0

I am using two simple functions to encrypt and decrypt passwords. But the decrypt function is not working right. Here's my output:

Encrypted: �\� ���#�%\��>�3,�o�Sd��c�
Decrypted: test123

and here's my code:

$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);   

function encrypt($data)
{
    $key = 'test';
    $encrypted_data = mcrypt_cbc(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_ENCRYPT, $iv);
    return $encrypted_data;
}

function decrypt($encryptedData)
{       
    $key = 'test';
    $decrypt = mcrypt_cbc(MCRYPT_RIJNDAEL_256, $key, $encryptedData, MCRYPT_DECRYPT, $iv);
    return $decrypt;
}



$password = encrypt($member[0]['PASSWORD']);
print('Encrypted: '.$password.'<br />');
$password = decrypt($password);
print('Decrypted: '.$password);
Daniel Harris
  • 1,805
  • 10
  • 45
  • 63
  • Look into using [this code](http://stackoverflow.com/questions/2448256/php-mcrypt-encrypting-decrypting-file/2448441#2448441) instead. It's definitely works. – John Conde Feb 05 '13 at 19:13
  • 1
    There are several errors here; you treat a string or password as a key, you are using Rijndael 256 which is *not* the same as AES-256 and finally you are not explicitly defining a character encoding for the plaintext. That's obviously not counting the IV issue in my answer. – Maarten Bodewes Feb 05 '13 at 19:16
  • you kind of have to trick mcrypt into doing AES-256, unfortunately. Something like making your Cipher `MCRYPT_RIJNDAEL_128` but feeding it a 256 bit key. Also character encoding in PHP is not easy to control, I don't think. totally right on the password thing though. – Peter Elliott Feb 06 '13 at 00:27

3 Answers3

4

Well, yes, that's what happens when you use a random IV for both encryption and a new one for decryption. You should only generate the IV during encryption and e.g. prefix it to the ciphertext.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
2

The problem is with $iv generation. You generate it during encryption, and then generate it AGAIN during decryption.

$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);

function encrypt($data, $iv)
{
    $key = 'test';
    $encrypted_data = mcrypt_cbc(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_ENCRYPT, $iv);
    return $encrypted_data;
}

function decrypt($encryptedData, $iv)
{
    $key = 'test';
    $decrypt = mcrypt_cbc(MCRYPT_RIJNDAEL_256, $key, $encryptedData, MCRYPT_DECRYPT, $iv);
    return $decrypt;
}

$password = encrypt("testing", $iv);
echo $password.'<br>';
echo decrypt($password, $iv);
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
Achrome
  • 7,773
  • 14
  • 36
  • 45
  • Why do you post the same answer 7 minutes late? – Maarten Bodewes Feb 05 '13 at 19:46
  • I checked the update after I posted it. I was on the fiddle working the code out. :( – Achrome Feb 05 '13 at 19:48
  • It looks like a good fiddle so solve this specific issue, although generally the encrypt and decrypt would not use the same instance. You need to communicate the IV in some way.Note that Stackoverflow likes to have the code in-line - don't just point to an outside fiddle, especially if it is bite-size. – Maarten Bodewes Feb 05 '13 at 19:52
  • What I would use personally is a singleton approach for the IV, so as to keep it same across the board. I can post the code in the answer, but I wanted to give a working env as well to see it work. Since you gave the answer first, you can take this fiddle and I will remove my answer. :) – Achrome Feb 05 '13 at 19:55
  • 1
    The whole idea of the IV is that it changes for each encryption with the same key. Using a singleton is therefore not a good idea. Generating a new IV is something that Daniel actually did right. But generally the IV should be kept with the ciphertext as it is directly linked to it. Keeping it in memory normally does not make much sense. – Maarten Bodewes Feb 05 '13 at 20:02
  • I see. That makes a lot of sense. Thanks for the clarification. – Achrome Feb 05 '13 at 20:05
  • Glad I could explain that too, leave your answer be, I'll vote it up for your effort :) – Maarten Bodewes Feb 05 '13 at 20:08
  • Thank you. I am still learning the ropes on StackOverflow, so can get a little messy sometimes. – Achrome Feb 05 '13 at 20:12
  • I still get `�j�);��`�淐�G����8Y:Mz�m��` for the encryption. Is there a way to decode these characters? – Daniel Harris Feb 05 '13 at 20:44
  • You can still use `base64` as you were earlier. I only simplified the script for my own testing. – Achrome Feb 05 '13 at 20:48
-1

OK, I got the encryption working with this code:

$size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);   

function encrypt($data)
{
    $key = 'test';
    $encrypted_data = mcrypt_cbc(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_ENCRYPT, $iv);
    return base64_encode($encrypted_data);
}

function decrypt($encryptedData)
{       
    $key = 'test';
    $encryptedData = base64_decode($encryptedData);
    $decrypt = mcrypt_cbc(MCRYPT_RIJNDAEL_256, $key, $encryptedData, MCRYPT_DECRYPT, $iv);
    return trim($decrypt);
}
Daniel Harris
  • 1,805
  • 10
  • 45
  • 63