|
|
 |
LIV. Mcrypt Encryption FunctionsIntroduzione
This is an interface to the mcrypt library, which supports a wide
variety of block algorithms such as DES, TripleDES, Blowfish
(default), 3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2 and
GOST in CBC, OFB, CFB and ECB cipher modes. Additionally, it
supports RC6 and IDEA which are considered "non-free".
Requisiti
These functions work using .
If you linked against libmcrypt 2.4.x or higher, the following additional
block algorithms are supported: CAST, LOKI97, RIJNDAEL, SAFERPLUS,
SERPENT and the following stream ciphers: ENIGMA (crypt), PANAMA, RC4 and
WAKE. With libmcrypt 2.4.x or higher another cipher mode is also
available; nOFB.
Istallazione
To use it, download libmcrypt-x.x.tar.gz from and follow the included installation
instructions. You need to compile PHP with the --with-mcrypt parameter to enable this
extension. Make sure you compile libmcrypt with the option --disable-posix-threads.
Resource TypeQuesta estensione non definisce alcun tipo di risorsa. Costanti Predefinite
Queste costanti sono definite da questa estensione e
sono disponibili solo se l'estensione � stata compilata
nel PHP o se � stata caricata dinamicamente a runtime.
Mcrypt can operate in four block cipher modes (CBC, OFB, CFB, and
ECB). If linked against libmcrypt-2.4.x or higher the functions can also operate
in the block cipher mode nOFB and in STREAM mode. Below you find a list
with all supported encryption modes together with the constants that are
defines for the encryption mode. For a more complete reference and
discussion see Applied Cryptography by Schneier (ISBN 0-471-11709-9).
MCRYPT_MODE_ECB (electronic codebook) is suitable for random data,
such as encrypting other keys. Since data there is short and random,
the disadvantages of ECB have a favorable negative effect.
MCRYPT_MODE_CBC (cipher block chaining) is especially suitable for
encrypting files where the security is increased over ECB
significantly.
MCRYPT_MODE_CFB (cipher feedback) is the best mode for encrypting byte
streams where single bytes must be encrypted.
MCRYPT_MODE_OFB (output feedback, in 8bit) is comparable to CFB, but
can be used in applications where error propagation cannot
be tolerated. It's insecure (because it operates in 8bit
mode) so it is not recommended to use it.
MCRYPT_MODE_NOFB (output feedback, in nbit) is comparable to OFB, but
more secure because it operates on the block size of the algorithm.
MCRYPT_MODE_STREAM is an extra mode to include some stream algorithms
like WAKE or RC4.
Some other mode and random device constants:
Mcrypt ciphers
Here is a list of ciphers which are currently supported by the mcrypt
extension. For a complete list of supported ciphers, see the defines at
the end of mcrypt.h. The general rule with the
mcrypt-2.2.x API is that you can access the cipher from PHP with
MCRYPT_ciphername. With the libmcrypt-2.4.x and libmcrypt-2.5.x API these constants also work,
but it is possible to specify the name of the cipher as a string with a
call to mcrypt_module_open().
