0

I have a 3 php file one is index.php where the original string is there, encrypt.php where will i encrypt the original string and lastly the decrypt.php where will i decrypt it but the problem is when i try to decrypt it the result is still encrypted but not the same encrypt it's different. Can someone help me about the decryption?

here is the picture i click the encrypt

enter image description here

here is the encrypted. enter image description here

here is the decrypted this is the problem the output should be "fwf2" but it's different enter image description here

here is the code for index.php

<!DOCTYPE html>
<html>
<head>
    <title></title>
</head>
<body>
<form method="POST" action="encrypt.php">
Original String <input type="text" name="text">
<input type="submit" name="encrypt" value="Encrypt" href="encrypt.php">
</form>
</body>
</html>

here is the encrypt.php

<?php
$secret_key = "thisismykey12345";
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);

if(isset($_POST['encrypt'])){
    $string = $_POST['text'];

    $encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret_key, $string, MCRYPT_MODE_CBC, $iv);

}


?>
<!DOCTYPE html>
<html>
<head>
    <title></title>
</head>
<body>
<form method="POST" action="decrypt.php">
Encrypted String <input type="text" style="width:500px;" name="encrypted" value="<?php echo $encrypted_string; ?>">
<input type="submit" name="decrypt" value="Decrypt" href="decrypt.php">
</body>
</html>

here is the decrypt.php

<?php
$secret_key = "thisismykey12345";
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);

if(isset($_POST['decrypt'])){

     $encrypted_string = $_POST['encrypted'];
     $decrypted_string = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $secret_key, $encrypted_string, MCRYPT_MODE_CBC, $iv);

}

?>
<!DOCTYPE html>
<html>
<head>
    <title></title>
</head>
<body>
<form method="POST" action="encrypt.php">
Decrypted String <input type="text" name="decrypted" style="width:500px;" value="<?php echo  $decrypted_string ?>">
</body>
</html>
nethken
  • 1,072
  • 7
  • 24
  • 40
  • You appear to be treating the encrypted data as though it is text, its not, its binary data. To treat is as text (i.e. to pass it around in HTTP requests you need to encode/decode it, E.g. Base64) – Alex K. Jul 19 '16 at 13:12
  • FYI You should avoid ECB & MCRYPT_RIJNDAEL_256 is not AES 256 – Alex K. Jul 19 '16 at 13:12
  • @Alex K. then what type of encryption algorithm is that sir? – nethken Jul 19 '16 at 13:14
  • @nethken It's Rijndael with a block size of 256 bits. The AES algorithm is Rijndael with a block size of 128 bits and keys of 128, 192 or 256 bits. The key size in PHP / mcrypt is set by looking at the key size itself; if you use the algorithm MCRYPT_RIJNDAEL_128 and the key is 256 bits / 32 bytes then the algorithm is AES-256. PS mcrypt is outdated trap and ECB is horrible too. – Maarten Bodewes Jul 19 '16 at 17:46

2 Answers2

2

You have to reuse the iv to have things initialized the same way for encryption and decryption:

// Encryption
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv_enc  = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$str_enc = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, 'thisismykey12345', 'hallops', MCRYPT_MODE_CBC, $iv_enc);
$encrypted = $iv_enc . $str_enc;

// Decryption
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);

$iv_dec = substr($encrypted, 0, $iv_size); // Extract iv
$str_dec = substr($encrypted, $iv_size); // Extract encrypted string

echo mcrypt_decrypt(
    MCRYPT_RIJNDAEL_256, 
    'thisismykey12345', 
    $str_dec,
    MCRYPT_MODE_CBC, 
    $iv_dec
);
--> hallops

Notice the way iv and encrypted data are concatenated and "sent" together.

Like others have said, there are things that may need to be done if this is to be sent somewhere, and some encryption algorithms are safer than others.

Edit: http://php.net/mcrypt_encrypt explains these things more detailed in the examples.

Torbjörn Stabo
  • 769
  • 4
  • 7
0

i found the answer here --> Best way to use PHP to encrypt and decrypt passwords?

here is the code index.php

<!DOCTYPE html>
<html>
<head>
    <title></title>
</head>
<body>
<form method="POST" action="encrypt.php">
Original String <input type="text" name="text">
<input type="submit" name="encrypt" value="Encrypt" href="encrypt.php">
</form>
</body>
</html>

encrypt.php

<?php
$iv = mcrypt_create_iv(
    mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC),
    MCRYPT_DEV_URANDOM
);
if(isset($_POST['encrypt'])){
$key = "thisismykey12345";
$string = $_POST['text'];

$encrypted = base64_encode(
    $iv .
    mcrypt_encrypt(
        MCRYPT_RIJNDAEL_128,
        hash('sha256', $key, true),
        $string,
        MCRYPT_MODE_CBC,
        $iv
    )
);
}
?>
<!DOCTYPE html>
<html>
<head>
    <title></title>
</head>
<body>
<form method="POST" action="decrypt.php">
Encrypted String <input type="text" style="width:500px;" name="encrypted" value="<?php echo $encrypted; ?>">
<input type="submit" name="decrypt" value="Decrypt" href="decrypt.php">
</body>
</html>

decrypt.php

<?php
$key = "thisismykey12345";

if(isset($_POST['decrypt'])){
$encrypted = $_POST['encrypted'];

$data = base64_decode($encrypted);
$iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));

$decrypted = rtrim(
    mcrypt_decrypt(
        MCRYPT_RIJNDAEL_128,
        hash('sha256', $key, true),
        substr($data, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)),
        MCRYPT_MODE_CBC,
        $iv
    ),
    "\0"
);
}

?>
<!DOCTYPE html>
<html>
<head>
    <title></title>
</head>
<body>
<form method="POST" action="encrypt.php">
Decrypted String <input type="text" name="decrypted" style="width:500px;" value="<?php echo  $decrypted; ?>">
</body>
</html>
Community
  • 1
  • 1
nethken
  • 1,072
  • 7
  • 24
  • 40