php decrypt encrypted data

Question

After encrypting a string "1234567890", I used hex2bin function to convert the encrypted string into binary format and got "ea359482e4b20603bfe9".

But my attempt to decrypt it back to 1234567890 fails (always get the wired characters).

What am I missing?

Here is a sample.

<?php

$text = "1234567890";
$key = "TestingKey";
echo "SRC: ".$text."<br/>";

$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CFB), MCRYPT_RAND);
$encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CFB, $iv);
//$encrypted = bin2hex($encrypted);
$encrypted = "ea359482e4b20603bfe9"; //this was one of the string that came out.
echo "ENC: ".$encrypted."<br/>";

$encrypted = hex2bin($encrypted);
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted, MCRYPT_MODE_CFB, $iv);
echo "DEC: ".$decrypted."<br/>"; 

function hex2bin($text)
{
    $len = strlen($text); 
    for($i=0;$i<$len;$i+=2)
    {
        $binary .= pack("C",hexdec(substr($text,$i,2))); 
    }
    return $binary; 
}

?>

Thank you!

salathe · Accepted Answer · 2011-06-21 17:37:03Z

3

Change your hex2bin() function to the following, and the rest of your script will work just fine.

function hex2bin($text)
{
    return pack('H*', $text);
}

For what it's worth, the "missing" hex2bin() function was recently added to the PHP source code and will likely be released with PHP 5.4.0.

answered Jun 21, 2011 at 17:37

salathe

52.1k12 gold badges107 silver badges134 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Patrick · Accepted Answer · 2011-06-21 17:48:04Z

Why are you using hexbin at all? Just use PHP's mcrypt_decrypt() and mycrypt_encrypt() functions and be done with it. They essentially take the same parameters, the only difference is the state of the data string your passing to it.

PHP.net Says:

mcrypt_encrypt ( string $cipher , string $key , string $data , string $mode [, string $iv ] ) mcrypt_decrypt ( string $cipher , string $key , string $data , string $mode [, string $iv ] )

So here is some sample code I whipped together for you...

<?php
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

$key = "This is a very secret key";
$text = "Meet me at 11 o'clock behind the monument.";

//Lets encrypt it
$encrypted_text = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
echo "Here is the encrypted text: $encrypted_text\n<br>\n";

//Do whatever with it. Store it, transmit it, whatever...

//Ok, I want it back. Lets decrypt it.
$decrypted_text = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted_text, MCRYPT_MODE_ECB, $iv);

//Hooray, the data is back!
?>

maaudet · Accepted Answer · 2011-06-21 17:28:14Z

0

For that kind of work I usually use base64_encode and decode and it works with code similar to yours.

answered Jun 21, 2011 at 17:28

maaudet

2,3584 gold badges20 silver badges29 bronze badges

2 Comments

Felasfaw Over a year ago

Thank you Manhim. Unfortunately, I've to use mcrypt_encrypt as the project I'm working on needs to use this approach.

maaudet Over a year ago

@Felasfaw I mean, rather then hex2bin, not for encryption o.O

Community · Accepted Answer · 2023-11-17 19:22:09Z

0

mcrypt_encrypt already returns the encrypted data as a string - why go through the further conversion? If you're worried about transport (eg email) then you could use base64 encode/decode after encryption, if you're worried about database storage just make sure you escape the string in the SQL (or use database parameters).

Also, "It is better not to use ASCII strings for keys." Try instead:

$key=hash("SHA256", "TestingKey", true);

edited Nov 17, 2023 at 19:22

CommunityBot

11 silver badge

answered Jun 21, 2011 at 17:34

Rudu

15.9k4 gold badges51 silver badges66 bronze badges

Comments

MacMac · Accepted Answer · 2011-06-21 17:36:33Z

0

You could use two simple functions:

define('SALT', 'your secret salt');

function encrypt($text) 
{ 
    return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SALT, $text, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)))); 
}

function decrypt($text) 
{ 
    return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, SALT, base64_decode($text), MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))); 
}

answered Jun 21, 2011 at 17:36

MacMac

35.5k55 gold badges153 silver badges224 bronze badges

1 Comment

maaudet Over a year ago

Don't you need to use the same IV for the same encrypted string? Or I just fail at encryption?

Collectives™ on Stack Overflow

php decrypt encrypted data

5 Answers 5

Comments

Comments

2 Comments

Comments

1 Comment

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

Comments

Comments

2 Comments

Comments

1 Comment

Related