Problem with mcrypt function *

Question

Problem with mcrypt function *

Navigation

#1 by (2 votes)

6

I am using these two functions below to encrypt and decrypt a string. I left the example as clean as possible.

Function for encript

$key = '123';
$iv  = md5( md5( 'key' ) );
mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, $iv);

Function for decript

$key = '123';
$iv  = md5( md5( 'key' ) );
mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, $iv);

I do not really know the function, and I'm having trouble using json encode / decode. I can use encode without problem, but decode does not run the decrypted string .

I used as an example a simple array array( 123 ) and the decrypted output is exactly equal to json_encode( array( 123 ) ) , the difference is the size, but no spaces appear before or at the end.

Dump

decrypt( $argument )        : string(32) "[123]"
json_encode( array( 123 ) ) : string(5) "[123]"

I found a question that reports the same problem as mine and the proposed solution was the use of rtrim( $decrypted , "trim" ) . It worked for the author and for me, but the explanation is superficial:

It says that the ENCRYPT / DECRYPT function adds garbage to be the correct size, and should remove the nulls at the end of the string.

I also created null values at the end of the string but did not affect the size in the dump. I can not understand how the string size does not match.

The use of %code% in %code% covers which characters?

I would like to know more about the options cipher and mode , I did not find in DOC any deeper references for each case.

You can combine cipher and mode so that the string does not create null values to fit the size.

php mcrypt

asked by anonymous 29.10.2014 / 04:32

1 answer

How to get AppCompat error from the application? MySQL BD random record preventing consecutive equal records

score 2 · Accepted Answer

For those who come across this topic in the future, what Bacco said in this comment , basically, is to remove all the" junk "added by the ciphers so they are the same size as in code, that would be it:

$string = json_encode( array( 123 ) );

$key = '123';
$iv  = md5( md5( 'key' ) );

$encrypted = mcrypt_encrypt(

    MCRYPT_RIJNDAEL_256, md5( $key ),

    $string, MCRYPT_MODE_CBC, $iv
);

$decrypted = rtrim(

    mcrypt_decrypt( MCRYPT_RIJNDAEL_256, md5($key), $encrypted, MCRYPT_MODE_CBC, $iv),

    "\x00..\x1F"
);

Just compare with a var_dump () and see that without that rtrim () the encrypted string is quite different from unencrypted, but both have the same length:

string '’!Ù Èžtvûþ×Ij>+|oÙ(Œà¢qŒ)·Î"“Æ¡h' (length=32)
string '[123]���������������������������' (length=32)

But (and now comes my contribution), do not just remove the byte null (\ 0 or 0x00) since each language can include its own flush.

That's why my pseudo-code brings a wider character range \ x00 .. \ x1F , that is, the first 31 characters of the ASCII Table.

By the way, responding to this survey , if you consider removing only the null byte (\ 0) you can quietly use rtrim () without arguments since this character is already in the default removal list of the function.