I want to encrypt an email to decrypt later.
At that point I don't care about safety, I just want it working. The mail is stored in $umail
Researching stackoverflow I found the following code which I have adapted:
$keyword = "Key";
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM);
$activation = base64_encode($iv.mcrypt_encrypt(MCRYPT_RIJNDAEL_128, hash('sha256', $keyword, true), $umail, MCRYPT_MODE_CBC, $iv));
$activation = rawurlencode($activation);
$activation is the encrypted mail.
I get the encrypted mail ($activation) as a part of a URL.
$key = $_GET['key'];
$key = rawurldecode($key);
$keyword = "Key";
$requestMail = base64_decode($key);
$ivDec = substr($requestMail, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, hash('sha256', $keyword, true), substr($requestMail, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)), MCRYPT_MODE_CBC, $ivDec), "\0");
Sometimes it shows the email I enter. Other times, with the same email input, it shows strange symbols when the encrypted word has "+".
Any advice?
It's solved. This is the post I needed:
PHP - Plus sign with GET query
I noticed that when a + was generated, decrypt was broken. In that post is explained how + is a PHP reserved word, so it must be converted to %2B and after that, reconverted to +. To do this you use: rawurlencode, rawurldecode.
Code is updated.
Enjoy!