MCRYPT_3DES MCRYPT_ARCFOUR_IV (libmcrypt > 2.4.x only) MCRYPT_ARCFOUR (libmcrypt > 2.4.x only) MCRYPT_BLOWFISH MCRYPT_CAST_128 MCRYPT_CAST_256 MCRYPT_CRYPT MCRYPT_DES MCRYPT_DES_COMPAT (libmcrypt 2.2.x only) MCRYPT_ENIGMA (libmcrypt > 2.4.x only, alias for MCRYPT_CRYPT) MCRYPT_GOST MCRYPT_IDEA (non-free) MCRYPT_LOKI97 (libmcrypt > 2.4.x only) MCRYPT_MARS (libmcrypt > 2.4.x only, non-free) MCRYPT_PANAMA (libmcrypt > 2.4.x only) MCRYPT_RIJNDAEL_128 (libmcrypt > 2.4.x only) MCRYPT_RIJNDAEL_192 (libmcrypt > 2.4.x only) MCRYPT_RIJNDAEL_256 (libmcrypt > 2.4.x only) MCRYPT_RC2 MCRYPT_RC4 (libmcrypt 2.2.x only) MCRYPT_RC6 (libmcrypt > 2.4.x only) MCRYPT_RC6_128 (libmcrypt 2.2.x only) MCRYPT_RC6_192 (libmcrypt 2.2.x only) MCRYPT_RC6_256 (libmcrypt 2.2.x only) MCRYPT_SAFER64 MCRYPT_SAFER128 MCRYPT_SAFERPLUS (libmcrypt > 2.4.x only) MCRYPT_SERPENT(libmcrypt > 2.4.x only) MCRYPT_SERPENT_128 (libmcrypt 2.2.x only) MCRYPT_SERPENT_192 (libmcrypt 2.2.x only) MCRYPT_SERPENT_256 (libmcrypt 2.2.x only) MCRYPT_SKIPJACK (libmcrypt > 2.4.x only) MCRYPT_TEAN (libmcrypt 2.2.x only) MCRYPT_THREEWAY MCRYPT_TRIPLEDES (libmcrypt > 2.4.x only) MCRYPT_TWOFISH (for older mcrypt 2.x versions, or mcrypt > 2.4.x ) MCRYPT_TWOFISH128 (TWOFISHxxx are available in newer 2.x versions, but not in the 2.4.x versions) MCRYPT_TWOFISH192 MCRYPT_TWOFISH256 MCRYPT_WAKE (libmcrypt > 2.4.x only) MCRYPT_XTEA (libmcrypt > 2.4.x only)
You must (in CFB and OFB mode) or can (in CBC mode) supply an
initialization vector (IV) to the respective cipher function. The
IV must be unique and must be the same when
decrypting/encrypting. With data which is stored encrypted, you
can take the output of a function of the index under which the
data is stored (e.g. the MD5 key of the filename).
Alternatively, you can transmit the IV together with the encrypted
data (see chapter 9.3 of Applied Cryptography by Schneier (ISBN 0-471-11709-9) for a
discussion of this topic).
Esempi
Mcrypt can be used to encrypt and decrypt using the above
mentioned ciphers. If you linked against libmcrypt-2.2.x, the
four important mcrypt commands (mcrypt_cfb(),
mcrypt_cbc(), mcrypt_ecb(),
and mcrypt_ofb()) can operate in both modes
which are named MCRYPT_ENCRYPT and MCRYPT_DECRYPT, respectively.
Esempio 1. Encrypt an input value with TripleDES under 2.2.x in ECB mode <?php
$key = "this is a very secret key";
$input = "Let us meet at 9 o'clock at the secret place.";
$encrypted_data = mcrypt_ecb (MCRYPT_3DES, $key, $input, MCRYPT_ENCRYPT);
?> |
|
This example will give you the encrypted data as a string in
$encrypted_data.
If you linked against libmcrypt 2.4.x or 2.5.x, these functions are still
available, but it is recommended that you use the advanced functions.
Esempio 2. Encrypt an input value with TripleDES under 2.4.x and higher in ECB mode <?php
$key = "this is a very secret key";
$input = "Let us meet at 9 o'clock at the secret place.";
$td = mcrypt_module_open ('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
mcrypt_generic_init ($td, $key, $iv);
$encrypted_data = mcrypt_generic ($td, $input);
mcrypt_generic_end ($td);
?> |
|
This example will give you the encrypted data as a string in
$encrypted_data. For a full example see
mcrypt_module_open().
User Contributed Notes
Mcrypt Encryption Functions |
  |
[email protected]
30-Jun-1999 02:31 |
|
For a practical example suitable for encrypting and
validating cookies
or passing secure messages,
go to
|
|
[email protected]
10-Feb-2000 12:21 |
|
the encrypted result data maybe binary data and It make errors in sql
query.
so use the base64_encode/base64_decode function with
mcrypt()
try
below
base64_encode(mcrypt_ecb(MCRYPT_BLOWFISH,$key,$input,MCRYPT_ENCRYPT));
mcrypt_ecb(MCRYPT_BLOWFISH,$key,base64_decode($input),MCRYPT_DECRYPT);
|
|
[email protected]
11-Jun-2001 07:56 |
|
If you are interested to see a blowfish implementation written in plain
php, go to
I
was just testing if it is possible. Yes it is, but it's really slow and
unoptimized yet :( Maybe somebody knows how to speed the code up
?
Bye
Bjoern
|
|
[email protected]
27-Jun-2001 06:05 |
|
If you are trying to use mcrypt to encrypt and decrypt data for storing in
cookies, then you should use bin2hex() before storing the data.
