Thursday, 15 August 2013

Cannot use a constant IV key and a produced ENCRYPT_KEY in php mcrypt -



Cannot use a constant IV key and a produced ENCRYPT_KEY in php mcrypt -

i know constant iv key wrong , random key must generated. i, need have been assigned this. have searched on net on how deal failed. code below, , advice apprecieted.

here's whole code functions

define('encryption_key', 'itu2njnhi0toc2fmzexotq=='); //encryption key // encrypt function function mc_encrypt($encrypt, $key) { //do not set encryption_key here $encrypt = serialize($encrypt); $iv = mcrypt_create_iv(mcrypt_get_iv_size(mcrypt_rijndael_256, mcrypt_mode_cbc), mcrypt_rand); //$iv = ('aaaaaaaaaaaaaaaaaaaaaa=='); $key = pack('h*', $key); $mac = hash_hmac('sha256', $encrypt, substr(bin2hex($key), -32)); $passcrypt = mcrypt_encrypt(mcrypt_rijndael_256, $key, $encrypt.$mac, mcrypt_mode_cbc, $iv); $encoded = base64_encode($passcrypt).'|'.base64_encode($iv); homecoming $encoded; //return base64_encode($encoded).':'.$iv; } // decrypt function function mc_decrypt($decrypt, $key) { $decrypt = explode('|', $decrypt); $decoded = base64_decode($decrypt[0]); $iv = base64_decode($decrypt[1]); if(strlen($iv) !== mcrypt_get_iv_size(mcrypt_rijndael_256, mcrypt_mode_cbc)) { homecoming false; } $key = pack('h*', $key); $decrypted = trim(mcrypt_decrypt(mcrypt_rijndael_256, $key, $decoded, mcrypt_mode_cbc, $iv)); $mac = substr($decrypted, -64); $decrypted = substr($decrypted, 0, -64); $calcmac = hash_hmac('sha256', $decrypted, substr(bin2hex($key), -32)); if($calcmac !== $mac) { homecoming false; } $decrypted = unserialize($decrypted); homecoming $decrypted; } echo '<h1>sample encryption</h1>'; $data = 'patrick'; $encrypted_data = mc_encrypt($data, encryption_key); echo '<h2>example #1: string data</h2>'; echo 'data encrypted: ' . $data . '<br/>'; echo 'encrypted data: ' . $encrypted_data . '<br/>'; echo 'decrypted data: ' . mc_decrypt($encrypted_data, encryption_key) . '</br>';

if utilize error

warning: pack(): type h: illegal hex digit in c:\xampp\htdocs\sample1\test.php on line 24

and when utilize the

$iv = ('aaaaaaaaaaaaaaaaaaaaaa==');

instead of this

$iv = mcrypt_create_iv(mcrypt_get_iv_size(mcrypt_rijndael_256, mcrypt_mode_cbc), mcrypt_rand);

while have both

define('encryption_key', 'd0a7e7997b6d5fcd55f4b5c32611b87cd923e88837b63bf2941ef819dc8ca282'); //encryption key

this error

warning: mcrypt_encrypt(): iv parameter must long blocksize in c:\xampp\htdocs\sample1\test.php on line 26

this working , tested code on php 5.3.18. demonstration @ viper-7

1) uses required base64 encoded 'aaaaaaaaaaaaaaaaaaaaaa==', iv ('salt'), when converted string 16 bytes of binary zeroes. need 32 bytes concatenate create required length.

2) there 2 supplied keys:

1) base64 encoded: 'itu2njnhi0toc2fmzexotq==', 'typical' high quality password string 16 bytes long. needs converted hex string encryption functions.

2) hexadecimal literal: 'd0a7e7997b'...

please note: supplied keys, hex strings, not equal each other!

this not impact routines, aware same key must used encrypt / decrypt.

the routines:

// encrypt function - $key must hexadecimal string function mc_encrypt($encrypt, $key) { //do not set encryption_key here $encrypt = serialize($encrypt); // $iv = mcrypt_create_iv(mcrypt_get_iv_size(mcrypt_rijndael_256, mcrypt_mode_cbc), mcrypt_rand); $iv = base64_decode(encryption_iv); // convert binary string $actualiv = $iv . $iv; // 16 bytes of binary characters double $key = pack('h*', $key); // convert key binary string $mac = hash_hmac('sha256', $encrypt, substr(bin2hex($key), -32)); $passcrypt = mcrypt_encrypt(mcrypt_rijndael_256, $key, $encrypt.$mac, mcrypt_mode_cbc, $actualiv); $encoded = base64_encode($passcrypt).'|'.base64_encode($iv); homecoming $encoded; }

note '$actualiv' 'trick' 32 bytes required. however, work if different 16 byte iv's used.

