Decrypt decrypts only partially!

boxboxbox

I've been using this to encrypt information and store it in a mysql database, then decrypt it on a webpage. It almost always works properly, but two times it has failed, decrypting only the last half of the string.

I have the encrypted string stored in a varchar(255) field, and the IV in a varchar(50) field. Do I need to change these to blobs?
Is the IV trying to include a return character that won't store in the database? Is it too long? I thought the check-size function should take care of that...
Any ideas?
Is there any way to decrypt a string that's already been stored, or is it too late?
Why would it decrypt only the LAST half of the string?

Thanks!

Here is my encryption code:

#######################
$key = "This is a short key code...";

// Encryption Algorithm
$cipher_alg = MCRYPT_RIJNDAEL_128;
$stringmod = MCRYPT_MODE_ECB;
// Create the initialization vector for added security.
$iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg,
$stringmod), MCRYPT_RAND);

$mod = mcrypt_module_open ($cipher_alg,'',$stringmod,'');

$iv_size = mcrypt_enc_get_iv_size($mod);

$iv = mcrypt_create_iv($iv_size,MCRYPT_DEV_RANDOM);

$max_key_size = mcrypt_enc_get_key_size($mod);

$key = substr($key,0,$max_key_size);

mcrypt_generic_init ($mod,$key,$iv);

$encrypted = mcrypt_generic($mod,$string);

mcrypt_generic_deinit ($mod);

mcrypt_module_close ($mod);
#########################

########Encrypt the data
$ccenc = mcrypt_encrypt($cipher_alg,$key,$string, MCRYPT_MODE_CBC, $iv);
$ccencred = $iv;}

##...Insert into db...

########Decrypt the data
$ccunc = trim(mcrypt_decrypt($cipher_alg, $key, $ccenc, MCRYPT_MODE_CBC, $cciv));

NogDog

Just a thought: you might want to do a strlen() on the ecrypted text to make sure it does not exceed the column size of the table. (Though if it were getting truncated, I would be surprised that it could be decrypted at all.)

boxboxbox

Thanks for the suggestion. I was thinking that, but on the last failure I counted the characters and there are only 50, when there is room for 255.

I heard that varchar sometimes screws up the characters and that I should use Blob, but then I heard the same thing about Blob and that I should use varchar. Grrr..

I can sometimes replicate it, but only if I do encrypt and decrypt on the same page, and sometimes it decrypts the last half and sometimes the first. (I think it is because if I do it on the same page it is reusing variables improperly...)

boxboxbox

Hmm...If I change the IV, the last half still decrypts fine, but the first half changes to a different piece of unreadable characters.

So...basically it is something wrong with the IV. Also, it is always the first 16 characters of the input string affected.

Mgccl

how about try not to use database.. see if it works.. if it works.. the it's the problem of the database

boxboxbox

Mgccl - thanks. That's part of the problem - it works most of the time (maybe 48 out of 50)...so I've been trying to replicate it both with the database and without, but haven't yet been able to make it happen. It seems like when it fails, the IV is only 15 characters and not 16, so I don't know yet if the database is trimming off a bad character, if only 15 are being created, or what.

boxboxbox

The IV is also stored briefly in a session variable...do these have any known issues about converting characters?

Mgccl

can you explain what charset of your character is?
like if you are using non English characters there might be problem

boxboxbox

As far as the database:

MySQL charset: UTF-8 Unicode (utf8)
MySQL connection collation: utf8_unicode_ci

For some reason that particular table has a collation of:
latin1_swedish_ci

I'm not sure where to find info on any other charsets...

Thanks!