Modification needed for base64 - php

Problem with base64
$data = 'my data';
echo $encryptedData = base64_encode($data);
// Output :
bXkgZGF0YQ==
I added some more characters to the token
$encryptedData = $encryptedData . 'sdfsdfasdfsd';
echo $data = base64_decode($encryptedData);
// Output :
my data~Ç_jÇ_±
Now i got actual data + junk data. i dont want any of the data or only the data if there is any change in the token. is there any method to implement this ?


you should add token while encoding instead decoding
$data = 'my data'.'sdfsdfasdfsd';
$encryptedData = base64_encode($data);
than
echo $data = base64_decode($encryptedData);
and to remove the token
$trimmed = rtrim($data, "sdfsdfasdfsd");
echo $trimmed;
Codepad
and as Jon Skeet said base64 is in no way encryption .It doesn't make the contents secret at all


To make sure changes to the base64 encoded string can only be made by changing the $data, you will need to add a verification token.
An easy way to add such verification is by using a keyed hash whereby the key is secret:
$data = 'this product sells for 5 dollars';
$enc = base64_encode($data);
$token = base64_encode(hash_hmac('sha256', $enc, 'your secret key here', true));
$my_token = $token . ':' . $enc;
Output:
ZMkqZIa6UazMhbYDiPqjdS1NmU1ulh+Gi2tgWHRKKpQ=:dGhpcyBwcm9kdWN0IHNlbGxzIGZvciA1IGRvbGxhcnM=
When you receive such token, you first split on : and then use the first part (keyed hash) to verify the contents of the second part (data). Only if it matches, you can be (relatively) sure that the data has not been tampered with.

Related

Trying to re-create HMAC using SHA1 in PHP

I have the following decrypted message, which has previously been encrypted using AES-256-CBC
240dcbefc0f82fadc00ef8494488aaa81400000c2def01e79fec6c4d9a822358dd8a910cac606e8afcb607793cb442093a56b7b40b0b0b0b0b0b0b0b0b0b0b0b
I derive the following 20 BYTE HMAC from this message:
dd8a910cac606e8afcb607793cb442093a56b7b4
My goal is to re-create this HMAC using PHP, I attempt with the following code:
$iv = hex2bin('240dcbefc0f82fadc00ef8494488aaa8'); // random iv - first 16 bytes of the message
$message = hex2bin('1400000c2def01e79fec6c4d9a822358'); // the actual message being decrypted - next 16 bytes
$key = hex2bin('b109124b62e2c8b8248e9865990325fddcc61143'); // encryption key
$hmac = hash_hmac('sha1', $iv.$message, $key);
print($hmac); // 03634ba3f4a0c854a0b791d27f331ecdfad1e87e
$attempt2 = hash('sha256', $iv.$message, true);
$hmac = hash_hmac('sha1', $attempt2, $key);
print($hmac); // 39ad1fb94ab251cdaf3f21cf8673e070733f4e16
I know I'm missing something but I'm struggling to understand the HMAC process as it's very confusing to me. Any help or advise is appreciated, thanks.

I found a solution on a random blog post online :D
here is what worked for me:
function check_mac($seq, $type, $msg, $key) {
$SequenceNumber = pack("NN", 0, $seq);
$Type = pack("Cnn", $type, 0x0303, strlen($msg));
$data = $SequenceNumber . $Type . $msg;
$calculated_mac = hash_hmac("sha1", $data, $key, true);
print(bin2hex($calculated_mac) . "\n");
}
Also, the IV does not need to be included, just the message by itself as the $msg variable
Blog Post:
https://adayinthelifeof.nl/2013/12/30/decoding-tls-with-php/

Open Money Webhook hash validation in php through hmac

i am tring to validate my openmoney webhook url but it is not working,i am getting all in $payload and then remove hash from $payload them convert it in string . and then hash_hmac but don't know what is problem ..
$hashed_expected = $request->hash;
$payload = $request->all(); // get all body
unset($payload['hash']);
$str = json_encode($payload); // Convert in string
$string = preg_replace('/\s+/', '', $str); // remove white space
$service = DepositServices::where('type','open_money')->first();
$apiSecret = $service->details->api_secret; // open money API Secret
$hashed_value = hash_hmac('sha256',$string,$apiSecret);
$data['hashed_value']=$hashed_value;
$data['hashed_expected']=$hashed_expected;
$data['string'] = $string;
if (hash_equals($hashed_expected, $hashed_value) ) {
$data['status'] = "Match";
dd( $data);
}else{
$data['status'] = "Not Match";
dd( $data);
}

When creating and comparing your hashed values, the payload needs to be identical as it was when the sender created and sent it. My guess is that the encoding and preg_replacing is mutating the payload.
Something like this should get you the original, unaltered payload body.
json_encode($request->all(), JSON_UNESCAPED_SLASHES);

How do I verify a Google idToken in PHP?

