In one of our web application ( in PHP, MySQL ) we are saving user's mobile number as encrypted value and decrypt it when we send SMS to them. The application was pretty working well. But
now GoDaddy removed the option base64_encode and decode. So that we cant send SMS to users. So we revert back the mobile numbers to its normal state running it locally.
My question is which is the easiest and safe way to encrypt and decrypt a string using a key.
Something like
Normal string : 9876543210 -> After encrypt with a key -> AASASOOPFPOEROP45664654456
Encrypted string : AASASOOPFPOEROP45664654456 -> on decrypt -> 9876543210
My current code
function encodeString($str){
for($i=0; $i<5;$i++)
{
$str=strrev(base64_encode($str)); //apply base64 first and then reverse the string
}
return $str;
}
function decodeString($str){
for($i=0; $i<5;$i++)
{
$str=base64_decode(strrev($str)); //apply base64 first and then reverse the string}
}
return $str;
}
Please help me . Thanks in advance
Well if you were using base64 encode/decode you weren't encrypting the data, just obfuscating.
I don't know what php extensions godaddy has enabled, so I would suggest going with something like phpSecLib
http://phpseclib.sourceforge.net/
It is a standalone implementation you can include into your scripts, and will provide actual encryption of your data. AES or Rijndael should work find for your application
Basically it will encrypt the string with a key, even if your database is compromised, the data can't be decrypted without the key it was encrypted with (which you would hard coded into your script). This is unlike simply encoding it, in which case if someone got ahold of the database, they could decode it by running the first string through a variety of different encoding methods until they find one that works. And then run the rest through the same decoding method
here i am giving you one simple example with our own secret key you can use as below
// Secret key to encrypt/decrypt with
$key='mysecretkey'; // 8-32 characters without spaces
// String to encrypt
$string1='your sample key, that is the question';
// EnCrypt string
$string2=convert($string1,$key);
// DeCrypt back
$string3=convert($string2,$key);
// Test output
echo '<span style="font-family:Courier">';
echo 'Key: '.$key.'<br>'."\n";
echo $string1.'<br>'."\n";
echo $string2.'<br>'."\n";
echo $string3.'<br>'."\n";
echo '</span>'."\n";
OUTPUT
Key: mysecretkey
your sample key, that is the question
tvfw#ady{i|-rv|/2q|jq9dj3qkw%e~`jyp|k
your sample key, that is the question
Let me know i can help you more.
Related
I have this issue where something is encrypted in python using aes 256 cbc encryption as shown in the python codes encrypt method .
I am trying to create a Decrypt method in php to actually decrypt whats encrypted using the python class .
Here is my attempt to convert the python decryption method to php does it look right or am I missing something in my conversion as every time i use the php version to decrypt it says hmac failed ?
anyhelp in converting the python class to php i will appreciate.
public function decrypt(){
$encrypt_method ="AES-256-CBC";
$secret_key =base64_decode('samekeyusedintheencryption');
$encrypted=(string)'some encrypted text to be decrypted';
$data=json_decode(base64_decode($encrypted),true);
$secret_iv =base64_decode($data['iv']);
$output = \openssl_decrypt($data['value'],
$encrypt_method,$secret_key,0,$secret_iv);
return json_encode($output);
}
def decrypt(self, payload):
data = json_c.decode(base64.b64decode(payload))
value = base64.b64decode(data['value'])
iv = base64.b64decode(data['iv'])
crypt_object=AES.new(self.key,AES.MODE_CBC,iv)
plaintext = crypt_object.decrypt(value)
return loads(plaintext)
OK, I got it to work!
function decrypt($encryptedText, $secret_key){
$secret_key = base64_decode($secret_key);
$encrypt_method ="AES-256-CBC";
$data = json_decode(base64_decode($encryptedText),true);
$data['iv'] = base64_decode($data['iv']);
$data['value'] = base64_decode($data['value']);
return openssl_decrypt($data['value'], $encrypt_method, $secret_key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $data['iv']);
}
Some things I learned:
If the options in the openssl function are set to '0' it expects a base64_encoded input for the cipher text. Also, if the default options is set to '0' the padding default is set to PKCS#7. This, I think, is why we were getting the bad block size error.
