2

I need to be able to encrypt and decrypt a variable, however I also need to know if the decryption was successful. In my code, when I change the $string variable before decryption to something else, I receive random characters.

function encrypt($string) {
    $key = 'password';
    $encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
    return $encrypted;
}
function decrypt($encrypted) {
    $key = 'password';
    $decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
    return $decrypted;
}

$string = 'Hello world.';
if (encrypt($string)) {
    $string = encrypt($string);
    echo $string;
    echo '<br>';
}

if (decrypt($string)) {
    $string = decrypt($string);
    echo $string;
    echo '<br>';
}

Is it possible to detect failed decryption? Thanks.

Improve this question
8
  • What do you mean by a "failed" encryption? Commented Aug 4, 2013 at 12:18
  • When the function outputs random characters due to changing the $string variable right before decryption. I need to be able to detect that. Commented Aug 4, 2013 at 12:19
  • 1
    Why would you chaning the $string variable ? Commented Aug 4, 2013 at 12:24
  • if you are worried about your $string variable getting contaminated from other code, then you should create a class for your data and set your variable to private so that nothing outside your code can modify it. But only if it warrants an entire class, otherwise rename your variable to something really unique that isnt likely to get used in some other part of your code. Commented Aug 4, 2013 at 12:26
  • You are currently not using AES, you are using Rijndael with a block size of 256 bit, and a key size of 128 bit. MD5 is used as a password based key derivation mechanism, which it is not. The IV is not random, which is a requirement for CBC encoding, at least if you want to reuse the key. Commented Aug 4, 2013 at 12:39

1 Answer 1

Reset to default
2

The best way to detect tampering of the ciphertext is to add a MAC (message authentication code) over the ciphertext. This is a signature generated by a secret key. The key used for this should be different from the one used to perform the encryption. One way to do this is to use a KDF (key derivation function) over a master key to generate the two keys.

Alternatively it is possible to use an authenticated cipher such as GCM (Galois Counter Mode).

The authentication data generated by the MAC or by the authenticated cipher is called an authentication tag.

A reasonable implementation of what you are trying to achieve seems to be embedded in the Zend framework:

http://www.zimuel.it/en/english-cryptography-made-easy-with-zend-framework/

Don't forget to retrieve and store the salt together with the ciphertext (call getSalt() after encryption, use setSalt() during decryption). Note that the author confuses the word salt and IV often, which is not a good sign.

Disclaimer: I haven't read through the symmetric cipher code deployed by this component, and I haven't tested the code in any way.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.