CODEWITHSUNDEEP
phpencryption
Felasfaw
Felasfaw

Reputation: 611

php decrypt encrypted data

After encrypting a string "1234567890", I used hex2bin function to convert the encrypted string into binary format and got "ea359482e4b20603bfe9".

But my attempt to decrypt it back to 1234567890 fails (always get the wired characters).

What am I missing?

Here is a sample.

<?php

$text = "1234567890";
$key = "TestingKey";
echo "SRC: ".$text."<br/>";

$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CFB), MCRYPT_RAND);
$encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CFB, $iv);
//$encrypted = bin2hex($encrypted);
$encrypted = "ea359482e4b20603bfe9"; //this was one of the string that came out.
echo "ENC: ".$encrypted."<br/>";

$encrypted = hex2bin($encrypted);
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted, MCRYPT_MODE_CFB, $iv);
echo "DEC: ".$decrypted."<br/>"; 

function hex2bin($text)
{
    $len = strlen($text); 
    for($i=0;$i<$len;$i+=2)
    {
        $binary .= pack("C",hexdec(substr($text,$i,2))); 
    }
    return $binary; 
}

?>

Thank you!

Upvotes: 0

Views: 2733

Answers (5)

Patrick
Patrick

Reputation: 3450

Why are you using hexbin at all? Just use PHP's mcrypt_decrypt() and mycrypt_encrypt() functions and be done with it. They essentially take the same parameters, the only difference is the state of the data string your passing to it.

PHP.net Says:

mcrypt_encrypt ( string $cipher , string $key , string $data , string $mode [, string $iv ] ) mcrypt_decrypt ( string $cipher , string $key , string $data , string $mode [, string $iv ] )

So here is some sample code I whipped together for you...

<?php
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

$key = "This is a very secret key";
$text = "Meet me at 11 o'clock behind the monument.";

//Lets encrypt it
$encrypted_text = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
echo "Here is the encrypted text: $encrypted_text\n<br>\n";

//Do whatever with it. Store it, transmit it, whatever...

//Ok, I want it back. Lets decrypt it.
$decrypted_text = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted_text, MCRYPT_MODE_ECB, $iv);

//Hooray, the data is back!
?>

Upvotes: 2

salathe
salathe

Reputation: 51950

Change your hex2bin() function to the following, and the rest of your script will work just fine.

function hex2bin($text)
{
    return pack('H*', $text);
}

For what it's worth, the "missing" hex2bin() function was recently added to the PHP source code and will likely be released with PHP 5.4.0.

Upvotes: 3

MacMac
MacMac

Reputation: 35301

You could use two simple functions:

define('SALT', 'your secret salt');

function encrypt($text) 
{ 
    return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SALT, $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)))); 
}

function decrypt($text) 
{ 
    return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, SALT, base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))); 
}

Upvotes: 0

Rudu
Rudu

Reputation: 15894

mcrypt_encrypt already returns the encrypted data as a string - why go through the further conversion? If you're worried about transport (eg email) then you could use base64 encode/decode after encryption, if you're worried about database storage just make sure you escape the string in the SQL (or use database parameters).

Also, "It is better not to use ASCII strings for keys." Try instead:

$key=hash("SHA256", "TestingKey", true);

Upvotes: 0

maaudet
maaudet

Reputation: 2358

For that kind of work I usually use base64_encode and decode and it works with code similar to yours.

Upvotes: 0

Related Questions