squinky86 Posted February 15, 2008 Share Posted February 15, 2008 I am having much difficulty with string encryption in PHP. Take the following scenario: //Thanks to mre@reinhardt.info for this function. function AESEncrypt($text, $password) { $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); $iv = mcrypt_create_iv($size, MCRYPT_DEV_URANDOM); return mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $password, $text, MCRYPT_MODE_ECB, $iv); } //Thanks to mre@reinhardt.info for this function. function AESDecrypt($encrypted_text, $password) { $size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); $iv = mcrypt_create_iv($size, MCRYPT_DEV_URANDOM); return mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $password, $encrypted_text, MCRYPT_MODE_ECB, $iv); } //AES Encryption Passwords: KEEP THESE SECRET AND SECURE $AESServerKey = 'MLtZ}(=='; $AESClientKey = 'saO32.>>'; //string to encode $toEncode = "See Spot Run."; echo "Checking PHP server key..."; $encoded = AESEncrypt($toEncode, $AESServerKey); $decoded = AESDecrypt($encoded, $AESServerKey); if (strcmp($toEncode, $decoded) == 0) { echo "ok!\n"; } else { echo "FAILED(".strcmp($toEncode, $decoded).")!\n"; echo "Original: --$toEncode--\n"; echo "Encoded: --".bin2hex($encoded)."--\n"; echo "Decoded: --$decoded--\n"; } echo "Checking PHP client key..."; $encoded = AESEncrypt($toEncode, $AESClientKey); $decoded = AESDecrypt($encoded, $AESClientKey); if (strcmp($toEncode, $decoded) == 0) { echo "ok!\n"; } else { echo "FAILED(".strcmp($toEncode, $decoded).")!\n"; echo "Original: --$toEncode--\n"; echo "Encoded: --".bin2hex($encoded)."--\n"; echo "Decoded: --$decoded--\n"; } ?> outputs the following: Checking PHP server key...FAILED(-3)! Original: --See Spot Run.-- Encoded: --9182b9639292aa05bd440a29e78f3e1e-- Decoded: --See Spot Run.-- Checking PHP client key...FAILED(-3)! Original: --See Spot Run.-- Encoded: --235f2d545623280b68c61051bec7e74d-- Decoded: --See Spot Run.-- I am trying to actually use this in conjunction with a MySQL database. Note that the encrypted string is stored as: UPDATE users SET password = AES_ENCRYPT('TestPass') WHERE username = 'testuser' LIMIT 1; Whenver I pull the data from the database and try to decrypt it with this code: echo "Obtaining information from database..."; $query = "SELECT password FROM users WHERE username = '".Queryize($username)."'"; $result = $mdb2->query($query); if (PEAR::isError($result)) { echo "FAIL!\n"; exit(1); } echo "ok!\n"; echo "Checking password equivalence..."; $dbPass = $result->fetchOne(); $encryptedPass = AESEncrypt($password, $AESServerKey); $decryptedDbPass = AESDecrypt($dbPass, $AESServerKey); if ($decryptedDbPass == $password) { echo "ok!\n"; } else { echo "FAIL!\n"; echo "dbPassword: --".bin2hex($dbPass)."--\n"; echo "encryptedPass: --".bin2hex($encryptedPass)."--\n"; echo "decryptedDbPass: --$decryptedDbPass--\n"; echo "decryptedPass: --$password--\n"; } I obtain the following result: Obtaining information from database...ok! Checking password equivalence...FAIL! dbPassword: --998f63867971939b3be6fdc606eb2a55-- encryptedPass: --3775da514a4394dbe03ac9478e8924f4-- decryptedDbPass: ----stPass decryptedPass: --TestPass-- Note how close the PHP AESDecrypt function came to actually decrypting the string stored in the MySQL database. I know I'm close, but have probably done something stupid. Anyone want to lend a pointer on what I'm doing wrong? Quote Link to comment Share on other sites More sharing options...
squinky86 Posted February 15, 2008 Author Share Posted February 15, 2008 I had the AES keys wrong in the example above. The actual AES keys that generated the output above are: $AESServerKey = 'ML*r}(l='; $AESClientKey = '--R[8BCA';[/code I guess what I'm trying to ask is, when is "See Spot Run." not the same as "See Spot Run."? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.