[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 962
  • Last Modified:

Encrypting/decrypting passwords in plain-text files

Hello all,

I have a settings file for my website which contains an array with important settings, and I want to have several of the values encrypted from plain view and then decrypted when I need to use them (e.g. the passwords to access databases etc.). I've never used the Mcrypt functions in PHP, so I've been trying a small test where I encrypt a variable (entered into a form) which is then encrpyted and written to a file on my server, and then decrypt the variable written to the file. My problem is that when I decrypt the variable, it is not the same as I originally entered.

--encryption--

$fp = fopen('./file.php', 'w');

fwrite($fp, "<?php\n\n\$variable = '" . mcrypt_encrypt(MCRYPT_RIJNDAEL_256, mhash(MHASH_MD5, 'tirg412e1dw'), $_POST['variable'], MCRYPT_MODE_CBC, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_RAND)) . "';\n\n?>");

fclose($fp);

--decryption--

require('./file.php');

echo '<p>$variable = ' . mcrypt_decrypt(MCRYPT_RIJNDAEL_256, mhash(MHASH_MD5, 'tirg412e1dw'), $variable, MCRYPT_MODE_CBC, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_RAND)) . '.</p>';

--end--

I'm assuming that its a problem with the cipher, mode or IV, but I was also wondering if it was a problem that I'm writing it to a file and the character codes were somehow being lost.

Thanks for any help,  Adam.
0
madscientist
Asked:
madscientist
  • 2
1 Solution
 
Vel EousResearch & Development ManagerCommented:
0
 
slyongCommented:
Try this:

//---- To Encrypt ---
<?php
$cipher = "rijndael-128";
$mode = "cbc";
$plain_text = "Hello World";
$secret_key = "01234567890abcde";
$iv = "fedcba9876543210";

$td = mcrypt_module_open($cipher, "", $mode, $iv);
mcrypt_generic_init($td, $secret_key, $iv);

$cyper_text = mcrypt_generic($td, $plain_text);
$hex_text = bin2hex($cyper_text);

$fp = fopen('./file.php', 'w');
fwrite($fp, "<?php\n\n\$variable='".$hex_text."';"."\n\n?>");
fclose($fp);

mcrypt_generic_deinit($td);
mcrypt_module_close($td);
?>

//---- To Decrypt ---
<?php
function hex2bin($hexdata) {
  $bindata="";
 
  for ($i=0;$i<strlen($hexdata);$i+=2) {
   $bindata.=chr(hexdec(substr($hexdata,$i,2)));
  }

  return $bindata;
}

require('./file.php');

$cipher = "rijndael-128";
$mode = "cbc";
$secret_key = "01234567890abcde";
$iv = "fedcba9876543210";

$td = mcrypt_module_open($cipher, "", $mode, $iv);

mcrypt_generic_init($td, $secret_key, $iv);
$decrypted_text = mdecrypt_generic($td, hex2bin($variable));
echo '<p>$variable = ' . trim($decrypted_text). '</p>';
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
?>
0
 
madscientistAuthor Commented:
<sarcasm>I never thought of looking at the PHP manual...</sarcasm>
0
 
Vel EousResearch & Development ManagerCommented:
Obviously not well enough then.

Have a nice day.  :)
0

Featured Post

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now