views:

30

answers:

1

Hi all,

I cannot get an encryption class to work (it's in a seperate file in the classes folder). The code for the class is:

class SymmetricCrypt
{
    // Encryption/decryption key.
    private static $msSecretKey = "Hello";

    // The initialisation vector.
    private static $msHexaIv = "c7098adc8d6128b5d4b4f7b2fe7f7f05";

    // Use the Rijndael Algorithm.
    private static $msCipherAlgorithm = MCRYPT_RIJNDAEL_128;

    public static function Encrypt($plainString)
    {
        $binary_iv = pack("H*", SymmetricCrypt::$msHexaIv);

        // Encrypt source.
        $binary_encrypted_string = mcrypt_encrypt(SymmetricCrypt::$msCipherAlgorithm, SymmetricCrypt::$msSecretKey, $plainString, MCRYPT_MODE_CBC, $binary_iv);

        // Convert $binary_encrypted_string to hexadeciaml format.
        $hexa_encrypted_string = bin2hex($binary_encrypted_string);
        return $hexa_encrypted_string;
    }

    public static function Decrypt($encryptedString)
    {
        $binary_iv = pack("H*", SymmetricCrypt::$msHexaIv);

        // Convert string in hexadecimal to byte array.
        $binary_encrypted_string = pack("H*", $encryptedString);

        // Decrypt $binary_encrypted_string,
        $decrypted_string = mcrypt_decrypt(SymmetricCrypt::$msCipherAlgorithm, SymmetricCrypt::$msSecretKey, $binary_encrypted_string, MCRYPT_MODE_CBC, $binary_iv);

        return $decrypted_string;
    }
}

This is how I am calling the class:

require_once 'classes/symmetric_crypt.php';
$sc = new SymmetricCrypt();
$password = "password";
$ec_password = $sc->Encrypt($password);

... insert into database.

If I echo the contents of $password, then it displays "password". If I echo $ec_password, it returns nothing.

I've used it before on a different project on a different server. Could it be something server-related? Any other ideas?

Thanks,

Adrian

A: 

Works here.

Two notes:

  • Your initialization vectors should not be reused. Otherwise, it gets easier to find the encryption key (see WEP).
  • Like premiso saids, you should not stored store passwords as decryptable strings. Use salted hashes with strong hash functions (not MD5!).
Artefacto