
}
$iv = substr($ciphertext, 0, $ivSize);
$ciphertext = substr($ciphertext, $ivSize);
$plaintext = mcrypt_decrypt(self::CIPHER, $this->key, $ciphertext, self::MODE, $iv);
return rtrim($plaintext, "\0");
}
}
In simplest case, when we use all of standard Magento settings:
Encryptor get from model core/encryption,
Key from setting global/crypt/key
Using Mcrypt
With standard cipher MCRYPT_BLOWFISH and mode MCRYPT_MODE_ECB
(all given for Magento 1.8.1)
$encrypted = 'R4VQyYn6JHs=';
$key = '370ee4d319aebb395b982d72190588d2';
$cipher = MCRYPT_BLOWFISH;
$mode = MCRYPT_MODE_ECB;
$handler = mcrypt_module_open($cipher, '', $mode, '');
$initVector = mcrypt_create_iv (mcrypt_enc_get_iv_size($handler), MCRYPT_RAND);
mcrypt_generic_init($handler, $key, $initVector);
var_dump(str_replace("\x0", '', trim(mdecrypt_generic($handler, base64_decode($encrypted)))));
However, I can't see a point in using this, since you can use Magento, and just call
Magento::helper('core')->decrypt($encrypted);
Related
Why can't I decrypt an mcrypt encrypted text with openssl
I have encrypted information in the database and in apps on mobile devices.
So far, these have been encrypted and decrypted on a server with PHP 7.0 and mcrypt.
- The deprecated message is already displayed there.
There will be no mcrypt in the next PHP versions. So I tried to do that with openssl.
Although I also use blowfish with mode CFB at openssl, it doesn't work.
What am I doing wrong?
#
# mcrypt on Server with PHP 7.0
/**
* encrypt with Blowfish and mcrypt
*/
function mcrypt_encrypt($plaintext, $key)
{
$td = mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_CFB, '');
$ivsize = mcrypt_enc_get_iv_size($td);
$iv = mcrypt_create_iv($ivsize, MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$crypttext = mcrypt_generic($td, $plaintext);
mcrypt_generic_deinit($td);
return $iv . $crypttext;
}
/**
* decrypt with Blowfish and mcrypt
*/
function mcrypt_decrypt($crypttext, $key)
{
$td = mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_CFB, '');
$ivsize = mcrypt_enc_get_iv_size($td);
$iv = substr($crypttext, 0, $ivsize);
$crypttext = substr($crypttext, $ivsize);
mcrypt_generic_init($td, $key, $iv);
$plaintext = mdecrypt_generic($td, $crypttext);
mcrypt_generic_deinit($td);
return $plaintext;
}
This works on PHP 7.0:
$plaintext = 'Hello World';
$mcrypt_crypttext = mcrypt_encrypt($plaintext,'secret');
$mcrypt_plaintext = mcrypt_decrypt($mcrypt_crypttext,'secret');
# $plaintext == $mcrypt_plaintext;
The new funktions with OpenSSL:
#
# openssl on Server with PHP 7.2
/**
* encrypt with Blowfish and openssl
*/
function openssl_encrypt($plaintext, $key)
{
$ivlen = openssl_cipher_iv_length('bf-cfb');
$iv = openssl_random_pseudo_bytes($ivlen);
$crypttext = openssl_encrypt($plaintext, 'bf-cfb', $key, OPENSSL_RAW_DATA, $iv);
return $iv . $crypttext;
}
/**
* decrypt with Blowfish and openssl
*/
function openssl_decrypt($crypttext, $key)
{
$ivlen = openssl_cipher_iv_length('bf-cfb');
$iv = substr($data, 0, $ivlen);
$crypttext = substr($data, $ivlen);
$plaintext = openssl_decrypt($crypttext, 'bf-cfb', $key, OPENSSL_RAW_DATA, $iv);
return $plaintext;
}
This works also:
$openssl_crypttext = openssl_encrypt($plaintext,'secret');
$openssl_plaintext = openssl_decrypt($openssl_crypttext,'secret');
# $plaintext == $openssl_plaintext;
But this goes wrong - decrypting the mcrypt encrypted text:
$openssl_plaintext = openssl_decrypt($mcrypt_crypttext,'secret');
# $plaintext != $openssl_plaintext
Is there a way to decrypt mcrypted data with PHP7.2?
