0

this is my crypto class

define('KEY', '1234567891111111');
class crypto 
{
    //private static $key= 'DocT0r$t@y';
    public function encrypt ($payload) {
        $iv = mcrypt_create_iv(
            mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC),
            MCRYPT_DEV_URANDOM
        );
        //$iv = mcrypt_create_iv(IV_SIZE, MCRYPT_DEV_URANDOM);
        $crypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, KEY, $payload, MCRYPT_MODE_CBC, $iv);
        $combo = $iv . $crypt;
        $garble = base64_encode($iv . $crypt);
        //return trim($garble,'�');
        return $garble
    }

    public function decrypt ($garble) {
        $combo = base64_decode($garble);
        $iv = substr($combo, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
        $crypt = substr($combo, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), strlen($combo));
        $payload = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, KEY, $crypt, MCRYPT_MODE_CBC, $iv);
        //return trim($payload,'�');
        return $payload
    }
}

and this how i am call my class and checking out put

$e=crypto::encrypt($pwd);
        $d=crypto::decrypt($e);

        echo $e."   ".$d;

        if($d==$pwd)
            echo "<br>yes";
        else
            echo "<br>no";
        exit();

when i check may output in firebug is show me

a9MF8SdTrsedILnV2fyNucYqUaZG9yvYxJcRbYOwJbg= 123�������������
no

(here 123 is text which i want to crypt/decrypt). any suggetion what is i am doing wrong or why it is mot working?

Archish
  • 850
  • 8
  • 32
  • 2
    Maybe this page will help you: [Why is mcrypt_encrypt() putting binary characters at the end of my string?](http://stackoverflow.com/questions/9781780/why-is-mcrypt-encrypt-putting-binary-characters-at-the-end-of-my-string) – node_modules Apr 20 '16 at 11:48
  • 5
    Head's up: [Don't use mcrypt](https://paragonie.com/blog/2015/05/if-you-re-typing-word-mcrypt-into-your-code-you-re-doing-it-wrong). Also, you might want to consider [not writing your own cryptography features](https://paragonie.com/blog/2015/11/choosing-right-cryptography-library-for-your-php-project-guide). – Scott Arciszewski Apr 20 '16 at 12:40
  • 2
    It is best not to use mcrypt, it is abandonware, has not been updated in years and does not support standard PKCS#7 padding, only non-standard null padding that can't even be used with binary data. Instead consider using [defuse](https://github.com/defuse/php-encryption), it is being maintained and is correct. – zaph Apr 20 '16 at 12:47

0 Answers0