Reputation: 46060
Is it safe to trim a decrypted string?
I am encrypting and decrypting a string using:
$key = 'my key';
$data = 'my string';
$ivSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($ivSize, MCRYPT_DEV_URANDOM);
$encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_CBC, $iv);
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted, MCRYPT_MODE_CBC, $iv);
$data = trim($decrypted, chr(0));
http://codepad.viper-7.com/1JgCRs
Is it safe to just trim off the padding added by the encryption algorithm, or is it necessary to store the length of the data before encrypting?
Upvotes: 1
Views: 195
Answers (2)
Reputation: 4996
Padding is added on the right normally, so consider rtrim():
$data = rtrim($decrypted, chr(0));
However this is still not yet perfectly safe because in PHP strings can contain NUL-bytes. If for some reason the plain did had NUL-bytes at the end, the rtrim will remove the padding and those previous NUL-bytes.
Upvotes: 1
Reputation: 1390
You are trimming the value after you decrypt so you won't run into ay issues with the current code.
If you try to re-encrypt the different, trimmed data, you will get a different encrypted value.
Upvotes: 2
Related Questions
- decrypt string in AES using php
- Should I Trim the Decrypted String after mcrypt_decrypt?
- Is php trim mb safe
- Using phpseclib AES to encrypt string
- PHP Mcrypt_decrypt decrypt only parts of the original string
- Remove Special character when decrypt by editing encrypt string
- Decrypted string is sometimes not same as encrypted source
- PHP decryption fails on some strings with trim()'s
- Rijndael-256 encryption - Padding on end of decrypted string
- Is Trim not good enough for my requirement?