I have been working on this for far too long. I am looking for a working example as of September 2016 for verifying a Google idToken such as
eyJhbGciOiJSUzI1NiIsImtpZCI6IjZjNzgxOTQyZDg0OWJhMmVjZGE4Y2VkYjcyZDM0MzU3ZmM5NWIzMjcifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhdWQiOiIxMDQ5MTQ4MTU2NTQ2LTk2YjFxcTJsNTJtODVtODB0ZHVoZHVma2RwODRtN2tuLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTEyNTk4NDgzNjQ2MjY1OTYxNTQwIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF6cCI6IjEwNDkxNDgxNTY1NDYtdjJwZjRlbGhzOGNwcXBlcWZkMzU5am5nOWs5aW5kcTQuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJlbWFpbCI6InRlc3R1c2VydGh4QGdtYWlsLmNvbSIsImlhdCI6MTQ3NDc1NDMzMiwiZXhwIjoxNDc0NzU3OTMyLCJuYW1lIjoiVGVzdCBVc2VyIiwicGljdHVyZSI6Imh0dHBzOi8vbGg0Lmdvb2dsZXVzZXJjb250ZW50LmNvbS8tU0dldkZZRDlaWFEvQUFBQUFBQUFBQUkvQUFBQUFBQUFBQUEvQVBhWEhoUmtuX1hEaEhNLTEzeVMwTUtBcFNrZG1zVEdYdy9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiVGVzdCIsImZhbWlseV9uYW1lIjoiVXNlciIsImxvY2FsZSI6ImVuIn0.btukbBvhek6w14CrBVTGs8X9_IXIHZKpV1NzJ3OgbGUfmoRMirNGzZiFAgrR7COTeDJTamxRzojxxmXx6EEkQqNQcbyN8dO0PTuNt9pujQjLbFw_HBhIFJQaJSR3-tYPN-UtHGQ5JAAySsvCPapXbxyiKzTyvGYRSU65LmyNuiGxe6RQe1zHjq2ABJ4IPRqKPuFupnGRPWYyBSTPU7XQvtfhgyqA0BWZUfmCIFyDxQhvMaXNLTs01gnGVhcUDWZLi9vuUiKUlz3-aSSbwdfCMAljhBHnjpYO6341k5-qmgKkWawv8DX_nMEzntsCMCr664rP4wFEbsRB5ledM9Pc9Q
Using Google's recommended way and pulling "accounts.google.com/.well-known/openid-configuration" for the jwks_uri and pulling that "www.googleapis.com/oauth2/v3/certs", yielding a relevant entry for
{
"kty": "RSA",
"alg": "RS256",
"use": "sig",
"kid": "6c781942d849ba2ecda8cedb72d34357fc95b327",
"n": "s1dt5wFFaYl-Bt7Yb7QgWEatLJfxwWDhbd5yvm2Z4d1PRgNVQa9kwOArQNoOJ-b-oZnXLVFsVASUXEAumGf1ip5TVCQmMBKqlchSDNuoZfoWdpCCX7jx4gNuS43pS6VqV3QDjWnoXRTHaUi5pZEbpAmWpOeG_CfmewNVwBXPFx8-mtvEdtxIrspX4ayXTViR4vHc7MhQhUxllFbocxMjJysDQuZV9wN3MI0lVtQdf52SKJwF3lhvWA9-WAEZ1q8wq-I93Sfte95RaFjDqCH--Sh-8DjhK4OvgItcEGd5QRHjdLvrayPwaDQbpMRN2n3BkVWIxKJubtRiSeWbawCklQ",
"e": "AQAB"
}
Verification happens if I pass the token to https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=TOKEN, but this is not a real answer, since they don't change that often but doing an extra web call every time is just asking for trouble.
So can someone point me to a working example? I've tried phpseclib, but it never verifies. I've probably looked for about 40 hours at this point, and I'm at my wits' end.
Any help is appreciated.
My relevant code:
$modulus = "";
$exponent = "";
$token = $_POST['token'];
$pieces = explode(".", $token);
$header = json_decode(base64_decode(str_replace(['-','_'], ['+','/'], $pieces[0])), true);
$alg = $header['alg'];
$kid = $header['kid'];
$payload = base64_decode(str_replace(['-','_'], ['+','/'], $pieces[1]));
$signature = str_replace(['-','_'], ['+','/'], $pieces[2]);
//$signature = base64_decode(str_replace(['-','_'], ['+','/'], $pieces[2]));
if (testGoogleList($alg, $kid, $modulus, $exponent))
{
echo "Found in list: kid=".$kid."\n";
echo "n: (base64URL)".$modulus."\n";
echo "e: (base64URL)".$exponent."\n";
$modulus = str_replace(['-','_'], ['+','/'], $modulus);
$exponent = str_replace(['-','_'], ['+','/'], $exponent);
echo "n: (base64)".$modulus."\n";
