[RESOLVED] mcrypt_cbc help

kbc1

Hi all

I stumbled across a chunk of code which encrypts a string of text and I s need to use it in order to encrypt an xml file but its not working correctly and wondered if anyone has experience in using mcrypt_cbc who may be able to help.

I initially build up the structure and contents of an xml file and store this to $xml.

Then I output this file so the user can save it using the following code which works great:

			header("Content-type: text/xml"); 
			header("Content-Disposition: attachment; filename=myfile.xml"); 
			header("Pragma: no-cache"); 
			header("Expires: 0"); 
			print "$_xml"; // output to save
			exit();

Now, I need to encrypt the contents of the xml file prior to this output so using the code I found, I added this but it is not outputting the file to the screen for saving, and therefore I don't know if it is encrypting it:

			$encryptedstring = $_xml; // my xml file
			$decryptkey = "MySALTtempkey2007*";
			$encrypted = mcrypt_cbc(MCRYPT_BLOWFISH, $decryptkey, $encryptedstring, MCRYPT_ENCRYPT, '12345678');

		header("Content-type: text/xml"); 
		header("Content-Disposition: attachment; filename=myfile.xml"); 
		header("Pragma: no-cache"); 
		header("Expires: 0"); 
		print "$encrypted"; // output
		exit();

If you have any suggestions please let me know as I need to try and get round this fairly quick!

Thanks for reading.
K

halojoy

I did a similar script for direct saving encrypted, as a download.

I did use binary content-type, added my own extension.
myimage.jpg
was changed to
myimage.jpg.c128 .... (cast-128 encrypted)
I was afraid that my file should not be treated as binary.
Because I did not want any eventual \r\n and \n conversions to happen.

For example, if a FTP program recognize an extension as ASCII, it will be transfered as text.
All other extensions, also all unknown, will be binary sent.

Simple way to test if your file was encrypted alright,
is of course to make some decrypt tests with such files.
I mean, save the file and try to decrypt the contents.

Here is what I used. It works perfectly!
I can upload a normal file, download/save it as encrypted directly.
I can upload an encrypted file, download/save it as decrypted directly.
(the uploaded file is not even saved in my site
- script takes data directly from temp upload directory [tmp_name]
encrypt it and send it back)

I used this both for encrypted data file, and for normal file decrypted download:

<?php

//Output processed data for download
header("Content-type: application/force-download");
header("Content-Transfer-Encoding: binary");
header("Content-length: ".strlen($out));
header('Content-Disposition: attachment; filename="'.$outname.'"');
print($out);

exit();
?>

kbc1

Thanks for the prompt response but unfortunately I am none the wiser why my script is not working.

Can you point out the errors or not?

You mentioned i can test if the file was encrypted correctly by decrypting it but the file is not even being sent to the browser for saving. I just simply get a blank screen.

kbc1

It is sorted and i am the biggest dim wit around. MCRYPT was not enabled on my server and I had show errors turned off.