I'm trying to use PHP's openssl_encrypt() function but my key is coded in hexadecimal and the function is returning an error. When using the hex2bin() function to convert the key to binary, the return value is garbled ASCII text. Then when inserted into openssl_encrypt(). I get an error.
define('TEX_ENCRYPTION_KEY', 'hexadecimalkey...');
define('TEX_ENCRYPTION_IV', 'hexadecimalkey...');
$key = hex2bin(TEX_ENCRYPTION_KEY);
$iv = hex2bin(TEX_ENCRYPTION_IV);
$transData = '<Detail>blah blah blah</Detail>';
$alg = 'aes-256-cbc';
$encryptedData = openssl_encrypt(
$transData,
$alg,
$key,
OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING,$iv
);
This outputs an error:
error:0607F08A:digital envelope routines:EVP_EncryptFinal_ex:data
not multiple of block length
Any idea what is going on here?
Though it's not in the official documentation, there's a pretty good explanation of what the OPENSSL_ZERO_PADDING option does in the comments. By default, OpenSSL will pad your plaintext to a multiple of the cipher block size (16 bytes in the case of AES-256-CBC.) However, you've disabled that mechanism and OpenSSL is expecting you to ensure the length of your data is a multiple of 16. It's not, so you get the error message "data not multiple of block length."
Solution: pad your data or remove that option!
<?php
$transData = '<Detail>blah blah blah</Detail>';
$transData = str_pad(
$transData,
strlen($transData) + (16 - (strlen($transData) % 16)),
chr(0)
);
After dancing with the openssl documentation I had the solution to replace depreciated Mcrypt function with openssl (openssl_encrypt and openssl_decrypt functions) and return ASCII text with base64_encode():
//Return encrypted string
public function stringEncrypt ($plainText, $cryptKey = '7R7zX2Urc7qvjhkr') {
$length = 8;
$cstrong = true;
$cipher = 'aes-128-cbc';
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt(
$plainText, $cipher, $cryptKey, $options=OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $cryptKey, $as_binary=true);
$encodedText = base64_encode( $iv.$hmac.$ciphertext_raw );
}
return $encodedText;
}
//Return decrypted string
public function stringDecrypt ($encodedText, $cryptKey = '7R7zX2Urc7qvjhkr') {
$c = base64_decode($encodedText);
$cipher = 'aes-128-cbc';
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len=32);
$ivlenSha2len = $ivlen+$sha2len;
$ciphertext_raw = substr($c, $ivlen+$sha2len);
$plainText = openssl_decrypt(
$ciphertext_raw, $cipher, $cryptKey, $options=OPENSSL_RAW_DATA, $iv);
}
return $plainText;
}
m using
public function encrypt($plain_str,$key)
{
$str= mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $plain_str, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND));
$str = urlencode(base64_encode($str));
return $str ;
}
public function decrypt($cipher_str,$key)
{
$str = urldecode(base64_decode($cipher_str));
return mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $str, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND));
}
on crypting :201433~58~g#fds.com~20140820142427
i get : %2BAihYMLwpwrsmL4lSGGzwFTfonvdCyOb%2BCGEUJ%2F%2BE%2F7ZnvgwFRYFtlazQeSrVjUjyaaGZADK8%2BZyynIGxyt4VQ%3D%3D
on decrypting : %2BAihYMLwpwrsmL4lSGGzwFTfonvdCyOb%2BCGEUJ%2F%2BE%2F7ZnvgwFRYFtlazQeSrVjUjyaaGZADK8%2BZyynIGxyt4VQ%3D%3D
i get :201433~58~g#fds.com~20140820142427 back but
when string is malformed like some character removed
like this : %2BAihYMLwpwrsmL4lSGGzwFTfonvdCyOb%2BCGEUJ%2F%2BE%2F7Z
on decrypting i get : 201433~58~g#fds.com~201408201424O#¿W«Gݽˋ¯ È#'oP´ŸØw\Â⦑
How can i detect this anomoly ?