If
you use rawurlencode() instead, then Internet Explorer does something
fishy with the cookie, and when you try and use mdecrypt on the cookie
later, the decrypt fails part way through.
|
|
[email protected]
18-Jul-2001 01:01 |
|
Mcrypt support in PHP has gone through cycles and it seems to have finally
leveled off.
First, get libmcrypt-2.4.15 (well, that was the
lastest as of today) and compile it. Pay no attention to the mcrypt
examples in this manual as most of them will simply cause your web server
to segfault. Here are some functions that I hope will help others with
mcrypt.
PHP Manual Editor : Can you remove all the outdated
comments and examples from the manual? It was seriously confusing to get
to the bottom of the problems I had starting to use mcrypt and it's fairly
straight forward now, I just think the PHP manual needs some updating in
this area. Note that it seems Zend's manual pages have been updated as
that's where I finally got some working example
code.
Thanks!!!
$sCryptoKey =
"whatever";
function
my_encrypt($sString)
{
GLOBAL $sCryptoKey;
$iIV = mcrypt_create_iv
(mcrypt_get_iv_size (MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB),
MCRYPT_RAND);
$sEncrypted = mcrypt_encrypt
(MCRYPT_RIJNDAEL_256, $sCryptoKey, $sString, MCRYPT_MODE_ECB,
$iIV);
return($sEncrypted);
} // End function
my_encrypt
function
my_decrypt($sString)
{
GLOBAL $sCryptoKey;
$iIV = mcrypt_create_iv
(mcrypt_get_iv_size (MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB),
MCRYPT_RAND);
$sDecrypted =
mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $sCryptoKey, $sString,
MCRYPT_MODE_ECB,
$iIV);
return(trim($sDecrypted));
} // End
function my_decrypt
|
|
[email protected]
19-Jul-2001 03:34 |
|
According to the mcrypt manual page at
, RC4 is not included with Mcrypt(as stated above). If anyone else is
looking for RC4, as I was, there is a PHP library at sourceforge.net
called RC4Crypt.
|
|
[email protected]
03-Aug-2001 01:37 |
|
If you compiled mcrypt and php without problem, but phpinfo() shows there
are no supported ciphers and modes, try to change mode to 755 on libdirs
(/usr/local/libmcrypt, /usr/local/libcrypt).
|
|
[email protected]
13-Aug-2001 07:12 |
|
The example2 contain this key:
$key = "this is a very secret
key";
It's a 25 character length key and the max for
TripleDES is 24 characters...
|
|
[email protected]
08-Feb-2002 05:45 |
|
I had some problems trying to link mcrypt module with PhP 4.1.1.
After
sometimes, I figured that the PhP configure command incorrectly adds
mcrypt library to the LIBS
//Original code
#LIBS="-lmcrypt
#
-L$MCRYPT_DIR/lib
# $LIBS"
// modify like
this:
LIBS=$LIBS" -lmcrypt"
LIBS="
-L$MCRYPT_DIR/lib
$LIBS"
Hope this helps,
Leon
|
|
[email protected]
17-Mar-2002 02:13 |
|
if you download
you can use rc4 encryption with PHP 4.*.* on windows.
regester
the dll by going to the directory and typing (regsvr32 rc4dll.dll)
use
<?
$RC4 = new
COM("RC4DLL.Crypt") or die("Unable to load RC4");
echo "(Hello World) encrypted with (My Key) as the key";
echo $RC4->EnCrypt("Hello World","My
Key");
echo "\n";
echo "(x�����+�0�б) encrypted
with (My Key) as the key";
echo
$RC4->EnCrypt("�1���N\�-��","My Key");
?>
|
|
[email protected]
28-Mar-2002 08:28 |
|
If you are using ECB mode to encrypt it does not seem to use the iv
(initialization vector) for much of anything, given the same key it will
always decrypt it no matter what the iv is. If you use CBC mode you must
decrypt with the same iv that you encrypted with.
If you use a
different iv before decrypting, your decrypt will not work. IMHO it seems
better to use CBC mode than ECB as ECB will always encrypt to the same
cipher text given the same plain text (leaving you open to know plaintext
attacks). CBC uses the random iv which means text encrypts to different
things. You probably could get the same effect from using random keys in
ECB mode.