echo "e: (base64)".$exponent."\n";
$rsa = new Crypt_RSA();
$rsa->setHash("sha256");
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$modulus = new Math_BigInteger($modulus, 256);
$exponent = new Math_BigInteger($exponent, 256);
echo "n: (BigInteger)".$modulus."\n";
echo "e: (BigInteger)".$exponent."\n";
$rsa->loadKey(array('n' => $modulus, 'e' => $exponent));
$rsa->setPublicKey();
$pubKey = $rsa->getPublicKey();
echo "Public Key from phpseclib\n".$pubKey."\n";
echo "--First openSSL error check--\n";
while ($msg = openssl_error_string())
echo $msg . "<br />\n";
echo "--After First Error Check, before Verify--\n";
$res = $rsa->verify($pieces[0].".".$pieces[1], $signature);
while ($msg = openssl_error_string())
echo $msg . "<br />\n";
echo "--Verify result: ".var_export($res, true)."--\n";
}
Output
Found in list: kid=6c781942d849ba2ecda8cedb72d34357fc95b327
n: (base64URL)s1dt5wFFaYl-Bt7Yb7QgWEatLJfxwWDhbd5yvm2Z4d1PRgNVQa9kwOArQNoOJ-b-oZnXLVFsVASUXEAumGf1ip5TVCQmMBKqlchSDNuoZfoWdpCCX7jx4gNuS43pS6VqV3QDjWnoXRTHaUi5pZEbpAmWpOeG_CfmewNVwBXPFx8-mtvEdtxIrspX4ayXTViR4vHc7MhQhUxllFbocxMjJysDQuZV9wN3MI0lVtQdf52SKJwF3lhvWA9-WAEZ1q8wq-I93Sfte95RaFjDqCH--Sh-8DjhK4OvgItcEGd5QRHjdLvrayPwaDQbpMRN2n3BkVWIxKJubtRiSeWbawCklQ
e: (base64URL)AQAB
n: (base64)s1dt5wFFaYl+Bt7Yb7QgWEatLJfxwWDhbd5yvm2Z4d1PRgNVQa9kwOArQNoOJ+b+oZnXLVFsVASUXEAumGf1ip5TVCQmMBKqlchSDNuoZfoWdpCCX7jx4gNuS43pS6VqV3QDjWnoXRTHaUi5pZEbpAmWpOeG/CfmewNVwBXPFx8+mtvEdtxIrspX4ayXTViR4vHc7MhQhUxllFbocxMjJysDQuZV9wN3MI0lVtQdf52SKJwF3lhvWA9+WAEZ1q8wq+I93Sfte95RaFjDqCH++Sh+8DjhK4OvgItcEGd5QRHjdLvrayPwaDQbpMRN2n3BkVWIxKJubtRiSeWbawCklQ
e: (base64)AQAB
n: (BigInteger)18674717054764783973087488855176842456138281065703345249166514684640666364313492818979675328236363014396820758462507776710767978395332237045824933690552916871072924852353561300648679961653291310130667565640227949181785672954620248276915721938277908962537175894062430220752771265500386404609948390377043762106166027544443459977210114747088393335234720657330424186435226141073425445733987857419933850994487913462193466159335385639996611717486282518255208499657362420183528330692236194252505592468150318350852955051377118157817611947817677975817359347998935961426571802421142861030565807099600656362069178972477827638867161671399657071319083914500667014214521757304661303525496653078786180348831678824969667950119891369610525474165187687495455755684504105433077872587114630537058768184460798470456362909589578101896361255070801
e: (BigInteger)1095844162
Public Key from phpseclib
-----BEGIN PUBLIC KEY-----
MIIBeDANBgkqhkiG9w0BAQEFAAOCAWUAMIIBYAKCAVZzMWR0NXdGRmFZbCtCdDdZ
YjdRZ1dFYXRMSmZ4d1dEaGJkNXl2bTJaNGQxUFJnTlZRYTlrd09BclFOb09KK2Ir
b1puWExWRnNWQVNVWEVBdW1HZjFpcDVUVkNRbU1CS3FsY2hTRE51b1pmb1dkcEND
WDdqeDRnTnVTNDNwUzZWcVYzUURqV25vWFJUSGFVaTVwWkVicEFtV3BPZUcvQ2Zt
ZXdOVndCWFBGeDgrbXR2RWR0eElyc3BYNGF5WFRWaVI0dkhjN01oUWhVeGxsRmJv
Y3hNakp5c0RRdVpWOXdOM01JMGxWdFFkZjUyU0tKd0YzbGh2V0E5K1dBRVoxcTh3
cStJOTNTZnRlOTVSYUZqRHFDSCsrU2grOERqaEs0T3ZnSXRjRUdkNVFSSGpkTHZy
YXlQd2FEUWJwTVJOMm4zQmtWV0l4S0p1YnRSaVNlV2Jhd0NrbFECBEFRQUI=
-----END PUBLIC KEY-----
--First openSSL error check--
--After First Error Check, before Verify--
error:0906D06C:PEM routines:PEM_read_bio:no start line
--Verify result: false--

