5

I want to create and encryption for get variabile passed in url and for asynchronous call

for example:

$textToEncrypt = "Hello World";
$encryptionMethod = "AES-256-CBC";
$secretHash = "cVb67YtfAz328oOikl96vBn";
$iv = "adfrf54dmnlo09ax";
$encryptedText = openssl_encrypt($textToEncrypt,$encryptionMethod,$secretHash, 0, $iv);

result is: W2p0S2qlSierJnIcA/AM3g==

there are some special characters, == always at the end. I want to prevent this! How can I output only 0-9 and A-Z and a-z characters?

thanks

Cristian
  • 329
  • 2
  • 6
  • 14
  • 1
    Use `$something = base64encode($encryptedText)` – RiggsFolly Oct 18 '16 at 14:08
  • 1
    Possible duplicate of [Passing base64 encoded strings in URL](http://stackoverflow.com/questions/1374753/passing-base64-encoded-strings-in-url) – Alex K. Oct 18 '16 at 14:12
  • Use Base58 or Base32 or Base16 or even Base2. I wouldn't go as far as suggesting Base1, because that's only for theoretical scholars. – Artjom B. Oct 18 '16 at 19:37

3 Answers3

4

I had the same issue. I wanted to remove the special characters. So, this is what I did. Convert the encrypted text into hex value using base64_encode($encryptedText). So, there will be no special characters. Then for the revert, use base64_decode before passing to openssl_decrypt.

Dmitriy
  • 5,525
  • 12
  • 25
  • 38
hafij
  • 208
  • 2
  • 10
  • 1
    Please consider editing your answer to include a code example of your proposed solution. The [Markdown Editing Help](https://stackoverflow.com/editing-help) page may be useful for formatting your answer correctly. – Benji Mar 24 '18 at 12:28
1

$ciphering = "AES-128-CTR";

use this as your cipher string, it'll remove any type of == from the end

S Ahmad Saagar
  • 11
  • 1
0

I notice I had exactly 2 equal signs at the end of my encrypted string too. It seems theres always 2 equal signs at the end. Here's my solution

function encryptString($string, $action, $baseIP = 'false', $extraKey = ''){
    global $flag;

    $encryptedIP = '';

    if($baseIP){
        $encryptedIP = encryptString($_SERVER['REMOTE_ADDR'], 'encrypt', false);
    }

    $output = false;

    $encrypt_method = "AES-256-CBC";
    $secret_key = $flag['2nd-encrypt-key'].$encryptedIP.'-'.$extraKey;
    $secret_iv = $flag['2nd-encrypt-secret'].$encryptedIP.'-'.$extraKey;

    $key = hash('sha256', $secret_key);
    $iv = substr(hash('sha256', $secret_iv), 0, 16);

    $output;

    if($action == 'encrypt'){
        $output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
        $output = base64_encode($output);
        //replace equal signs with char that hopefully won't show up
        $output = str_replace('=', '[equal]', $output);
    }else if($action == 'decrypt'){
        //put back equal signs where your custom var is
        $setString = str_replace('[equal]', '=', $string);
        $output = openssl_decrypt(base64_decode($setString), $encrypt_method, $key, 0, $iv);
    }

    return $output;
}
SwiftNinjaPro
  • 787
  • 8
  • 17