0

I'm using PHP mcrypt to encrypt and decrypt values to a flat file in Windows 7.

If I write the value directly with no other information and decrypt it out of the file the algorithm works fine. If I try to encode it as a key/value pair (password=xxxxxx) and use explode() to parse out the pair at the "=" sign, the decrypt function hands back something other than what was put in.

I'm using trim() to cut off any whitespace (it looks like it might be carrying an EOL character), and have tried parsing out the key and value manually as well.

Nothing seems to be working. Has anyone else seen this issue and if so, how did you get past it?

Encrypt/decrypt code: 

function encrypt ($strToEncrypt) {
    global $td, $iv, $key;

    /* Intialize encryption */
    mcrypt_generic_init($td, $key, $iv);

    /* Encrypt data */
    $encrypted = mcrypt_generic($td,$strToEncrypt);
    echo "encrypted = " . $encrypted . "<BR>";
    return $encrypted;
}

function decrypt($strToDecrypt) {
    global $td, $iv, $key;

    /* Initialize encryption */
    mcrypt_generic_init($td, $key, $iv);

    /* Decrypt data */
    $decrypted = mdecrypt_generic($td, $strToDecrypt);
    return $decrypted; 
}
?>

File manipulation code: 

include 'libEncryption.php';
$tempStr ="";
$tempStr2="";
try {
    $nextPage = $_REQUEST["NEXTPAGE"];
    switch ($nextPage) 
    {
        case "ENCRYPT":
            echo 'String to encrypt = ' . $_POST["txtSeedStr"] ."<BR>";
            if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
                $file = fopen("C:\\temp\\EncryptTest.txt", "wb") or exit("Unable to open file!");
            } else {
                $file = fopen("//home/prem03/EncryptTest.txt", "w") or exit("Unable to open file!");
            }
            fwrite($file, "username=web_app\npassword=");
            $tempStr = encrypt($_POST["txtSeedStr"]);
            fwrite($file, $tempStr, strlen($tempStr));
            fwrite($file, "\n");
            fwrite($file, "DBNAME=DEV11");
            fclose($file);
            break;
        case "DECRYPT":
            if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
                $file = fopen("C:\\temp\\EncryptTest.txt", "rb") or exit("Unable to open file!");
            } else {
                $file = fopen("//home/prem03/EncryptTest.txt", "r") or exit("Unable to open file!");
            }
            if ($file) {
                while (!feof($file)) {
                    $str1=fgets($file);
                    echo "str1 = " . $str1 . "<br>";
                    list($key,$value) = explode("=",$str1);
                    $var1=strlen(trim($value));
                    echo "key = ".$key.' value = '.trim($value) . ' ' . $var1 . "<br />";
                    if ($key == "password") {
                        $var2 = trim($value);
                        $tempStr2 = decrypt($var2);
                        echo 'tempStr2 = ' . $tempStr2 . "<BR>";
                    }
                }

            }
            fclose($file);
            break;
        default:
            break;
    } 
} catch (Exception $ex) {
    echo $ex->getMessage();
}  
?>
Mike Preston
  • 153
  • 1
  • 9

1 Answers1

0

I found the error - it was a typical greenhorn mistake. I used the variable $key in two different contexts - one in the encryption library file, which is where I wanted to use the variable, and again in the file manipulation code, where I changed the value of $key based on the string I was exploding. My thanks to the NetBeans IDE and xdebug for illuminating my logic flaw.

Mike Preston
  • 153
  • 1
  • 9