So for anyone coming here from search engines:
I was trying to use a Google ID Token to verify that my login credentials were:
Accurate
Not spoofed
Able to be checked by a back-end server
Computed using math so I don't have to query Google each time (adding latency and the if-anything-can-go-wrong-it-will effect)
I realize that most will certainly be able to read this code, but I wanted to type it up to explain what's happening for the next exasperated soul.
Your first part may vary, since I was coming from Android and it's fairly straight-forward from there.
My process was to ask for the token in Android.
(Only differences from examples and relevant pieces shown)
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestIdToken(getString(R.string.client_id))
.requestEmail()
.build();
Getting the token from the Activity Result (onActivityResult)
GoogleSignInAccount acct = result.getSignInAccount();
String idToken = acct.getIdToken();
The token is composed of 3 pieces, separated by periods, in the form "$header.$info.$signature". We will verify "$header.$info" using "$signature" to do so.
The $header contains information about the encryption, for example (after decoding):
{"alg":"RS256","kid":"6c781942d849ba2ecda8cedb72d34357fc95b327"}
So the algorithm used is "SHA-256, with RSA Encryption", and the Key ID in the keystore is 6c781942d849ba2ecda8cedb72d34357fc95b327. We'll use this later.
Pass the whole token to my back-end server via HTTP
Then decode the token using the following code, taken straight from the accepted answer
include('Crypt/RSA.php'); //path to phpseclib
$modulus = "";
$exponent = "";
$token = $_POST['token'];
$pieces = explode(".", $token);
$data = $pieces[0].".".$pieces[1];
$signature = base64_decode(str_replace(['-','_'], ['+','/'], $pieces[2]));
$header = json_decode(base64_decode(str_replace(['-','_'], ['+','/'], $pieces[0])), true);
$alg = $header['alg'];
$kid = $header['kid'];
if (testGoogleList($alg, $kid, $modulus, $exponent))
{
$modulus = base64_decode(str_replace(['-','_'], ['+','/'], $modulus));
$exponent = base64_decode(str_replace(['-','_'], ['+','/'], $exponent));
$rsa = new Crypt_RSA();
$rsa->loadKey([
'n' => new Math_BigInteger($modulus, 256),
'e' => new Math_BigInteger($exponent, 256)
]);
$rsa->setHash('sha256');
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
if ($rsa->verify($data, $signature))
{
echo "VALID!!!!";
} else {
echo "NOT VALID :'(";
}
}
The reason we do base64_decode(str_replace(['-','_'], ['+','/'], $VARIABLE)) is because these are presented in base64URL form, where the '+' is changed to a '-' and the '/' is changed to a '_'. So we change it from base64URL > base64 > unencoded (plain) text.
What does this do?
We take the token from $_POST (I called it $token).
Then we split it into its parts.
Remember we need to use the third part to decode the pair of the first two, separated by a period ("."). ("$signature" is the cryptographic signature for "$header.$info")
Fully decode the signature, from base64URL to unencoded (plain) text.
Since Google uses JSON to store the key information, json_decode the header and get the encryption type and key id.
I wrapped it in a function, but my function testGoogleList basically works like this:
So we pass in the algorithm and the key id.
I test my local cache of keys to see if the key we need is already cached.
If not, we continue here, otherwise skip ahead to step 4.
Then we hit the web and grab Google's open-id configuration page at (https://accounts.google.com/.well-known/openid-configuration) using get_file_contents() or a CURL method if you can't. I had to use CURL with options "curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANYSAFE);" in my CURL method, since it wasn't trying HTTPS correctly.
That page is a JSON encoded text file, so json_decode it.
We them grab the "jwks_uri" key and grab that page like we did above.
This contains a set of keys Google is currently using for public key verification. I json_decode and temporarily store these to an array.
Truncate your old cache and rewrite the set. Don't forget to flock() in case of truly poor timing.
Make sure your key is in the new set.
If we find the key in our cache, we extract the "n" (we'll call this the 'modulus') and "e" ('exponent') pieces from it and pass those back.
Then we decode the modulus and exponent pieces from base64URL > base64 > unencrypted (plain) text.
Create a new instance of class Crypt_RSA.
Load the numbers you just decrypted into that class as a new key, with types of Math_BigInteger so we can do math on giant numbers. (the second argument is base, so base 256 is a byte, if we are working with BIG integers, use this)
Set our hash and signature mode to match what we have from Google.
Do the verify to ensure we have a valid key.
After this it's up to you what you do with it.
Thank you once again, neubert, for the help!

