Encryption with Checksum
Posted: Tue Sep 01, 2009 3:53 pm
Hi,
I'm using the following methods to encrypt/decrypt a string. They're modified versions of functions from the php.net website:
I've been modifying it tonight to include a checksum at the end of the string, before encryption. Then the string is decrypted, and the checksum verified to ensure the string was fiddled before decryption.
What I've written above works very well, but being the fussy sod I am I'm trying to see how I can improve it.
Put simply, I'm toying with including an entire SHA1 hash of the original string, before encrypting it, which is absolutely insane. Surely the standard MCRYPT class can return a result of whether or not the decryption was successful, without me having to do all this? I don't particularly need high security but I only want to write this once and I could re-use it in the future.
I'm using the following methods to encrypt/decrypt a string. They're modified versions of functions from the php.net website:
Code: Select all
function crc($str, $crc_len=2) {
$result = base_convert(sha1($str),10,36);
return substr($result,0,$crc_len);
}
function encrypt($text, $short=false){
if (!$text) return false;
$blocksize = ($short==false) ? MCRYPT_RIJNDAEL_256 : MCRYPT_RIJNDAEL_128;
$crc_len = ($short==false) ? 6 : 2;
$checksum = crc($text, $crc_len);
$text = $text . $checksum; // add the checksum to the end of the string so we can verify decryption
$key = '8idf33jkf0Kjd'; // the cipher key
$iv_size = mcrypt_get_iv_size($blocksize, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$crypttext = mcrypt_encrypt($blocksize, $key, $text, MCRYPT_MODE_ECB, $iv);
return trim(base64_encode($crypttext));
}
// Decrypt a string.
// Short parameter denotes whether 128 or 256 bit encryption was used as well as
// the size of the checksum
function decrypt($text, $short=false){
if (!$text) return false;
$blocksize = ($short==false) ? MCRYPT_RIJNDAEL_256 : MCRYPT_RIJNDAEL_128;
$crc_len = ($short==false) ? 6 : 2;
$key = '8idf33jkf0Kjd'; // the cipher key
$crypttext = base64_decode($text); // decode encrypted string
$iv_size = mcrypt_get_iv_size($blocksize, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$decrypttext = mcrypt_decrypt($blocksize, $key, $crypttext, MCRYPT_MODE_ECB, $iv);
$result = trim($decrypttext);
$checksum = substr($result,strlen($result)-$crc_len); // split the decrypted string and the checksum
$result = substr($result,0,strlen($result)-$crc_len);
return ($checksum == crc($result, $crc_len)) ? $result : "error";
}
What I've written above works very well, but being the fussy sod I am I'm trying to see how I can improve it.
Put simply, I'm toying with including an entire SHA1 hash of the original string, before encrypting it, which is absolutely insane. Surely the standard MCRYPT class can return a result of whether or not the decryption was successful, without me having to do all this? I don't particularly need high security but I only want to write this once and I could re-use it in the future.