Hi,
I had an hard time converting my code from mcrypt 2.2.x to 2.4.x. There is a
big lack of info about the difference between the two and I could not find
anything to help me make the move.
My problem was not getting things to work with either version of mcrypt,
there are plenty of examples available for both versions. My problem was
getting libmcrypt 2.4.x decrypting the data previously encrypted by 2.2.x.
Here's some general info for anyone interested. I would have been very
pleased to find this will searching the archive and I didn't, so I am doing
it for anybody else facing the same problem.
1) PHP linked with libmcrypt 2.2.x is not too picky about Initialization
Vectors, but with 2.4.x, it will give a warning message if you don't specify
one with some of the functions or simply wont work with others. Check my
example code below to see what I did.
2) PHP will segfault if you use a key size with the wrong lenght with 2.4.x
and it won't with 2.2.x. Be very careful about the lenght of your key in
2.4.x, what worked previously might not work now.
Decryption under libmcrypt 2.2.x:
-----
$clear_text = mcrypt_cbc ($cipher, $key, hex2bin($crypted_text),
MCRYPT_DECRYPT);
-----
Encryption under libmcrypt 2.2.x:
-----
$crypted_text = bin2hex(mcrypt_cbc ($cipher, $key, $clear_text,
MCRYPT_ENCRYPT));
-----
The following code is what I had to do to get a similar (compatible) behaviour
under libmcrypt 2.4.x. Note that I create an initialization vector filled
with "\0" characters, which is, I believe, the default behavior with
libmcrypt 2.2.x. The PHP manual somewhere recommends to use "0" if you do not
want to use an initialization vector. This did not work for me, as this is
not the default 2.2.x behavior. I think the manual should be modified as it
greatly confiused me.
Encryption under libmcrypt 2.4.x:
-----
$td = mcrypt_module_open ($cipher, "", MCRYPT_MODE_CBC, "");
$i = 0;
while ($i < mcrypt_enc_get_iv_size ($td)) {
$iv .= "\0";
$i++;
}
mcrypt_generic_init ($td, $key, $iv);
$crypted_text = bin2hex(mcrypt_generic($td, $plain_text));
mcrypt_generic_end ($td);
-----
Decryption under libmcrypt 2.4.x:
-----
$td = mcrypt_module_open ($cipher, "", MCRYPT_MODE_CBC, "");
$i = 0;
while ($i < mcrypt_enc_get_iv_size ($td)) {
$iv .= "\0";
$i++;
}
mcrypt_generic_init ($td, $key, $iv);
$plain_text = mdecrypt_generic($td, hex2bin($crypted_text));
mcrypt_generic_end ($td);
-----
In these snippets, $crypted_text is the encrypted data in hexadecimal format.
This allows data to be stored (in DB's for example) or displayed without
problems. You need the following function:
function hex2bin($data) {
$len = strlen($data);
return pack("H" . $len, $data);
}
Hope this can help someone..
Thank you,
Cedric
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
