troubleshooting Question

encryption/decryption problems (MCRYPT_MODE_CBC vs. MCRYPT_MODE_ECB) (250pts)

Avatar of tjbriere
tjbriere asked on
PHP
6 Comments1 Solution4367 ViewsLast Modified:
hi, i'm working on a script, that requires encrypting and decrypting data, but i'm still a little new to encryption.

the script works ok, when i encrypt/decrypt in "MCRYPT_MODE_ECB" mode, but not in "MCRYPT_MODE_CBC" mode.

I'd like to use CBC mode, because it's supposed to be considerably safer.

when i switch to MCRYPT_MODE_CBC mode it decrypts all of it correctly, EXCEPT the first small section. I was thinking that maybe the first 'block' wasn't being deypted properly?

anyway, here's my code:

working code:
-----START CODE-----  
// file name: ez_RIJNDAEL_256.inc. this is a lone .inc file
function encr_RIJNDAEL_256($key_in, $plaintext){
       $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
       $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
       $key = $key_in;
       $text = $plaintext;
       $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv);
       return $crypttext;
       }

function decr_RIJNDAEL_256($key_in, $cryptedtext){
       $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
       $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
       $key = $key_in;
       $plaintext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $cryptedtext, MCRYPT_MODE_ECB, $iv);
       return $plaintext;
       }
 -----END CODE-----


The functions are called using:


-----START CODE-----  
// file name: test_ez_RIJNDAEL_256.php
include('myapp.config.php'); // the only setting in this file for now is:
                             // the variable $enc_passwd which contains
                             // the default encryption password.
include('ez_RIJNDAEL_256.inc'); // contains the encryption / decryption
                                // functions listed in the code block above.

// read the unencrypted contents...
$fp = fopen("testfile.htm", "r");
$contents = fread($fp, filesize("testfile.htm"));
fclose($fp);

$encrypted_string=encr_RIJNDAEL_256(md5($enc_passwd), $contents);

print "<br>encrypted string=<hr>".$encrypted_string."<hr><br>";
// note this prints the encrypted string correctly

$decrypted_string=decr_RIJNDAEL_256(md5($enc_passwd), $encrypted_string);
print "<br>decrypted string=<hr>".$decrypted_string."<hr><br>";
-----END CODE-----  
 

this prints the original unencrypted string, just as it should...
but if i modify the ez_RIJNDAEL_256.inc functions to use MCRYPT_MODE_CBC instead of MCRYPT_MODE_ECB, (like in the code below), it messes up...

see the altered code below (not working correctly):
(note all i did was replace all "MCRYPT_MODE_ECB" with "MCRYPT_MODE_CBC")
-----START CODE-----
// file name: ez_RIJNDAEL_256.inc. this is a lone .inc file
function encr_RIJNDAEL_256($key_in, $plaintext){
       $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
       $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
       $key = $key_in;
       $text = $plaintext;
       $crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC, $iv);
       return $crypttext;
       }

function decr_RIJNDAEL_256($key_in, $cryptedtext){
       $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC);
       $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
       $key = $key_in;
       $plaintext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $cryptedtext, MCRYPT_MODE_CBC, $iv);
       return $plaintext;
       }
-----END CODE-----  

the above code returns the [incorrectly] "decrypted" string like this...

-----START OUTPUT-----  
ÙªA8>â¯v04bÖa é-RÛ†÷nA+“UËœN5from here on the string is properly decrypted... why the heck is the start of this string decrypted incorrectly when usinng MCRYPT_MODE_CBC instead of MCRYPT_MODE_ECB ??
-----END OUTPUT-----

why is the start of this string decrypted incorrectly when usinng MCRYPT_MODE_CBC instead of MCRYPT_MODE_ECB ??

I'm stumped, if anyone can help it would be a great help. my code propbably just needs a little tweak i'm not seeing. like i said, i'm new to encryption. could i have a problem with the "$iv"??

i did find scripts using the function mcrypt_cbc(), but it says in the php documentation "This function should not be used anymore". i assume this means it's not as secure as other means, or it has been depreciated, or whatever. there must be a reason it "shouldn't be used anymore"...

thanks in advance, i'm a bit stuck. :-)
T Briere
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros