0

I am using this code to decrypt the information sent by GET on the other hand: 

$key              ="key";
$ema              =$_GET['email'];
$iv               =$_GET['iv'];
$ema              =substr($ema,1,-1);
$iv               =substr($iv,1,-1);
$ema              =rawurldecode($ema);
$cipher_alg       = MCRYPT_RIJNDAEL_128;
$decrypted_string = mcrypt_decrypt($cipher_alg, $key, $ema, MCRYPT_MODE_CBC, $iv);

echo $decrypted_string;

For example, this outputs hello@xyz.com. However when i compare this string with if statement:

if($decrypted_string=="hello@xyz.com")
echo "Match";
else
echo "No match";

This outputs a strange answer No match. I am unable to get why is it happening. This is the result of var_dump($decrypted_string):

string(32) "priyam@itbhu.ac.in"
j0k
  • 22,600
  • 28
  • 79
  • 90
user2003663
  • 45
  • 1
  • 9

2 Answers2

1

Note that mcrypt_decrypt will be padded to blocksize of the mode, as stated on http://php.net/manual/en/function.mcrypt-decrypt.php

The data that will be decrypted with the given cipher and mode. If the size of the data is not n * blocksize, the data will be padded with '\0'.

One solution is to trim the data after decrypting if you can guarantee that the original data should never end with trailing whilespaces, if not you could dedicate the first few bytes to the length of the original data and use that after decryption. Note that as the blocksize you chose is 128 bit, the data will be a multiple of 32 bytes (8 bits to a byte).

Elliot Levin
  • 450
  • 1
  • 4
  • 17
0

If I follow your question correctly, you get false because "hello@xyz.com" is different from "priyam@itbhu.ac.in". If something decrypts to something readable, you can be pretty sure that the input and key was correct, otherwise it would fail or - in case of the ill written crypto functions of PHP that don't un-pad - show garbage.

So the input is different from the string you are expecting.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263