Page 1 of 1

mysql DES revisited [closed, no solution]

Posted: Sun Jan 08, 2006 11:00 am
by trukfixer
Hi Y'all. Thanks to Feyd I got the DES algorithm function working as desired, now, however I've been told it needs to decrypt data that was encrypted by MySQL's des_encrypt function..

(we wanted to upgrade our MYSQL on the server where we use it, but because of the fact that mysql with openssl is no longer supported , we cannot do that until we have a suitable replacement)

I already know we can simply use the existing mysql and decrypt the data, and re-encrypt it using the new function already written. However, that is "plan Z" (last resort option) , according to my employer, so what I need to do is develop a des decrypt and encrypt function that will *exactly* match the mysql des_encrypt and des_decrypt functions.

In other words, an exact drop in.

I have the known key with which the original data was encrypted , and I have some sample data to work with, and all else being equal, it appears I need one or both of the following:

I need the correct mcrypt_encrypt constant , and I need to determine the correct I.V. (Initialization Vector) to pass to the mcrypt_decrypt function that will exactly match MySQL's des_encrypt algorithm..

So far in reading both mysql manual and php manual, I cannot locate this information..

Would anyone here have even an inkling , if not having already accomplished it??

the following mysql query:

Code: Select all

$sql = "select des_encrypt('known string','known_key') as encrypted";
Gives me data 'x' , and I need to be able to *DECRYPT* that data using something like this:

Code: Select all

function des_decrypt($string,$key)
{
    $iv_size = mcrypt_get_iv_size(MCRYPT_TRIPLEDES,  MCRYPT_MODE_CFB);  //returns integer  8
    $iv = mcrypt_create_iv($iv_size); //returns a binary value
    $cleartext = mcrypt_decrypt(MCRYPT_TRIPLEDES, $key, $string,  MCRYPT_MODE_CFB, $iv);
    return $cleartext;
}
echo des_decrypt('mysql_raw_encrypted_data','known_key');
and the echo of the value returned should *precisely* match (It's ok if \0 is appended , I can easily trim that off after) the original data ('known_string') that was encrypted by mysql above..

I believe I need to know what values to apply to the following parts of my des_decrypt function:

Code: Select all

MCRYPT_TRIPLEDES
MCRYPT_MODE_CFB
and/ or $iv part from mcrypt_decrypt(MCRYPT_TRIPLEDES, $key, $string,  MCRYPT_MODE_CFB, $iv);
I am hoping that someone knows the correct values that would duplicate mysql's des_encrypt /des_decrypt algorithm... So far, I have not been able to duplicate it...

Any takers ?

Posted: Sun Jan 08, 2006 1:10 pm
by Weirdan
I'm much better at googling than at crypto stuff... I think you may find this link: http://leithal.cool-tools.co.uk/sourced ... crypt.html very useful.

Posted: Sun Jan 08, 2006 3:18 pm
by trukfixer
Ummm.. That is for MySQL 5 ...

I'm working with MySQL 4.0.23.. the liunk did get me a few clues to look for further, but still nothing definitive... (I dont code much C++)

Unsolved, closed

Posted: Sun Jan 08, 2006 5:41 pm
by trukfixer
Oh well. in teh end, we decided to merely use last resort , and just decrypt teh data with the existing mysql function, an dthen encrypt with php functions and store to a new field in the database , which we will use to "merge over" the whole, so we can keep our customer data secure and online without downtime while we unit test the new functions and put em through their paces.. also have to write equivalents in perl and python now that will exactly match the php functions :) (whee what fun!) Either way, case closed, but never did solve the "decrypt the encrypted mysql" issue.. :)

Thanks for the inputs!
Bri!