caveats: of import different (random) iv's used when encrypting otherwise identical messages encrypt same ciphertext when same key used. utilize 16 byte iv's in routine tempted generate random iv , utilize first 16 bytes of concatenated used currently.

i.e. replace code:

$iv = base64_decode(encryption_iv); // convert binary string

with:

$iv = mcrypt_create_iv(mcrypt_get_iv_size(mcrypt_rijndael_256, mcrypt_mode_cbc), mcrypt_rand); $iv = substr($iv, 0, 16);

cbc mode , 'padding oracle attacks' looks though not issue if utilize php exclusively. there may issues decrypting on different systems. link explains issues: cryptography/des-php-block-padding-in-mcrypt.html

// decrypt function - - $key must hexadecimal string function mc_decrypt($decrypt, $key) { $decrypt = explode('|', $decrypt); $decoded = base64_decode($decrypt[0]); $iv = base64_decode($decrypt[1]); $actualiv = $iv . $iv; // create long plenty , match original iv used. if(strlen($actualiv) !== mcrypt_get_iv_size(mcrypt_rijndael_256, mcrypt_mode_cbc)){ homecoming false; } $key = pack('h*', $key); $decrypted = trim(mcrypt_decrypt(mcrypt_rijndael_256, $key, $decoded, mcrypt_mode_cbc, $actualiv)); $mac = substr($decrypted, -64); $decrypted = substr($decrypted, 0, -64); $calcmac = hash_hmac('sha256', $decrypted, substr(bin2hex($key), -32)); if($calcmac!==$mac) { homecoming false; } $decrypted = unserialize($decrypted); homecoming $decrypted; }

note '$iv' concatenated 32 bytes required.

defined keys:

define('encryption_b64key', 'itu2njnhi0toc2fmzexotq=='); //encryption key define('encryption_iv', 'aaaaaaaaaaaaaaaaaaaaaa=='); define('encryption_hexkey', 'd0a7e7997b6d5fcd55f4b5c32611b87cd923e88837b63bf2941ef819dc8ca282'); //encryption key

examples using both supplied keys:

echo '<h1>sample encryption</h1>'; $data = 'patrick'; echo '<h2>example #1: using base64 encoded key (encryption_b64key)</h2>'; $b64hexkey = bin2hex(base64_decode(encryption_b64key)); $encrypted_data = mc_encrypt($data, $b64hexkey); echo 'data encrypted: ' . $data . '<br/>'; echo 'encrypted data: ' . $encrypted_data . '<br/>'; echo 'decrypted data: ' . mc_decrypt($encrypted_data, $b64hexkey) . '</br>'; echo '<h2>example #2 using hexadecimal key (encryption_hexkey)</h2>'; $hexkey = encryption_hexkey; $encrypted_data = mc_encrypt($data, $hexkey); echo 'data encrypted: ' . $data . '<br/>'; echo 'encrypted data: ' . $encrypted_data . '<br/>'; echo 'decrypted data: ' . mc_decrypt($encrypted_data, $hexkey) . '</br>';

output above:

sample encryption illustration #1: using base64 encoded key (encryption_b64key) info encrypted: patrick encrypted data: /7qkjopnnigvetho0nnkxfslfihe72de1q85qwi/d16j4bzlaqir7jpap0j2wcdhygk+is4zf1opzork9ignperkh+owjkoeo/dejhxuavxos03+uqti8i13ageb6wau|aaaaaaaaaaaaaaaaaaaaaa== decrypted data: patrick illustration #2 using hexadecimal key (encryption_hexkey) info encrypted: patrick encrypted data: iaycpfnohuehkht+bira2tzbrlljfxkao5prgbmkvlytolzr9l6ibri8zudsgvdzym26qd89hkzxnvpbbssoktcaztf9akza8ipa3r0jvgisfldrddhx8czyd+gfr9bv|aaaaaaaaaaaaaaaaaaaaaa== decrypted data: patrick

php mcrypt

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)