MCrypt help please

Anon

Hi,
I've tried the examples on php.net regarding mcrypt but I just got errors.
Mcrypt is installed on the server.

Does anyone have any examples of how to use mcrypt?
Really, I'd just like to create a short library of functions, like mc_encode() and mc_decode() etc...

Any help would be appreciated.

Thanks!
matt.

here's the phpinfo() information on mcrypt on my server:

mcrypt
mcrypt supportenabled
version2.4.x
Supported cipherstwofish wake rijndael-128 rijndael-192 rijndael-256 saferplus rc2 xtea serpent safer-sk64 safer-sk128 cast-256 loki97 gost threeway cast-128 blowfish des tripledes enigma arcfour arcfour-iv panama
Supported modesofb cfb nofb cbc ecb stream

Directive Local Value Master Value
mcrypt.algorithms_dir no value no value

mcrypt.modes_dir no value no value

Anon

What does your code look like, and what
errors did you get?

Anon

Actually, someone sent me the code you see below, but it won't work either. I had tried the functions from the php manual http://www.php.net/manual/ref.mcrypt.php but they wouldn't work for me.

The code below chokes on the mhash function. I checked the manual but it says that the function is fine as of php3-4 so I don't know why it choked on it.

Anyway, failing a solution here, what's a good way to encrypt something and put it in a database (mysql)? Is the mysql encode function strong enough for storing credit card numbers?

Thanks for the help.
matt.

/
Webcrypt.phpi -- Copyright 1999 Nick Sayer
Copyright 1999 Nick Sayer, All Rights Reserved

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Redistributions of either source or binary form must not
violate US export laws.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.

Builds a secure message system with PHP, mhash and mcrypt.

Before use, the following must be defined:

HASH - the MHASH algorithm selector for the hash.
CIPHER - the MCRYPT algorithm selector for the cipher.
KEY - the secret key to encrypt and decrypt the messages.

To encrypt, a plaintext message can consist of any string.
It is first run through HASH to get a checksum. The checksum
is put at the front of the message because A> It perterbs
the CIPHER due to its pseudo-random nature and B> because
unlike the plaintext, its length is known.

The key is also run through the HASH, since keys chosen by
humans typically are not very good, usually consisting
only of about 96 out of 256 values and generally being
too short.

A random initial vector is chosen to be later prepended to
the ciphertext.

The hash and plaintext are then run through the selected
CIPHER with the HASHed key and iv. mcrypt routines sometimes append
garbage to the ciphertext, which would not have been run through
the hash. So both the encoder carefully trims the ciphertext
to be the same length as the plaintext (the decoder must also do
the opposite).

Finally, the ciphertext and the initial vector are run through
base64_encode() in order to make the mess printable. Note
that in order to be mailable or printable, the encoded output
should be run through chunk_split(), and to be passed to a
HTTP server it should be run through rawurlencode().

/
/
Take in arbitrary plaintext and make an encrypted message.
The output is base64 encoded.
/
function WEB_encrypt($pt) {

$realkey=mhash(HASH,KEY);
$iv=mcrypt_create_iv(mcrypt_get_block_size(CIPHER), MCRYPT_DEV_URANDOM);
$blob=mcrypt_ofb(CIPHER,$realkey,mhash(HASH,$pt).$pt,MCRYPT_ENCRYPT,$iv);

/
Note that mcrypt may add trailing nulls that must be stripped.
*/
$blob=substr($blob,0,strlen($pt)+mhash_get_block_size(HASH));

return base64_encode($iv.$blob);

}

/
Decrypt previously encrypted plaintext message. Input is
expected to be base64 encoded, output is arbitrary string
or FALSE if decode failed.
*/
function WEB_decrypt($blob) {

$realkey=mhash(HASH,KEY);
$rawblob=base64_decode($blob); /* binary blob */
$iv=substr($rawblob,0,mcrypt_get_block_size(CIPHER)); /* IV */
if (strlen($iv)<mcrypt_get_block_size(CIPHER))
  return FALSE;
$ct=substr($rawblob,mcrypt_get_block_size(CIPHER)); /* CipherText */
$unblob=mcrypt_ofb(CIPHER,$realkey,$ct,MCRYPT_DECRYPT,$iv);

/
mcrypt may add trailing nulls that must be stripped.
*/
$unblob=substr($unblob,0,strlen($ct));

$pt=substr($unblob,mhash_get_block_size(HASH));
$check=substr($unblob,0,mhash_get_block_size(HASH));

if ($check != mhash(HASH,$pt))
  return FALSE;
else
  return $pt;

}

$original = "hello world.";

$encrypted = WEB_encrypt($original);

echo "<P>Original Text: " . $original;
echo "<P>encrypted text: " . $encrypted;

Anon

Instead of using vague terms like 'choked on', it would be far
more useful to just describe what happened? No output? An
error message from PHP? Whole webserver locked up? or???
mhash is a completely separate library from mcrypt. Are
you sure that it, too, is installed?

Anon

While I appreciate that you are trying to help me, and I admit my post was somewhat vague, I find your tone condescending; why not try just being helpful instead? Believe it or not, not everyone has the same amount of experience and expertise as you.
If you can't be polite, don't bother posting at all. I'm getting tired of newbies getting trashed by folks with several years of experience. We were all newbies once don't forget.

I will in future try to be more specific. Nonethesless, I've come across several folks who enjoy the spirit of this mailing list and have been exceedingly helpful. At the same time, I try to give as much as I can to this list, in return. Therefore, I'll get help from someone else thank you.

Anon

I quite agree; if you find question like

What does your code look like, and what errors did you get?

to be rude and condescending, then you're probably not going
to get much help from this direction...