The problem is that you're not base64-decoding anything relevant.
This worked for me (told me that the signature was valid):
<?php
include('Crypt/RSA.php');
$data = 'eyJhbGciOiJSUzI1NiIsImtpZCI6IjZjNzgxOTQyZDg0OWJhMmVjZGE4Y2VkYjcyZDM0MzU3ZmM5NWIzMjcifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhdWQiOiIxMDQ5MTQ4MTU2NTQ2LTk2YjFxcTJsNTJtODVtODB0ZHVoZHVma2RwODRtN2tuLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTEyNTk4NDgzNjQ2MjY1OTYxNTQwIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF6cCI6IjEwNDkxNDgxNTY1NDYtdjJwZjRlbGhzOGNwcXBlcWZkMzU5am5nOWs5aW5kcTQuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJlbWFpbCI6InRlc3R1c2VydGh4QGdtYWlsLmNvbSIsImlhdCI6MTQ3NDc1NDMzMiwiZXhwIjoxNDc0NzU3OTMyLCJuYW1lIjoiVGVzdCBVc2VyIiwicGljdHVyZSI6Imh0dHBzOi8vbGg0Lmdvb2dsZXVzZXJjb250ZW50LmNvbS8tU0dldkZZRDlaWFEvQUFBQUFBQUFBQUkvQUFBQUFBQUFBQUEvQVBhWEhoUmtuX1hEaEhNLTEzeVMwTUtBcFNrZG1zVEdYdy9zOTYtYy9waG90by5qcGciLCJnaXZlbl9uYW1lIjoiVGVzdCIsImZhbWlseV9uYW1lIjoiVXNlciIsImxvY2FsZSI6ImVuIn0';
$signature = 'btukbBvhek6w14CrBVTGs8X9_IXIHZKpV1NzJ3OgbGUfmoRMirNGzZiFAgrR7COTeDJTamxRzojxxmXx6EEkQqNQcbyN8dO0PTuNt9pujQjLbFw_HBhIFJQaJSR3-tYPN-UtHGQ5JAAySsvCPapXbxyiKzTyvGYRSU65LmyNuiGxe6RQe1zHjq2ABJ4IPRqKPuFupnGRPWYyBSTPU7XQvtfhgyqA0BWZUfmCIFyDxQhvMaXNLTs01gnGVhcUDWZLi9vuUiKUlz3-aSSbwdfCMAljhBHnjpYO6341k5-qmgKkWawv8DX_nMEzntsCMCr664rP4wFEbsRB5ledM9Pc9Q';
$signature = str_replace(['-','_'], ['+','/'], $signature);
$signature = base64_decode($signature);
$n = 's1dt5wFFaYl-Bt7Yb7QgWEatLJfxwWDhbd5yvm2Z4d1PRgNVQa9kwOArQNoOJ-b-oZnXLVFsVASUXEAumGf1ip5TVCQmMBKqlchSDNuoZfoWdpCCX7jx4gNuS43pS6VqV3QDjWnoXRTHaUi5pZEbpAmWpOeG_CfmewNVwBXPFx8-mtvEdtxIrspX4ayXTViR4vHc7MhQhUxllFbocxMjJysDQuZV9wN3MI0lVtQdf52SKJwF3lhvWA9-WAEZ1q8wq-I93Sfte95RaFjDqCH--Sh-8DjhK4OvgItcEGd5QRHjdLvrayPwaDQbpMRN2n3BkVWIxKJubtRiSeWbawCklQ';
$n = str_replace(['-','_'], ['+','/'], $n);
$n = base64_decode($n);
$e = 'AQAB';
$e = base64_decode($e);
$rsa = new Crypt_RSA();
$rsa->loadKey([
'n' => new Math_BigInteger($n, 256),
'e' => new Math_BigInteger($e, 256)
]);
$rsa->setHash('sha256');
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
echo $rsa->verify($data, $signature) ?
'valid' :
'invalid';

