1

mcrypt_decrypt is giving me additional invisible characters which are NOT VISIBLE by just echoing out on the page. Can ONLY BE SEEN by writing it to the text file. Means, just displaying on the page is OK and hard to be noticed.

Here is the code sample by Googling. Please guide me what is the correct usage is there's something wrong:

function encrypt ($pure_string, $key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $encryption_key, $pure_string, MCRYPT_MODE_ECB, $iv);
    return $encrypted_string;
}

function decrypt ($encrypted_string, $key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $decrypted_string = mcrypt_decrypt(MCRYPT_BLOWFISH, $encryption_key, $encrypted_string, MCRYPT_MODE_ECB, $iv);
    return $decrypted_string;
}

but when i try it:

$encrypted_string = encrypt("This is the original string.", "ABC123");
echo decrypt($encrypted_string, "ABC123");

.. i am getting something like:

This is the original string.�������

This strange characters ������� are actually not visible when you/ i just echo it. Can only be seen by writing into the text file.

  • So what am i missing please?
  • Is there any perfect way to achieve this encrypt/decrypt?

Thank you.

夏期劇場
  • 17,821
  • 44
  • 135
  • 217
  • 1
    `MCRYPT_MODE_ECB` -- bad .. you should not be using this – Baba Jun 03 '13 at 11:30
  • possible duplicate of [PHP decryption fails on some strings with trim()'s](http://stackoverflow.com/questions/16518795/php-decryption-fails-on-some-strings-with-trims) – Baba Jun 03 '13 at 11:31
  • @Baba NO this is not a duplicate. Totally different problem. This is also not the `trim` issue. – 夏期劇場 Jun 03 '13 at 11:33
  • 1
    Added it has duplicate because .. there so many issues with your encryption `MCRYPT_RAND ` , `MCRYPT_MODE_ECB` lack of `PKCS7 padding` , `padding oracle attacks` .. you can lean a lot of the example class with having to duplicate the answer here – Baba Jun 03 '13 at 11:35

4 Answers4

2

You can use trim($string, "\0\4") to cut out these characters.

Logarytm Całkowy
  • 368
  • 2
  • 11
  • This works actually, even i'm not sure it is the good solution or not. At least the `�������` characters goes away. – 夏期劇場 Jun 03 '13 at 11:36
  • You would have so many problems in future .. you proper padding .. its not difficult – Baba Jun 03 '13 at 11:38
2

This is padding. ECB mode requires input to be multiple of cipher block size, so additional bytes are added (most likely it is PKCS#5 padding).

To remove PKCS#5 padding you can use following code:

$dec_s = strlen($decrypted);
$padding = ord($decrypted[$dec_s-1]);
$decrypted = substr($decrypted, 0, -$padding);
Nickolay Olshevsky
  • 13,706
  • 1
  • 34
  • 48
2

rtrim() will remove the padding that mcrypt added...

matt
  • 21
  • 2
-2

function encrypt ($pure_string, $key) {

=> $key

$encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $encryption_key, $pure_string, MCRYPT_MODE_ECB, $iv);

=> $encryption_key

not equal

mistykr
  • 1
  • 2
    If its code example, please wrap it in appropriate way for highlighting and make sure syntax is correct. Also, little explanation is usually useful. – Tom Nov 18 '15 at 03:08