[SOLVED] Unusual encryption results with php's mcrypt
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
[SOLVED] Unusual encryption results with php's mcrypt
I have a simple class that encrypts strings. It seemed to be working fine until I tried to compare the decrypted values to the original. below is the output of the php code. It appears to be decrypted but the length is incorrect.
String Before Encryption: a text string
String Length Before Encryption: 13
String After Encryption: rew2iSYotruIpmJ3llos3A==
String Length After Encryption: 24
String After Decryption: a text string
String Length After Decryption: 16
Any insight would be very helpful, thanks.
Code:
<?
class Encryption
{
private $key;
public function __construct($key='Some_Encryption_Key')
{
$this->key = $key;
}
public function encrypt( $string )
{
return base64_encode
(
mcrypt_encrypt
(
MCRYPT_RIJNDAEL_128,
$this->key,
$string,
MCRYPT_MODE_ECB
)
);
}
public function decrypt( $string )
{
return mcrypt_decrypt
(
MCRYPT_RIJNDAEL_128,
$this->key,
base64_decode( $string ),
MCRYPT_MODE_ECB
);
}
}
$e = new Encryption();
$string = 'a text string';
echo "String Before Encryption: $string <br>";
echo 'String Length Before Encryption: ' . strlen($string) . "<br><br>";
$string = $e->encrypt($string);
echo "String After Encryption: $string <br>";
echo 'String Length After Encryption: ' . strlen($string) . "<br><br>";
$string = $e->decrypt($string);
echo "String After Decryption: $string <br>";
echo 'String Length After Decryption: ' . strlen($string) . "<br><br>";
?>
Same results when calling functions directly:
Encrypted Using mcrypt function directly: ì6‰&(¶»ˆ¦bw–Z,Ü
Decrypted Using mcrypt function directly: a text string
String After Decryption: a text string
String Length After Decryption: 16
Code:
$string = 'a text string';
$key = 'Some_Encryption_Key';
$string = mcrypt_encrypt
(
MCRYPT_RIJNDAEL_128,
$key,
$string,
MCRYPT_MODE_ECB
);
echo "Encrypted Using mcrypt function directly: $string <br>";
$string = mcrypt_decrypt
(
MCRYPT_RIJNDAEL_128,
$key,
$string,
MCRYPT_MODE_ECB
);
echo "Decrypted Using mcrypt function directly: $string <br>";
echo "String After Decryption: $string <br>";
echo 'String Length After Decryption: ' . strlen($string) . "<br><br>";
Last edited by action_owl; 05-31-2010 at 12:36 AM.
Reason: typo
Well on initial inspection I would say that your manual method is not the same as there is no reference to the use of base64_[en|de]code.
If you utilise these functions is your data still correct with the manual method?
The data is still not returned correctly when using base64_[en|de]code and calling the functions directly.
Encrypted Using mcrypt function directly: rew2iSYotruIpmJ3llos3A==
Decrypted Using mcrypt function directly: a text string
String After Decryption: a text string
String Length After Decryption: 16
Code:
// with base64_[en|de]code
$string = 'a text string';
$key = 'Some_Encryption_Key';
$string = base64_encode
(
mcrypt_encrypt
(
MCRYPT_RIJNDAEL_128,
$key,
$string,
MCRYPT_MODE_ECB
)
);
echo "Encrypted Using mcrypt function directly: $string <br>";
$string = mcrypt_decrypt
(
MCRYPT_RIJNDAEL_128,
$key,
base64_decode( $string ),
MCRYPT_MODE_ECB
);
echo "Decrypted Using mcrypt function directly: $string <br>";
echo "String After Decryption: $string <br>";
echo 'String Length After Decryption: ' . strlen($string) . "<br><br>";
Last edited by action_owl; 05-30-2010 at 10:12 PM.
hmmm ... I have not played a lot with php but when doing a similar exercise in Python you are required to supply the padding for some of the encryption methods.
I noticed after reading a little on mcrypt that it automatically pads for you, so I am wondering if it is this padding that you are getting in the length?
What happens if you try a slightly shorter or longer string? (maybe try 16 characters first to see if that shows us something?)
If I use base64_[en|de]code on the string before and after encrypting,then it will produce the proper results, though I'm not exactly sure why I have to do this. Perhaps mcrypt requires a base64_encoded string to begin with?
Encrypted Using mcrypt function directly: pzQc7oBucoR7KBh+el31g0Rl5dZTwfPDSrNoy8Y9LHc=
Decrypted Using mcrypt function directly: a text string
String After Decryption: a text string
String Length After Decryption: 13
Code:
$string = base64_encode('a text string');
$key = 'Some_Encryption_Key';
$string = base64_encode
(
mcrypt_encrypt
(
MCRYPT_RIJNDAEL_128,
$key,
$string,
MCRYPT_MODE_ECB
)
);
echo "Encrypted Using mcrypt function directly: $string <br>";
$string = mcrypt_decrypt
(
MCRYPT_RIJNDAEL_128,
$key,
base64_decode( $string ),
MCRYPT_MODE_ECB
);
$string = base64_decode($string);
echo "Decrypted Using mcrypt function directly: $string <br>";
echo "String After Decryption: $string <br>";
echo 'String Length After Decryption: ' . strlen($string) . "<br><br>";
hmmm ... I have not played a lot with php but when doing a similar exercise in Python you are required to supply the padding for some of the encryption methods.
I noticed after reading a little on mcrypt that it automatically pads for you, so I am wondering if it is this padding that you are getting in the length?
What happens if you try a slightly shorter or longer string? (maybe try 16 characters first to see if that shows us something?)
I think this is what's happening.
I get proper string length returned with strings that are 16 or 32 characters in length but incorrect results with 13 and 31.
Here's is the properly working encryption class:
Code:
class Encryption
{
private $key;
public function __construct($key='Some_Encryption_Key')
{
$this->key = $key;
}
public function encrypt( $string )
{
return base64_encode
(
mcrypt_encrypt
(
MCRYPT_RIJNDAEL_128,
$this->key,
base64_encode( $string ),
MCRYPT_MODE_ECB
)
);
}
public function decrypt( $string )
{
return base64_decode
(
mcrypt_decrypt
(
MCRYPT_RIJNDAEL_128,
$this->key,
base64_decode( $string ),
MCRYPT_MODE_ECB
)
);
}
}
Last edited by action_owl; 05-31-2010 at 12:35 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
I thought you had said it was working manually (RTFQ)