Random results in custom encryption / decryption function

Im trying to encrypt data through a custom function i created... (based on base64)
The code works but to a degree... it gives random results (sometimes work and sometimes doesn't).
<?php
set_time_limit(0);
class encryptor{
function encrypt($data){
$all = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!?#,.&*()$; ";
$chars = str_split($all, 1); // Split $all to array of single characters
$text_chars = str_split($data, 1); // Split $data to array of single characters
// Create array of unique results based on the characters from $all
foreach($chars as $char){
$array[$char] = md5(uniqid(rand(), true));
}
// Replace the input text with the results from $array
foreach($text_chars as $text_char){
$data = str_replace($text_char,$array[$text_char], $data);
}
// Encode and compress $array as $solution
$solution = gzcompress(base64_encode(json_encode($array)),9);
// Return the encoded solution + Breaker + encoded and compressed input text
return $solution."BREAKHERE".gzcompress(base64_encode($data),9);
}
function decrypt($data){
// Break the encrypted code to two parts
$exploded = explode('BREAKHERE', $data);
// Decoding the contents
$contents = base64_decode(gzuncompress($exploded[1]));
// Decoding solution ($array)
$solves = json_decode(base64_decode(gzuncompress($exploded[0])),true);
$fliped = array_flip($solves);
// Replace the encrypted data with the solution
foreach($solves as $solve){
$contents = str_replace($solve,$fliped[$solve], $contents);
}
return($contents); // Return decoded data
}
}
$text = "11 1";
$enc = new encryptor();
$encrypted = $enc->encrypt($text);
$decrypted = $enc->decrypt($encrypted);
echo $decrypted;
?>

Since its just for fun, this change appears to make it work:
// Replace the input text with the results from $array
$encrypted = '';
foreach($text_chars as $text_char){
//$data = str_replace($text_char,$array[$text_char], $data);
$encrypted .= $array[$text_char];
}
Running str_replace in the loop results in substitutions of data that have been previously substituted.
Aside from that, to make transport of the encrypted data easier, I'd change:
return $solution."BREAKHERE".gzcompress(base64_encode($data),9);
to:
return base64_encode($solution."BREAKHERE".gzcompress($data,9);
and then make the appropriate changes in the decryptor. The compress data can have null characters and non-printable characters so if you base64 encode the entire result you can pass it around more easily.

php encrypt and decrypt

can anyone tell me how to encrypt and decrypt a URL string ?
I want to encrypt a hyperlink ...

If you can use database,you could create a table to map a file to an id.
Create a 'mapping_table'
id - integer
file_location - string
Your URL would look something like localhost/waterwell/e_book.php?id=12 .

make links that return to your server with querystring GET params identifying the file. the server can then do echo file_get_contents() after you figure out which file from the inputs
In your example it's trivial. simply omit the portion of the url you don't want shown and fill it back in on the server.

$confirmpassword = $_POST['confirmpassword'];
$value_check = true;
$ciphering = "AES-128-CTR";
$options = 0;
$encryption_iv = '1234567891011121';
$encryption_key = "GeeksforGeeks";
$confirmpasswordencryption = openssl_encrypt($confirmpassword, $ciphering,$encryption_key, $options, $encryption_iv);
$encryption = "pABqPJhobIMHzqai"
$ciphering = "AES-128-CTR";
$options = 0;
$decryption_iv = '1234567891011121';
// Store the decryption key
$decryption_key = "GeeksforGeeks";
// Use openssl_decrypt() function to decrypt the data
$decryption=openssl_decrypt ($encryption, $ciphering,
$decryption_key, $options, $decryption_iv);
// Display the decrypted string
echo "Decrypted String: " . $decryption;

Categories