Jim Dettman (EE MVE)
asked on
Need to know if I can step through PHP code to understand what the code is doing.
I have some PHP code from a Word Press plugin that I am trying to understand.
The situation is that we are using this plug-in to encrypt data on a web site, which uses the OpenSSL lib and AES-CBC encryption. I need to decrypt the data in a outside system. I have VBA code to decrypt AES, but I can't get it to work.
The plug-in has a test and verification tool where you can type a string, it encrypts it, shows the encrypted text, and then the decrypted text as a check to verify that everything is working correctly. What I am doing is copying the encrypted text and then trying to decrypt with VBA as a test.
I have looked through the plug-in code and found the procedures they are using as part of their verification tool, but I don't fully understand PHP code.
Is there any way on a Word Press site using PHP code that I can step through the code as it executes and inspect variables? That would be very helpful in figuring this out.
If not, I will post the code in another question for help in figuring out the steps that are being used.
Jim.
The situation is that we are using this plug-in to encrypt data on a web site, which uses the OpenSSL lib and AES-CBC encryption. I need to decrypt the data in a outside system. I have VBA code to decrypt AES, but I can't get it to work.
The plug-in has a test and verification tool where you can type a string, it encrypts it, shows the encrypted text, and then the decrypted text as a check to verify that everything is working correctly. What I am doing is copying the encrypted text and then trying to decrypt with VBA as a test.
I have looked through the plug-in code and found the procedures they are using as part of their verification tool, but I don't fully understand PHP code.
Is there any way on a Word Press site using PHP code that I can step through the code as it executes and inspect variables? That would be very helpful in figuring this out.
If not, I will post the code in another question for help in figuring out the steps that are being used.
Jim.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
so I'd suggest just dumping the key to a file right before you run the decrypt:
Excellent....that should get me going. In the plug-in settings, there is a "web site key" and a "password key", but no where could I find what was being used and how. Writing the key like that will help a lot (which is why I asked about stepping through the code at first).
So the decryption routine should:
I'll try that and let you know.
and it is using OpenSSL BTW
Jim.
ASKER
Doesn't look like I'm going to get this resolved for a few days yet. I need to dig up (or write) some VBA code to do the SHA256 hash.
So I'm going to go ahead and close this out. Will ask another question if I get stuck again.
Thanks!
Jim.
So I'm going to go ahead and close this out. Will ask another question if I get stuck again.
Thanks!
Jim.
ASKER
Understood the question, got right to the point, and gave me exactly what I needed!
Jim.
Jim.
ASKER
This new closing process...yuck.
Jim.
Jim.
ASKER
I may need to do that in order to see what's going on. We're trying to get support on the plug-in from the author (this is Gravity Forms Encryption), but from past comments, it seems like they will not answer these types of questions and not knowing PHP, I'm stuck.
Below is the PHP code. I'm using the OpenSSL encryption and where I'm getting hung-up is what their doing with the $key in various places. For example, what they are doing on lines 45-47 (gfef_get_key()).
For their test utility, I tried using:
tester 12345678
and got this as an encrypted string:
GFEncrypt: d88990c33652062f989dfc279a
I know the basics of encryption, what MD5, and SHA256 is, etc, but haven't worked with them a ton, and I can reference all the standard PHP calls, but things like concatenation is what I'm getting lost with. For example, I can't figure out if 'GFEncrypt:' is being passed in as part of the encrypted text of if that is being stripped of (I believe it is - line #58). Also what is being done with $iv.
I'll stop here and let you review.
Jim.
Open in new window