Page 1 of 1

Decrypting encrypted values

Posted: Tue Dec 07, 2004 11:12 am
by braino
I am using the saferplus algorithm with the CBC cypher.

I have no problem encrypting a string, but can never seem to decrypt the encrypted string; any attempt at such resluts in an even more encrypted string.

I am using code straight out of the PHP manual. If I use the entire exaple block of code from the manual, the encryption/decryption works just fine:

Code: Select all

/* Open the cipher */
    $td = mcrypt_module_open('saferplus', '', 'cbc', '');

    /* Create the IV and determine the keysize length, used MCRYPT_RAND
     * on Windows instead */
    $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
    $ks = mcrypt_enc_get_key_size($td);
	
    /* Create key */
    $key = substr(md5('very secret key'), 0, $ks);

    /* Intialize encryption */
	
    /* Encrypt data */
    $encrypted = mcrypt_generic($td, $_POSTї'OriginalString']);

    /* Terminate encryption handler */
    mcrypt_generic_deinit($td);

    /* Initialize encryption module for decryption */
    mcrypt_generic_init($td, $key, $iv);

    /* Decrypt encrypted string */
    $decrypted = mdecrypt_generic($td, $encrypted);

    /* Terminate decryption handle and close module */
    mcrypt_generic_deinit($td);
    mcrypt_module_close($td);
However, when attempt to break this procedure into two seperate functions, the decryption function doesn't work at all:

Code: Select all

function EncryptData($unpw)
	{
		/* Open the cipher */
		$td = mcrypt_module_open('saferplus', '', 'cbc', '');
	
		/* Create the IV and determine the keysize length, used MCRYPT_RAND
		 * on Windows instead */
		$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
		$ks = mcrypt_enc_get_key_size($td);
	
		/* Create key */
		$key = substr(md5('relativity'), 0, $ks);
	
		/* Intialize encryption */
		mcrypt_generic_init($td, $key, $iv);
	
		/* Encrypt data */
		
		$this->enc_unpw = mcrypt_generic($td, $unpw);
		//echo "this string has been encrypted: " . $this->enc_unpw . "<br />";
		
		mcrypt_generic_deinit($td);
		mcrypt_module_close($td);
	&#125;

function DecryptCookieData($auth)
	&#123;
		$td = mcrypt_module_open('saferplus', '', 'cbc', '');
	
		/* Create the IV and determine the keysize length, used MCRYPT_RAND
		 * on Windows instead */
		$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
		$ks = mcrypt_enc_get_key_size($td);
	
		/* Create key */
		$key = substr(md5('relativity'), 0, $ks);
	
		/* Initialize encryption module for decryption */
		mcrypt_generic_init($td, $key, $iv);
	
		/* Decrypt encrypted string */
		$this->unpw = mdecrypt_generic($td, $auth);
		echo $this->unpw . '<br />';
		$this->unpw = trim($this->unpw);
		
		echo $auth . '..........';
		echo $this->unpw;
		
		/* Terminate decryption handle and close module */
		mcrypt_generic_deinit($td);
		mcrypt_module_close($td);
	&#125;
What am i doing wrong?

Posted: Thu Dec 09, 2004 4:07 pm
by skehoe
I'm no pro with encryption, but it seems like you're allowing for a random element (MCRYPT_DEV_RANDOM) during key generation and this is most likely causing your keys to generate differently. So the key you're trying to use to decipher the text is not the same one you're using to create the cipher...

You may want to try using a seperate function to generate the key and have it returned to your script so that you can be sure your using the same one for both cipher and decipher.

Hope that helps,

~Scott