PHP Encrypting Something breaks :P

[Joveice]

Hi, I'm trying to encrypt a password string (this is to be able to get the string back later and not login system)

Tho My password string looks like this (it's generated) 

slUTz<37v?fi-;OkT?Xa~+p7v

Tho then my aes string gets broken. etc with that string the aes is 

btMYYdjQlNpRpzxC1C0cvUy7q9RU14+ze7YhAPsMfNvRt4auOi2nVDyy9t/8tfNn

well, this isent a AES string anymore (atleast nothing I can use)

now lets use this for the string "Please work"

MITcZ2dLKyKa5eD39Rg2YppxarWN+zilPN88SfVTQFw=

Wait what?

So whats happening here? I guess it's due to all the symboles in the first string. if thats the case how do I fix that?

[Cruorzy]

Just out of curiosity what password are you trying to encrypt? like a DB password in a php file or something? Or database entry's?

I was talking to someone about this, kind of funny that you looking for the same thing now.

[SCHISCHKA]

you need to post your code. posting your failed encryption/decryption means nothing

[Joveice]

11 minutes ago, Cruorzy said:

Just out of curiosity what password are you trying to encrypt? like a DB password in a php file or something? Or database entry's?

I was talking to someone about this, kind of funny that you looking for the same thing now.

Trying to make a local password generator and store them in a local database to access them

[Cruorzy]

Ah seems like a nice little project

[Cruorzy]

Maybe people could help you if you post your code, i cant supply any info since i havent worked with it yet.

[Joveice]

3 minutes ago, Cruorzy said:

Maybe people could help you if you post your code, i cant supply any info since i havent worked with it yet.

Will do, in game atm

[Joveice]

17 minutes ago, Cruorzy said:

Maybe people could help you if you post your code, i cant supply any info since i havent worked with it yet.

<?php
/**
 * Created by Joveice
 * User: Joveice
 * Date: 28-Jan-17
 * Time: 19:59
 */

include  'db.php';

$description = mysqli_real_escape_string($connencrypt, $_POST['description']);

if (empty($description)) {
    header('Location /encrypted/');
}

function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'."\u{0021}"."\u{0022}"."\u{0023}"."\u{0024}"."\u{0025}"."\u{0026}"."\u{0027}"."\u{0028}"."\u{0029}"."\u{002A}"."\u{002B}"."\u{002C}"."\u{002D}"."\u{002E}"."\u{002F}"."\u{003A}"."\u{003B}"."\u{003C}"."\u{003D}"."\u{003E}"."\u{003F}"."\u{0040}"."\u{005B}"."\u{005C}"."\u{005D}"."\u{005E}"."\u{005F}"."\u{0060}"."\u{007B}"."\u{007C}"."\u{007D}"."\u{007E}")
{
    $str = '';
    $max = mb_strlen($keyspace, '8bit') - 1;
    for ($i = 0; $i < $length; ++$i) {
        $str .= $keyspace[random_int(0, $max)];
    }
    return $str;
}

// Set the method
$method = 'AES-256-CBC';

// Set the encryption key
$encryption_key = 'blablalblabla?';

// Generate a random initialisation vector
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($method));

// Define the date to be encrypted
$data = random_str(32);

// Encrypt the data
$encrypted = openssl_encrypt($data, $method, $encryption_key, 0, $iv);

// Append the vector at the end of the encrypted string
$encrypted = $encrypted . ':' . $iv;

$stmt = $connencrypt->prepare("INSERT INTO encryptedpwd (value, description) VALUES (?, ?)");
$stmt->bind_param("ss", $encrypted, $description);
if (!$stmt) {
    echo "O No";
    exit();
}
$stmt->execute();
if (!$stmt) {
    echo "O No";
    exit();
}

Here you go

[Cruorzy]

Just tried a bit, this seems to be working fine. Look further into it because im not sure if this is the correct way.

 

<?php

//Plaintext
$plaintext = "Really shitty personal info about a butt problem.";

//Encryption key
$key = "abcdefgabcdefghijklmnophijklmnop";
//Method
$method = 'AES-256-CBC';
//You should look into this..
$options = OPENSSL_RAW_DATA;
//Random generated bytes, google if this is the best method, random in programming languages get discussed alot.
$iv = openssl_random_pseudo_bytes('16');

//Encrypting the plaintext
$crypt = openssl_encrypt ( $plaintext , $method , $key , $options, $iv );
//Make it readable and storeable.
$encrypted = base64_encode($crypt);

//Decodes the BASE64 so its all strange again, then decrypts it.
$decrypted = openssl_decrypt ( base64_decode($encrypted) , $method , $key , $options, $iv );

//Echo result.
echo $decrypted;

?>

 

[Joveice]

1 hour ago, Cruorzy said:

Just tried a bit, this seems to be working fine. Look further into it because im not sure if this is the correct way.

