0

I have an encrypt / decrypt code found on stackoverflow. It is this one:

public function decrypt_blowfish($data,$key){
    try{
        $iv     =   pack("H*" , substr($data,0,16));
        $x      =   pack("H*" , substr($data,16)); 
        $res    =   mcrypt_decrypt(MCRYPT_BLOWFISH, $key, $x , MCRYPT_MODE_CBC, $iv);
        return $res;
    }catch(Exception $ex){
        echo $ex->getMessage();
    }
}

function encrypt_blowfish($data,$key){
    try{
        $iv_size    =   mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC);
        $iv         =   mcrypt_create_iv($iv_size, MCRYPT_RAND);
        $crypttext  =   mcrypt_encrypt(MCRYPT_BLOWFISH, $key, $data, MCRYPT_MODE_CBC, $iv);
        return bin2hex($iv . $crypttext);
    }catch(Exception $ex){
        echo $ex->getMessage();
    }
}

it works fine if i test it just with a php without values out of a database, but if i use it with values out of a database i get things like "Manuel��" instead of just "Manuel" - can you tell me what is my mistake?

Manuel Weitzel
  • 101
  • 1
  • 1
  • 13
  • it could be an encoding issue - https://stackoverflow.com/questions/279170/utf-8-all-the-way-through is most likely where you'll find your solution, probably a dupe also – Funk Forty Niner Oct 17 '17 at 12:29
  • 6
    Without trying to be rude, the mistake is that you're taking random code from this site. `mcrypt` is abandonware. There are many examples of proper encryption/decryption implementation in PHP on github. Consider wiping this code and replacing it with [this one](https://github.com/defuse/php-encryption). – Mjh Oct 17 '17 at 12:39
  • 2
    It is best not to use PHP mcrypt, it is abandonware, has not been updated in years and does not support standard PKCS#7 (née PKCS#5) padding, only non-standard null padding that can't even be used with binary data. mcrypt has many outstanding [bugs](https://sourceforge.net/p/mcrypt/bugs/) dating back to 2003. The mcrypt-extension is deprecated will be removed in PHP 7.2. Instead consider using [defuse](https://github.com/defuse/php-encryption) or [RNCryptor](https://github.com/RNCryptor), they provide a complete solution and are being maintained and is correct. – zaph Oct 17 '17 at 13:30
  • 1
    Note that even the author of Blowfish now uses AES. – zaph Oct 17 '17 at 13:31
  • thanks all, i will try AES instead of blowfish – Manuel Weitzel Oct 17 '17 at 13:55

1 Answers1

0

try by encoding to 64 bits and encrypting the string and and after decryption decode it. it will work...

$newDataToEncrypt=base64_encode($data);

And after getting a decrypted text

 $data=base64_decode($decryptData);

try it

Lasitha Senanayake
  • 137
  • 1
  • 4