All geek questions in one place

Mcrypt encrypt appends s-link '% 00' to end of line

Working with OAuth and encrypting keys with the following function with a string that we will call "foo" (actually an OAuth token)

public function encrypt( $text ) { // add end of text delimiter $data = mcrypt_encrypt( MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv ); return base64_encode( $data ); }

When I decrypt it using the inverse function, I get:

Function:

  public function decrypt( $text ) { $text = base64_decode( $text ); return mcrypt_decrypt( MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv ); }

Result:

foo%00%00%00%00%00%00%00%00%00%00%00%00%00%00

Edit:

After looking at it a bit, I realized that this is actually URL% 00 encoding, which means that my lines are somehow padded with null characters? Therefore, I use trim () to get rid of them, but I would like to understand why this is happening.

+6
source share
3 answers

Rijndael is a cypher block , which means that it works with pieces of data of a certain length (in this case, 128 bits). This means that if the length of the input text is not a multiple of the size of the block, it must be supplemented to fit. Indents are zeros in this case; There are a number of other possible add-on schemes that can be used, but if you want them using PHP mcrypt, you have to apply them manually.

+6
source

You can fix this with this method to get rid of fill characters: in our case, we use Zend.

 $filter = new Zend_Filter_Decrypt(array('adapter' => 'mcrypt')); $filter->setVector($lpt->_seed); str_replace("\x0", '', trim($filter->filter(base64_decode($textToDecrypt))));
+1
source

MCRYPT_MODE_ECB means you are using ECB, block encryption mode. Block ciphers can be processed for either block cipher mode or stream encryption modes. The common block encryption modes are ECB and CBC, the common stream encryption mode is CTR, better known as the counter mode.

MCRYPT_RIJNDAEL_128 is an implementation of AES. AES is a Rijndael cipher with a block size of 128 bits and three possible key sizes, 128, 192 and 256 bits. Therefore, if you use block cipher encryption mode, then you need to split up plain text of 128 bits - 16 bytes each. Of course, this leaves you with the question of what to do if the last block is not 16 bytes.

PHP mcrypt_encrypt more or less leaves this to the user. It fills with 00 if the block is not filled to the size of the block. This is normal if the input is a string; you can just trim from characters 00 from the returned string. If the input data, however, the binary data ends with the character 00 , than this character is lost (+ any other character that is taken from the beginning and end of the line, of course). You can also send the length of the string encrypted along with the plaintext, of course.

For a better scheme, you only need to see the PKCS # 7 add-on. Several code snippets for implementing the add-on can be found in the mcrypt_encrypt comments mcrypt_encrypt .

mcrypt_encrypt does not currently seem to support streaming modes for AES, so the option is disabled if you want to keep the PHP mcrypt library.

+1
source

Source: https://habr.com/ru/post/885953/

More articles:


All Articles