 

<?php

//Plaintext
$plaintext = "Really shitty personal info about a butt problem.";

//Encryption key
$key = "abcdefgabcdefghijklmnophijklmnop";
//Method
$method = 'AES-256-CBC';
//You should look into this..
$options = OPENSSL_RAW_DATA;
//Random generated bytes, google if this is the best method, random in programming languages get discussed alot.
$iv = openssl_random_pseudo_bytes('16');

//Encrypting the plaintext
$crypt = openssl_encrypt ( $plaintext , $method , $key , $options, $iv );
//Make it readable and storeable.
$encrypted = base64_encode($crypt);

//Decodes the BASE64 so its all strange again, then decrypts it.
$decrypted = openssl_decrypt ( base64_decode($encrypted) , $method , $key , $options, $iv );

//Echo result.
echo $decrypted;

?>

 

Okey so I changed it up a bit.

The code

<?php
/**
 * Created by Joveice
 * User: Joveice
 * Date: 29-Jan-17
 * Time: 02:28
 */

//Plaintext
$plaintext = "slUTz<37v?fi-;OkT?Xa~+p7v";
echo "Before: ".$plaintext."<br>";
//Encryption key
$key = "abcdefgabcdefghijklmnophijklmnop";
//Method
$method = 'AES-256-CBC';
//You should look into this..
$options = OPENSSL_RAW_DATA;
//Random generated bytes, google if this is the best method, random in programming languages get discussed alot.
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($method));
//Encrypting the plaintext
$crypt = openssl_encrypt ( $plaintext , $method , $key , $options, $iv );
echo "Encrypted: ".$crypt."<br>";
//Make it readable and storeable.
$encrypted = base64_encode($crypt);
echo "Encrypted + base64: ".$crypt."<br>";
//Decodes the BASE64 so its all strange again, then decrypts it.
$decrypted = openssl_decrypt ( base64_decode($encrypted) , $method , $key , $options, $iv );

//Echo result.
echo "Decrypted: ".$decrypted."<br>";

?>

Result

Before: slUTz<37v?fi-;OkT?Xa~+p7v
Encrypted: ?u:S!jYa>@=2
Encrypted + base64: 1tA/Agh1OoiMuJDdU/0UIbNqWYhhPvRAgME9+TKi+bg=
Decrypted: slUTz<37v?fi-;OkT?Xa~+p7v

Works as it should so I guess it's a valid way to do it. Thanks!

[Joveice]

So I needed to add the $iv to the code so I can get it later

New code

<?php
/**
 * Created by Joveice
 * User: Joveice
 * Date: 29-Jan-17
 * Time: 02:28
 */

function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'."\u{0021}"."\u{0022}"."\u{0023}"."\u{0024}"."\u{0025}"."\u{0026}"."\u{0027}"."\u{0028}"."\u{0029}"."\u{002A}"."\u{002B}"."\u{002C}"."\u{002D}"."\u{002E}"."\u{002F}"."\u{003A}"."\u{003B}"."\u{003C}"."\u{003D}"."\u{003E}"."\u{003F}"."\u{0040}"."\u{005B}"."\u{005C}"."\u{005D}"."\u{005E}"."\u{005F}"."\u{0060}"."\u{007B}"."\u{007C}"."\u{007D}"."\u{007E}")
{
    $str = '';
    $max = mb_strlen($keyspace, '8bit') - 1;
    for ($i = 0; $i < $length; ++$i) {
        $str .= $keyspace[random_int(0, $max)];
    }
    return $str;
}

//Plaintext
$plaintext = random_str(32);
echo "Before: ".$plaintext."<br>";
//Encryption key
$key = "abcdefgabcdefghijklmnophijklmnop";
//Method
$method = 'AES-256-CBC';
//You should look into this..
$options = OPENSSL_RAW_DATA;
//Random generated bytes, google if this is the best method, random in programming languages get discussed alot.
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($method));
//Encrypting the plaintext
$crypt = openssl_encrypt ( $plaintext , $method , $key , $options, $iv );
echo "Encrypted: ".htmlspecialchars($crypt)."<br>";
//Make it readable and storeable.
$crypt = $crypt . ':' . $iv;
$encrypted = base64_encode($crypt);
echo "Encrypted + base64: ".htmlspecialchars($encrypted)."<br>";

//decrypt
$encrypted = base64_decode($encrypted);
$parts = explode(':', $encrypted);
//Decodes the BASE64 so its all strange again, then decrypts it.
$decrypted = openssl_decrypt ( $parts[0] , $method , $key , $options, $parts[1]);

//Echo result.
echo "Decrypted: ".htmlspecialchars($decrypted)."<br>";

This works most of the time tho this gives this again (I got this before using a diffrent script) - http://blog.turret.io/the-missing-php-aes-encryption-example/

when that dident work I used this https://3v4l.org/0Nujr

And now I'm using this modified version of that and of yours.

runned it a few times to get a few errors.

Warning: openssl_decrypt(): IV passed is 24 bytes long which is longer than the 16 expected by selected cipher, truncating in $decrypted = openssl_decrypt ( $parts[0] , $method , $key , $options, $parts[1]);

Warning: openssl_decrypt(): IV passed is only 10 bytes long, cipher expects an IV of precisely 16 bytes, padding with \0 in $decrypted = openssl_decrypt ( $parts[0] , $method , $key , $options, $parts[1]);

 

[fizzlesticks]

36 minutes ago, Joveice said:

So I needed to add the $iv to the code so I can get it later

The error is because there is a colon in the encrypted text so after you explode the string to get the IV you get 3+ strings back instead of the 2 you expect. Instead of using a colon as a separating character, just add the IV directly at the end then use something like substr to break it into pieces.