Hi all,
I'm looking at a way of encrypting AND decrypting a string (cc#) with a key.
I plan to store the key in a file outside the docroot, and have asked the
ISP for as much advice as possible to protect the key file.
Anyway, since it needs to be encrypted and decrypted with a key, I obviously
can't use the old faithfull md5(), and from my understanding of the manual,
crypt() is also one-way.
Then I found mcrypt_encrypt() and mcrypt_decrypt().
Paraphrasing the samples in the php manual, does the below code achieve what
I want, assuming that the key would usually be stored in a separate file
outside the docroot?
<?
$iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_RIJNDAEL_256,
MCRYPT_MODE_ECB), MCRYPT_RAND);
$key = "This is a very secret key";
$text = "11112222333344445555";
echo "plain string: {$text}<BR>";
$crypttext = mcrypt_encrypt (MCRYPT_RIJNDAEL_256, $key, $text,
MCRYPT_MODE_ECB, $iv);
echo "encoded string: {$crypttext}<BR>";
$dectext = mcrypt_decrypt (MCRYPT_RIJNDAEL_256, $key, $crypttext,
MCRYPT_MODE_ECB, $iv);
echo "decoded string: {$dectext}<BR>";
?>
I'm getting the following error using 4.1.1:
"Fatal error: Call to undefined function: mcrypt_create_iv() in
/usr/local/apache/htdocs/tests/enc.php on line 3"
Which is confusing, given that the manual says mcrypt_create_iv() is
available in PHP 4.
Any ideas / contributions / pointers?
Justin French
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
