mdecrypt_generic not decrypting

JumpinJuniper · Sep 25, 2006

I am trying to create a simple script to encrypt and decrypt a message. The script consists of two php files, both being similar. The first PHP file will encrypt the message based upon the "secret key" a user inputs (as opposed to haveing a default set key). The coding for the file file is below:

/ Open the cipher /
$td = mcrypt_module_open(MCRYPT_BLOWFISH, '',
MCRYPT_MODE_ECB, '/usr/lib/mcrypt-modes');

$td = mcrypt_module_open('rijndael-256', '', 'ofb', '');

/ Variable Creation /
$message = DoStripSlashes( $_REQUEST['message'] );

/ Create the IV and determine the keysize length, used MCRYPT_RAND
on Windows instead */
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
$ks = mcrypt_enc_get_key_size($td);

/ Create key /
$ikey = ( $_REQUEST['ikey'] );
$key = substr(md5($ikey), 0, $ks);

/ Intialize encryption /
mcrypt_generic_init($td, $key, $iv);

/ Encrypt data /
$encrypted = mcrypt_generic($td, $message);

/ Terminate encryption handler /
mcrypt_generic_deinit($td);

/ Initialize encryption module for decryption /
mcrypt_generic_init($td, $key, $iv);

/ Decrypt encrypted string /
$decrypted = mdecrypt_generic($td, $encrypted);

/ Terminate decryption handle and close module /
mcrypt_generic_deinit($td);
mcrypt_module_close($td);

/Data Format/
$data = bin2hex ($encrypted);

That coding is the coding to encrypt the message the user inputs. The rest of the script will email the encrypted text to whomever the user wants. The recipient of the encrypted text can then go to a page (the second PHP file) where they can paste in the encrypted text in the textarea box. Below that in a textbox they can type in the secret key (already agreed upon by the two users). Theoretically, the second script will echo the decrypted message. Below is the decrypted coding:

/ Open the cipher /
$td = mcrypt_module_open(MCRYPT_BLOWFISH, '',
MCRYPT_MODE_ECB, '/usr/lib/mcrypt-modes');

$td = mcrypt_module_open('rijndael-256', '', 'ofb', '');

/ Create the IV and determine the keysize length, used MCRYPT_RAND
on Windows instead */
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
$ks = mcrypt_enc_get_key_size($td);

/ Create key /
$ikey = ( $_REQUEST['dkey'] );
$key = substr(md5($ikey), 0, $ks);

/ Intialize encryption /
mcrypt_generic_init($td, $key, $iv);

/ Encrypt data /
$data = bin2hex ( $_REQUEST['idata'] );
$encrypted = mcrypt_generic($td, $data);

/ Terminate encryption handler /
mcrypt_generic_deinit($td);

/ Initialize encryption module for decryption /
mcrypt_generic_init($td, $key, $iv);

/ Decrypt encrypted string /
$decrypted = mdecrypt_generic($td, $encrypted);

/ Terminate decryption handle and close module /
mcrypt_generic_deinit($td);
mcrypt_module_close($td);

/ Show string /
echo "<PRE>";
echo "The decrypted message: " . trim($decrypted) . "\n";

As you can tell, I basically modified the mcrypt example given mcrypt_module_open example on this site. The response I get is odd looking text. So, I have tried adding hex2bin to the data. It gives the data, but does not decrypt properly. Is there something I'm missing? I just started teaching myself PHP so I'm sure it's something pretty simple that I have overlooked.

The test message to be encrypted is "test message" and the secret key for this one I used was "hello". The results it emails me is 8a37c7b9c101b51771df0eff . If I go in and try to decrypt it, the decrypted message is the same as what I input in to the idata field. However, if I add the bin2hex, such as shown in the code:

$data = bin2hex ( $_REQUEST['idata'] );

Then I get the following:

386133376337623963313031623531373731646630656666

Weedpacket · Sep 26, 2006

I'm not able to run your code at present, and I don't want to attempt anything detailed regarding encryption without being sure of myself.... but if the reason you're using bin2hex/hex2bin is to turn the encrypted data into something a bit more text-friendly, then I'll mention that when I have such a thing to do I prefer to use base64_encode.

Actually I do notice one other thing: you're using bin2hex to convert the encrypted data prior to transport, and then you're using bin2hex on the transported data prior to decryption. bin2hex() is not the opposite of bin2hex() - there doesn't seem to be a hex2bin() function, oddly.

JumpinJuniper · Oct 5, 2006

I have modified the code to the following:

Encryption

$ikey = ( $_REQUEST['ikey'] );
$key = $ikey; 
$td = mcrypt_module_open('cast-256', '', 'ecb', ''); 
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND); 
mcrypt_generic_init($td, $key, $iv); 
$encrypted_data = mcrypt_generic($td, $message); 
mcrypt_generic_deinit($td); 
mcrypt_module_close($td); 
$encoded_64=base64_encode($encrypted_data);

Decryption

$idata = ( $REQUEST['idata'] );
$decoded_64=base64_decode($idata);
$dkey = ( $REQUEST['dkey'] );
$key = $dkey;
$td = mcrypt_module_open('cast-256', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$decrypted_data = mdecrypt_generic($td, $decoded_64);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);

/ Show decrypted values /
echo "<PRE>";
echo "The decrypted message: " . $decrypted_data . "\n";

This coding works perfect. However, if I change the encryption method from cast-256 to tripledes, I get a bunch of garbate when I go to decrypt it. Instead of giving "The decrypted text is: secret message" it gives "The decrypted text is: C)½—”Å1"úY" At first glance it looks like the text when it has not been converted from a string value, therefore, I have tried changing base_64 to bin2hex. That still does not work.

mdecrypt_generic not decrypting

JJumpinJuniper

Weedpacket

JJumpinJuniper