First of all, I'd like to list some flaws in your code:
Don't use ECB mode.
You are encrypting using MCRYPT_RIJNDAEL_128, but you're getting the IV size for MCRYPT_RIJNDAEL_256. (btw, IV is ignored in ECB mode, which is one of the reasons why not to use it)
You are also using MCRYPT_RAND as your randomness source, which is not secure. You should use MCRYPT_DEV_URANDOM (that is also the new default in PHP 5.6).
You don't have to urlencode() the resulting ciphertext, Base64 encoding is URL-safe.
Now, to answer your question ... this is done via a HMAC. The easiest way to use a HMAC is to prepend the cipher-text with it (which you should do with the IV as well; don't worry, it's not a secret):
public function encrypt($plainText, $encKey, $hmacKey)
{
$ivSize = mcrypt_get_iv_size('rijndael-128', 'ctr');
$iv = mcrypt_create_iv($ivSize, MCRYPT_DEV_URANDOM);
$cipherText = mcrypt_encrypt('rijndael-128', $encKey, $plainText, 'ctr', $iv);
$cipherText = $iv.$cipherText;
$hmac = hash_hmac('sha256', $cipherText, $hmacKey, true);
return base64_encode($hmac.$cipherText);
}
public function decrypt($cipherText, $encKey, $hmacKey)
{
$cipherText = base64_decode($cipherText);
if (strlen($cipherText) <= 32)
{
throw new Exception('Authentication failed!');
}
$recvHmac = substr($cipherText, 0, 32);
$cipherText = substr($cipherText, 32);
$calcHmac = hash_hmac('sha256', $cipherText, $hmacKey, true);
if ( ! hash_equals($recvHmac, $calcHmac))
{
throw new Exception('Authentication failed!');
}
$ivSize = mcrypt_get_iv_size('rijndael-128', 'ctr');
$iv = substr($cipherText, $ivSize);
$cipherText = substr($cipherText, $ivSize);
return mcrypt_decrypt('rijndael-128', $encKey, $cipherText, 'ctr', $iv);
}
Please note that the encryption key and HMAC key are different - they most NOT be the same key. Also, for Rijndael-128, you should create a 128-bit (or 16-byte) random key, it is not something that you can just type in with your keyboard. Here's how to generate one:
$encKey = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
Hi I am currently working for encryption and decryption for a string using AES algorithm in PHP and Android. I got the similar values in iOS and in Android. But I cant get the same output in PHP. It shows some other encrypted string. I want to achieve the same result in all iOS, Android and PHP. At the moment iOS and Android are working fine. But I cant fix in PHP.
Please check the screenshots and compare the values. I used "Android" as value and "abcdef" as key.
<?php
$Pass = "abcdef";
$Clear = "android";
$crypted = mc_encrypt($Clear, $Pass);
echo "Encrypred: ".$crypted."</br>";
$newClear = mc_decrypt($crypted, $Pass);
echo "Decrypred: ".$newClear."</br>";
function mc_encrypt($encrypt, $mc_key) {
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB), MCRYPT_RAND);
$passcrypt = trim(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $mc_key, trim($encrypt), MCRYPT_MODE_ECB, $iv));
$encode = base64_encode($passcrypt);
return $encode;
}
function mc_decrypt($decrypt, $mc_key) {
$decoded = base64_decode($decrypt);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB), MCRYPT_RAND);
$decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $mc_key, trim($decoded), MCRYPT_MODE_ECB, $iv));
return $decrypted;
}
?>
I get the following output
Encrypred: +NzljOmN0msNkWr/cst11Q==
Decrypred: android
Below code is used in Android
package com.example.aesalg;
import java.security.MessageDigest;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import android.util.Base64;
public class AESCrypt {
private final Cipher cipher;
private final SecretKeySpec key;
private AlgorithmParameterSpec spec;
public AESCrypt(String password) throws Exception
{
// hash password with SHA-256 and crop the output to 128-bit for key
MessageDigest digest = MessageDigest.getInstance("SHA-256");
digest.update(password.getBytes("UTF-8"));
byte[] keyBytes = new byte[32];
System.arraycopy(digest.digest(), 0, keyBytes, 0, keyBytes.length);
cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
key = new SecretKeySpec(keyBytes, "AES");
spec = getIV();
}
public AlgorithmParameterSpec getIV()
{
byte[] iv = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, };
IvParameterSpec ivParameterSpec;
ivParameterSpec = new IvParameterSpec(iv);
return ivParameterSpec;
}
public String encrypt(String plainText) throws Exception
{
cipher.init(Cipher.ENCRYPT_MODE, key, spec);
byte[] encrypted = cipher.doFinal(plainText.getBytes("UTF-8"));
String encryptedText = new String(Base64.encode(encrypted, Base64.DEFAULT), "UTF-8");
System.out.println("Encrypt Data"+ encryptedText);
return encryptedText;
}
public String decrypt(String cryptedText) throws Exception
{
cipher.init(Cipher.DECRYPT_MODE, key, spec);
byte[] bytes = Base64.decode(cryptedText, Base64.DEFAULT);
byte[] decrypted = cipher.doFinal(bytes);
String decryptedText = new String(decrypted, "UTF-8");
System.out.println("Encrypt Data"+ decryptedText);
return decryptedText;
}
}
You are using CBC in your Android app and ECB in the PHP code. See wikipedia for more details.
Try to change mcrypt parameter to MCRYPT_MODE_CBC. Also I believe mcrypt is always using zero padding (I'm not a PHP expert) so on the Android side you have to use "AES/CBC/ZeroBytePadding"
in php try this code
public function encrypt($string, $key)
{
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');
$block = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
$pad = $block - (strlen($string) % $block);
$string .= str_repeat(chr($pad), $pad);
mcrypt_generic_init($td, $key, 'fedcba9876543210');
$encrypted = mcrypt_generic($td, $string);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return $encrypted;
}
function decrypt($string, $key)
{
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_ECB, '');
mcrypt_generic_init($td, $key, 'fedcba9876543210');
$decrypted = mdecrypt_generic($td, $string);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return $decrypted;
}
I'm writing a class to handle encrypted data, essentially it will be used to encrypt data to be stored in a DB and then again to decrypt it on retrieval.
Here's what I've written:
class dataEncrypt {
private $encryptString;
private $decryptString;
private $encryptionMethod;
private $key;
public function __construct() {
/* IMPORTANT - DONT CHANGE OR DATA WILL DAMAGE */
$this->key = sha1('StringToHash');
// Set the encryption type
$this->encryptionMethod = "AES-256-CBC";
}
// Generate the IV key
private function generateIV() {
$ivSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
return mcrypt_create_iv($ivSize, MCRYPT_RAND);
}
// Retrieve the key
private function retrieveKey() {
return $key;
}
// Encrypt a string
public function encryptString($string) {
// Return the encrypted value for storage
return openssl_encrypt($string, $this->encryptionMethod, $this->retrieveKey(), 0, $this->generateIV());
}
// Decrypt a string
public function decryptString($data) {
// return the decrypted data
return openssl_decrypt($data, $this->encryptionMethod, $this->retrieveKey(), 0, $this->generateIV());
return false;
}
}
I'm trying to encrypt a string before storing, and I get the following PHP warning:
Warning: openssl_encrypt(): IV passed is 32 bytes long which is longer than the 16 expected by selected cipher, truncating in /var/www/blahblah... on line xxx
I've googled this, Ive googled the IV functions, I can't find sweetheat on either. Any advice is welcomed here.
Thanks
I was able to get it working by passing MCRYPT_CAST_256 rather than MCRYPT_RIJNDAEL_256 into mcrypt_get_iv_size
Encrypt:
$iv_size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$encrypted = openssl_encrypt($string, "AES-256-CBC", $key, 0, $iv);
$encrypted = $iv.$encrypted;
Decrypt
$iv_size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CBC);
$iv = substr($string, 0, $iv_size);
$decrypted = openssl_decrypt(substr($string, $iv_size), "AES-256-CBC", $key, 0, $iv);