3DES, mcrypt, and hair-loss

kimgokce

I am trying to consume an encrypted token being sent by a win32 host to my php environment on redhat.

Here is the description of the win32 component's encryption methods (this is all the doc I will ever get):

"This component implements the Triple DES encryption scheme in CBC mode using 192 bit keys in Encrypt-Decrypt-Encrypt operation (3EDE). The Initial Value or salt of all 0's with padding performed according to PKCS #5 or PKCS #7. i.e. the padding string consists of a sequence of bytes, each of which is equal to the total number of padding bytes added. For example, if 24 bits (3 bytes) of padding need to be added, the padding string is "03 03 03"."

The key is 48 bytes and is used to pass an encrypted parameter like:

t=DD1D80F876CDD4BDF809B06F90C1CC3F97D8EF345AC47E36C041C029E6664653

Here is my feeble attempt at handling the token ($t):

$key = pack('H48', "....sorry, this is secret"); // if I don't pack the key, mcrypt complains that the key is too long ???

$c_t = trim(chop($t));

$dec_data = mcrypt_decrypt (MCRYPT_3DES, $key, $c_t, MCRYPT_MODE_CBC);

echo "Decrypted data: ", $dec_data, "\n";

I have tried all sorts of trial and error (that works really well with encryption algorithms, right!) and have run out of angles.

Anyone out there have experience with this? I have revied the mcrypt doc at php.net but frankly think it is encrypted itself and can't make any progress with it. I really need hand-holding since this is my first attempt at using mcrypt for any purpose.

I found this article (http://www.pctest.com/page_news/178/) some issues for win32/.net to php decryption but I have not been able to decrypt the string to even begin worrying about the padding on the decrypted string.

-Soon-to-be-hairless

marshallm

This isn't exactly what you want to do, but maybe it will help you. These are encryption and decryption functions that I use a lot in my programs. I haven't looked at the different algorythms in a while, so I'm not sure if 3DES needs an initialization vector or not. You'll have to look into that.

But anyway, here it is...


function encrypt($key, $text)  {
	// Generate an initialization vector 
	$iv = substr(md5($key), 0, mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_ECB));

// Generate the encrypted text
$encrypted = bin2hex(mcrypt_encrypt(MCRYPT_CAST_256, $key, $text, "ecb", $iv));
return $encrypted;
}


function decrypt($key, $encrypted)  {
	/* incoming: should be the $key that you encrypted with 
	 * $encrypted is the encrypted string (encrypted text)
	 * returns plain text
	 */

// generate an initialization vector
$iv = substr(md5($key), 0, mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_ECB));

// Convert the hex back to a binary string 
$binary_encrypted = hex2bin($encrypted);

// now we do our normal decrypting
$text = mcrypt_decrypt(MCRYPT_CAST_256, $key, $binary_encrypted, "ecb", $iv);

// Return the answer
return trim(chop($text));
}


function hex2bin($data) {
	$len = strlen($data);
	return pack("H" . $len, $data);
}

// NOTE:  THIS IS BASICALLY HOW THIS FILE WORKS.

/* 

$key = "THIS IS MY KEY";
$test_phrase = "This is the test phrase... SHH!  DON'T TELL ANYONE!";
echo("this is the phrase: ". $test_phrase ."<br /><br />");

$encrypted = encrypt($key, $test_phrase);
echo("this is the encrypted text: " .$encrypted ."<br /><br />");

$decrypted = decrypt($key, $encrypted);
echo("this is the decrypted text: ". $decrypted ."<br /><br />");

*/

I hope that helps you save some of your hair. 😉

Mark