So, the cipher text needs to be base64_decoded and we need to set both options for the padding.
I was able to decrypt your provided cipher text and see the email addresses.
You are provided the MAC in the Data array so this would allow you to check the MAC in the PHP script. This allows you to make sure the data has not been tampered with.
I recently did an encryption project and started with the open ssl, but ended up changing to the libSodium library. I highly recommend you check it out for any further projects.
Cheers!
I want to encrypt a message in php with a known password using blowfish. I would then be like to decrypt this message in python.
This is useful even if you want to encrypt in one language and decrypt elsewhere.
I searched quite extensively but could not find any conclusive solution, so I thought to record my findings.
Note it is quite simple to encrypt/decrypt in same language such as python or php.
This solution is very simple but it took me a while to figure out.
Blowfish Params
Password should be of length 16
use mode MODE_ECB.
Data being encrypted length should be always divisible by 16 pad by spaces or anyother char. I have taken a 16 length data string in example below.
php code:
<?php
$passw='secretPassword12';
$ntext='helloWorld123456';
$enc = base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $passw, $ntext, MCRYPT_MODE_ECB));
echo '<div>'.$enc.'</div';
This outputs 3C8f2kaD8Of0INYk3l9qEg==
python code:
from Crypto.Cipher import Blowfish
from base64 import b64encode, b64decode
passw='secretPassword12'
ntext='helloworld123456'
cipher=Blowfish.new(passw, Blowfish.MODE_ECB)
encStr=b64encode(cipher.encrypt(data))
print encStr
This code outputs 3C8f2kaD8Of0INYk3l9qEg== too
Now suppose you want to decrypt some string in python encrypted in php. First do b64decode and then decrypt the result.
Remember to pad your data such that the len is divisible by 16.
Happy encrypting and decrypting!!!
My script uses openssl_private_decrypt() to decrypt a string encrypted with RSA in another program. Currently it writes to a file. But when I try to open it up in a text editor, it says it can't detect the encoding. If I try to echo it, nothing appears. If I output it's length, I get 256, instead of the correct 3.
I know the decryption is done right because using the cat terminal command on the output file gives the correct data.
$ cat decrypted.txt
It looks like this is a character encoding problem, a problem I hear can give a lot of pain in PHP. I even tried utf8_encode(). What might the problem be?
Here's the code:
$results = '';
openssl_private_decrypt(
base64_decode(
<<<EOS
QWlG+AZIt9GE0hw0wwcPRtUWueMLBxj3YWpa5zQBoz1ttnt7TvlxDtYWZcvaUL/qr2CJCADE2iTR
G72FhAwew2fhqlqmsxL7Nns3yegflTTMXyilVM3mPU4Cx94ylLfa+ZrqrNEepaRorNJ/js5iTq9i
avegO/kYOv4zhEsZirlk/Mj0vVv6irWo8WyZoCDC2SwfGWeSUI8F4pq4FUkRh9V/0zAUZ+3P0A7Z
SrA80dSa6U/J+poRcmE1vRLQXvM8dBtFRKmb0zfltLUBMcMhcglzAhcpemJ99OCZmUuynFRcRNkj
CkOLsO+lSHntcbmXqsKE+of78gnU3tp5hHSHIg==
EOS
),
$results,
openssl_pkey_get_private(
// load private key
),
OPENSSL_NO_PADDING
);
echo $results;
The fact that you're getting decrypted data exactly the length of a single block instead of the length of your expected data is really, really pointing towards a padding problem.
Make sure you're using the same padding flag on both sides.
I'm not familiar with openssl_private_decrypt, but it seems logical to me that you would provide base64_encode()'d data to openssl_private_encrypt().
