Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

openssl_decrypt () function not working, returning null

i used openssl_encrypt and openssl_decrypt function but the decrypt part is not returning any value, whereas using the same key Encrypt is working fine. here is the function which i used. the variable $decrypted always return a null . every small help will be appreciated

function deCryption($value)
{

    $methods = openssl_get_cipher_methods();
    $clefSecrete = "flight";
    echo '<pre>';
    foreach ($methods as $method) {
        //$encrypted = openssl_encrypt($texteACrypter, $method, $clefSecrete); ----this was used for encryption
        $decrypted = openssl_decrypt($value, $method, $clefSecrete);
        echo "value=".$decrypted;
        echo $method . ' : '. $decrypted . "\n";
        break;
    }
    echo '</pre>';
    return $decrypted;
}
like image 937
Suraj.Sinha Avatar asked Aug 08 '13 12:08

Suraj.Sinha


1 Answers

I had exactly the same problem, I then googled my question and ended up here, on the same question that I had asked. So I had to search elsewhere.

I found this article useful in explaining the shortcoming of the official php documentation. Another article with similar content is here.

In the end it boils down to the key/password. What the openssl_encrypt library expects is a key NOT A PASSWORD. And the size of key must be the size of cipher’s intrinsic key size. The first article says if you provide a longer key, the excess is discarded and a key shorter than expected is padded with zero, i.e. \x00 bytes. I have not tested this fact.

I have edited your code to read as below.

The idea I have used is that the size of the initial vector that a cipher expects is also the size of the key it expects. So here, I am passing a key not a password as you were doing. Simply find a way turning your password into a key.

In your code, you did not pass options and the iv (initialization vector).

The iv is a string the cipher 'mixes' with the plaintext before encryption. So what the cipher encrypts is this 'mixture'. Is this important? Yes! Without this 'mixing', a pair of identical plaintexts would result into a pair of identical ciphertexts, which can lead to an attack; if two identical plaintext-ciphertext pairs are not from the same user, these two users are using the same key! A unique iv for each plaintext therefore ensures that no two plaintexts result into identical ciphertexts. In other words, the iv is a salt.

    $plaintext = 'Testing OpenSSL Functions';
    $methods = openssl_get_cipher_methods();
    //$clefSecrete = 'flight';
    echo '<pre>';       
    foreach ($methods as $method) {
        $ivlen = openssl_cipher_iv_length($method);
        $clefSecrete = openssl_random_pseudo_bytes($ivlen);
        $iv = openssl_random_pseudo_bytes($ivlen);

        $encrypted = openssl_encrypt($plaintext, $method, $clefSecrete, OPENSSL_RAW_DATA, $iv);
        $decrypted = openssl_decrypt($encrypted, $method, $clefSecrete, OPENSSL_RAW_DATA, $iv);
        echo 'plaintext='.$plaintext. "\n";
        echo 'cipher='.$method. "\n";
        echo 'encrypted to: '.$encrypted. "\n";
        echo 'decrypted to: '.$decrypted. "\n\n";
    }
    echo '</pre>';
like image 88
owino Avatar answered Oct 05 '22 04:10

owino