Solved

Encrypting/decrypting passwords in plain-text files

Posted on 2007-03-18
4
948 Views
Last Modified: 2008-02-01
Hello all,

I have a settings file for my website which contains an array with important settings, and I want to have several of the values encrypted from plain view and then decrypted when I need to use them (e.g. the passwords to access databases etc.). I've never used the Mcrypt functions in PHP, so I've been trying a small test where I encrypt a variable (entered into a form) which is then encrpyted and written to a file on my server, and then decrypt the variable written to the file. My problem is that when I decrypt the variable, it is not the same as I originally entered.

--encryption--

$fp = fopen('./file.php', 'w');

fwrite($fp, "<?php\n\n\$variable = '" . mcrypt_encrypt(MCRYPT_RIJNDAEL_256, mhash(MHASH_MD5, 'tirg412e1dw'), $_POST['variable'], MCRYPT_MODE_CBC, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_RAND)) . "';\n\n?>");

fclose($fp);

--decryption--

require('./file.php');

echo '<p>$variable = ' . mcrypt_decrypt(MCRYPT_RIJNDAEL_256, mhash(MHASH_MD5, 'tirg412e1dw'), $variable, MCRYPT_MODE_CBC, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC), MCRYPT_RAND)) . '.</p>';

--end--

I'm assuming that its a problem with the cipher, mode or IV, but I was also wondering if it was a problem that I'm writing it to a file and the character codes were somehow being lost.

Thanks for any help,  Adam.
0
Comment
Question by:madscientist
  • 2
4 Comments
 
LVL 14

Expert Comment

by:Tchuki
ID: 18744654
0
 
LVL 24

Accepted Solution

by:
slyong earned 125 total points
ID: 18744909
Try this:

//---- To Encrypt ---
<?php
$cipher = "rijndael-128";
$mode = "cbc";
$plain_text = "Hello World";
$secret_key = "01234567890abcde";
$iv = "fedcba9876543210";

$td = mcrypt_module_open($cipher, "", $mode, $iv);
mcrypt_generic_init($td, $secret_key, $iv);

$cyper_text = mcrypt_generic($td, $plain_text);
$hex_text = bin2hex($cyper_text);

$fp = fopen('./file.php', 'w');
fwrite($fp, "<?php\n\n\$variable='".$hex_text."';"."\n\n?>");
fclose($fp);

mcrypt_generic_deinit($td);
mcrypt_module_close($td);
?>

//---- To Decrypt ---
<?php
function hex2bin($hexdata) {
  $bindata="";
 
  for ($i=0;$i<strlen($hexdata);$i+=2) {
   $bindata.=chr(hexdec(substr($hexdata,$i,2)));
  }

  return $bindata;
}

require('./file.php');

$cipher = "rijndael-128";
$mode = "cbc";
$secret_key = "01234567890abcde";
$iv = "fedcba9876543210";

$td = mcrypt_module_open($cipher, "", $mode, $iv);

mcrypt_generic_init($td, $secret_key, $iv);
$decrypted_text = mdecrypt_generic($td, hex2bin($variable));
echo '<p>$variable = ' . trim($decrypted_text). '</p>';
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
?>
0
 

Author Comment

by:madscientist
ID: 18744911
<sarcasm>I never thought of looking at the PHP manual...</sarcasm>
0
 
LVL 14

Expert Comment

by:Tchuki
ID: 18745149
Obviously not well enough then.

Have a nice day.  :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Consider the following scenario: You are working on a website and make something great - something that lets the server work with information submitted by your users. This could be anything, from a simple guestbook to a e-Money solution. But what…
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now