In such case, you're mangling your data by running in the wrong order on decrypt.
Seems like you would want to decrypt the string first, then run base64_decode() on the unencrypted string.
I have been trying to implement some encryption between an iPhone app and a PHP web service. It's not working however. It seems like the first half of the text is NOT decrypted while the second half is decrypted just fine. What should I do?
The PHP encryption method is as follows:
function decrypt($str, $iv) {
$iv .= "00000000";
$str = base64_decode($str);
return self::decrypt_data($str, $iv, self::secret_key);
}
The iPhone stuff that encrypts the text uses a CryptoHelper class like this:
NSString *encrypted = [[CryptoHelper sharedInstance] encryptString:dataString];
The CryptoHelper class can be seen at http://pastie.org/1267796.
Try a simple example where you send a known Base64 encoded string from the iPhone app to PHP.
Compare the known valid string to what PHP is getting. I know recently, when trying to do an Ajax post from a script to PHP, we were having trouble with some characters (specifically +) being converted to spaces by PHP because it was doing a URL decode automatically. We had to switch all + to their % (URL-encoded %2B) equivalent. This fixed the problem for us.
I have a string that I would like to encrypt in Python, store it as a cookie, then in a PHP file I'd like to retrieve that cookie, and decrypt it in PHP. How would I go about doing this?
I appreciate the fast responses.
All cookie talk aside, lets just say I want to encrypt a string in Python and then decrypt a string in PHP.
Are there any examples you can point me to?
Use a standard encryption scheme. The implementation is going to be equivalent in either language.
RSA is available (via third party libraries) in both languages, if you need asymmetric key crypto. So is AES, if you need symmetric keys.
There is a good example here:
http://www.codekoala.com/blog/2009/aes-encryption-python-using-pycrypto/
Other links that may help:
http://www.phpclasses.org/browse/package/4238.html
http://www.chilkatsoft.com/p/php_aes.asp
If you're not talking about encryption but encoding to make sure the contents make it through safely regardless of quoting issues, special characters, and line breaks, I think base64 encoding is your best bet. PHP has base64_encode / decode() out of the box, and I'm sure Python has, too.
Note that base64 encoding obviously does nothing to encrypt your data (i.e. to make it unreadable to outsiders), and base64 encoded data grows by 33%.
Well, my first thought would be to use a web server that uses SSL and set the cookie's secure property to true, meaning that it will only be served over SSL connections.
However, I'm aware that this probably isn't what you're looking for.
Although a bit late. Find sample code below using the Fernet library
#Python Code - fernet 1.0 library
from cryptography.fernet import Fernet
key = b"Gm3wFh9OiQHcVc8rcAMm8IOqKOJtk7CbrGRKVhrvXhg="
f = Fernet(key)
token = f.encrypt(b'the quick brown fox jumps over the lazy hare')
print(token)
##gAAAAABiMWVPsStLo42ExcmIqcGvRvCCmnhB5B6dc2JsOm4w-VsE9oJOuk_qYuZvHv5quQR4t_6ZjNJzAdCiDPOtESNzCreJZLwc2X-_apbqKKnBwc3KhmqL-K5X7t1uR1WXuyUEYUtW
<?php
//PHP - kelvinmo/fernet-php v1.0.1 A
require 'vendor/autoload.php';
use Fernet\Fernet;
$key = "Gm3wFh9OiQHcVc8rcAMm8IOqKOJtk7CbrGRKVhrvXhg=" ;
$fernet = new Fernet($key);
$token = "gAAAAABiMWVPsStLo42ExcmIqcGvRvCCmnhB5B6dc2JsOm4w-VsE9oJOuk_qYuZvHv5quQR4t_6ZjNJzAdCiDPOtESNzCreJZLwc2X-_apbqKKnBwc3KhmqL-K5X7t1uR1WXuyUEYUtW";
echo $fernet->decode($token);
?>