Page 1 of 1

Question regarding encrypt/decrypt

Posted: Mon Feb 16, 2004 2:23 pm
by johnperkins21
I have an old Perl script that someone wrote that I am trying to convert to PHP. I am having trouble with the decryption portion of the script as I am fairly new to PHP and especially encryption.

Here is the original Perl script that works:

Code: Select all

$CCNumber='';
				if($header_dataї8] ne '') {

					my $mcrypt_module=Mcrypt::mcrypt_load(Mcrypt::3DES,'',Mcrypt::CBC,'');
					my $CCIV=decode_base64($header_dataї8]);
					my $CCKey=substr(md5_hex($header_dataї2].$header_dataї3]),0,24);

					$CCNumber=decode_base64($header_dataї6]);

					Mcrypt::mcrypt_init($mcrypt_module,$CCKey,$CCIV);
					$CCNumber=Mcrypt::mcrypt_decrypt($mcrypt_module,$CCNumber);

					Mcrypt::mcrypt_end($mcrypt_module);
				}
				else {
					$header_dataї6]=~tr/0-9//cd;
					$CCNumber=$header_dataї6];
				}

And here is my php code that I got from looking through the manual and trying to decipher what I'm supposed to do.

Code: Select all

<?php 
$CCNumber = ''; #line 96
		if ($order_data[8] != '') {
			$mcrypt_module = mcrypt_module_open(MCRYPT_DES, '',MCRYPT_MODE_ECB, '');

			$CCIV = base64_decode($order_data[8]);
			$CCKey = substr(md5($order_data[2].$order_data[3]),0,24);
		
			$CCNumber = base64_decode($order_data[6]);
			
			mcrypt_generic_init($mcrypt_module,$CCKey,$CCIV); #line 105
			$CCNumber = mdecrypt_generic($mcrypt_module,$CCNumber);
			
			mycrpt_generic_deinit($mcrypt_module); #line 108
			mcrypt_module_close($mcrypt_module);
		}

?>
The errors I'm getting are as follows:

Warning: mcrypt_generic_init(): Key size too large; supplied length: 24, max: 8 in /home/dd2000_stage/control/view_order.php on line 105

Fatal error: Call to undefined function: mycrpt_generic_deinit() in /home/dd2000_stage/control/view_order.php on line 108


Any help or nudge in the right direction would be greatly appreciated. I looked through the manual, but I'm still pretty darn lost. Thanks.

Posted: Mon Feb 16, 2004 4:08 pm
by johnperkins21
Ok,
I messed around with it a little bit and got rid of the errors. Now it's showing me a number, but it still looks encrypted.

Here is the new code:

Code: Select all

<?php
$CCNumber = '';
		if ($order_data[8] != '') {
			$mcrypt_module = mcrypt_module_open(MCRYPT_DES, '',MCRYPT_MODE_ECB, '');

			$CCIV = base64_decode($order_data[8]);
			$CCKey = substr(md5($order_data[2].$order_data[3]),0,8);
		
			$CCNumber = base64_decode($order_data[6]);
			
			mcrypt_generic_init($mcrypt_module,$CCKey,$CCIV);
			$CCNumber = mdecrypt_generic($mcrypt_module,$CCNumber);
			
			
			mcrypt_module_close($mcrypt_module);
		}

echo $CCNumber;
?>
and here is the output:
CC Number: áGj§;¤U¯.HQºon


Any ideas?? I appreciate any help in the right direction.

Posted: Mon Feb 16, 2004 4:55 pm
by DuFF
Did you encrypt it the same way you are decrypting it?

From PHP.net
It [the IV] needs to be random and unique (but not secret). The same IV must be used for encryption/decryption. If you do not want to use it you should set it to zeros, but this is not recommended.

Posted: Mon Feb 16, 2004 5:23 pm
by johnperkins21
I believe that it is being done the same way. I say that because the perl script worked. I'm am just trying to get the conversion right.

This is the encryption method:

Code: Select all

<?php
	$header_data=mysql_fetch_row($header_handle);
					$CCKey=substr(md5($header_data[0].$header_data[1]),0,24);
					$mcrypt_module=mcrypt_module_open(MCRYPT_TripleDES,"",MCRYPT_MODE_CBC,"");
					srand((float)microtime()*1000000);

					$CCIV=mcrypt_create_iv(mcrypt_enc_get_iv_size ($mcrypt_module),MCRYPT_RAND);
					mcrypt_generic_init($mcrypt_module,$CCKey,$CCIV);

					$CCNumber=base64_encode(mcrypt_generic($mcrypt_module,$CCNumber));
					$CCIV=base64_encode($CCIV);
					$update_handle=mysql_query("UPDATE Order_Header set CCNumber='$CCNumber',CCIV='$CCIV' where OrderNumber=$order_number");

					mcrypt_generic_end($mcrypt_module);
					mcrypt_module_close($mcrypt_module);
					$OrderNotWritten=0;?>
There's a whole lot of stuff there I just don't get. I know absolutely nothing about Perl, and am still new to PHP. Thanks for your help.


*Edited - had the wrong encryption code in there. My bad.

Solved

Posted: Mon Feb 16, 2004 6:17 pm
by johnperkins21
It's working now. Just needed to keep looking at it from different angles.

Code: Select all

<?php
$CCNumber = '';
		if ($order_data[8] != '') {
			$mcrypt_module = mcrypt_module_open(MCRYPT_TripleDES, "",MCRYPT_MODE_CBC, "");

			$CCIV = base64_decode($order_data[8]);
			$CCKey = substr(md5($order_data[2].$order_data[3]),0,24);
		
			$CCNumber = base64_decode($order_data[6]);
			
			mcrypt_generic_init($mcrypt_module,$CCKey,$CCIV);
			$CCNumber = mdecrypt_generic($mcrypt_module,$CCNumber);
			
			
			mcrypt_module_close($mcrypt_module);
		}
?>
I still don't quite understand it yet. But I'm working on it. Thanks for looking at the code.