Read that in the Schneier book - Applied Cryptography
(ISBN 0-471-11709-9) This book is a must for anyone seriously using any
type of encryption.
|
|
|
26-Jun-2002 12:20 |
|
If your a windows PHP user, you can download the Mcrypt Encryption
Functions for in
a nice package. Too bad their site is down right now
:o(
|
|
|
|
[email protected]
05-Sep-2002 07:04 |
|
If you have PROBLEMS WITH MCRYPT and you NEED STRONG ENCRYPTION, you can
use my algorythm...
A flipping array is used as the key; the
default key will generate about 480 characters of 255
possibilities...
You can say it's like a 3840 bits key with about
256^480 possibilities I hope you have enough time before hackers find your
key...
Enough spoken, here is your code [scrypt class, based on
strongcrypt full class] :
class scrypt {
var $key;
function
gen_key ($pass, $level=30) {
for ($i=0; $i<$level; $i++)
$mymd[$i]=md5(substr($pass,($i%strlen($pass)),1));
for ($a=0;
$a<32; $a++) for ($i=0; $i<$level; $i++)
$key.=substr($mymd[$i],$a,1);
$this->key=$key;
}
function
enc ($text, $method=1) { # 1=encrypt, 0=decrypt
if ($method==0) {
$key=str_replace("3", "j",
str_replace("2", "i", str_replace("1",
"h", str_replace("0", "g", $key))));
$key=str_replace("7", "n", str_replace("6",
"m", str_replace("5", "l",
str_replace("4", "k", $key))));
$key=str_replace("b", "4", str_replace("a",
"5", str_replace("9", "6",
str_replace("8", "7", $key))));
$key=str_replace("f", "0", str_replace("e",
"1", str_replace("d", "2",
str_replace("c", "3", $key))));
$key=str_replace("j", "c", str_replace("i",
"d", str_replace("h", "e",
str_replace("g", "f", $key))));
$key=str_replace("n", "8", str_replace("m",
"9", str_replace("l", "a",
str_replace("k", "b", $key))));
$text=base64_decode($text);
}
for ($i=0; $i<strlen($key);
$i=$i+2) $d[$i/2]=hexdec(substr($key,$i,2));
for ($i=0,
$ntext=""; substr($text, $i, 1) !=""; $i++)
$ntext.=chr((ord(substr($text, $i, 1))+$d[($i%strlen($key))])%255);
if ($method==1) $ntext=base64_encode($ntext);
return ($ntext);
}
}
you can use it like this :
$sc=new
scrypt;
$pass="my pass";
$text="woow, what a
text";
$sc->genkey($pass); # send the pass to generate the
key
echo $sc->encrypt($text); # crypted text you can share in your
mysql db or other
echo $sc->encrypt($encrypted,0); # shows you the
decrypted text in the var called $encrypted
if you want to become
the full strongcrypt class :
class strongcrypt {
function
genkey ($pass) {
for ($i=0; $i<30; $i++)
$mymd[$i]=md5(substr($pass,($i%strlen($pass)),1));
for ($a=0;
$a<32; $a++) {
for ($i=0; $i<30; $i++)
$key.=substr($mymd[$i],$a,1);
if ($a%2==1 && $a<31)
$key.="\n";
}
return ($key);
}
function
genpub ($key) {
$key=str_replace("1", "h",
str_replace("0", "g", $key));
$key=str_replace("3", "j", str_replace("2",
"i", $key));
$key=str_replace("5", "l",
str_replace("4", "k", $key));
$key=str_replace("7", "n", str_replace("6",
"m", $key));
$key=str_replace("9", "6",
str_replace("8", "7", $key));
$key=str_replace("b", "4", str_replace("a",
"5", $key));
$key=str_replace("d", "2",
str_replace("c", "3", $key));
$key=str_replace("f", "0", str_replace("e",
"1", $key));
$key=str_replace("h", "e",
str_replace("g", "f", $key));
$key=str_replace("j", "c", str_replace("i",
"d", $key));
$key=str_replace("l", "a",
str_replace("k", "b", $key));
$key=str_replace("n", "8", str_replace("m",
"9", $key));
return ($key);
}
function
encrypt($text, $key) {
$key=str_replace("\n", "",
$key);
for ($i=0; $i<strlen($key); $i=$i+2)
$d[$i/2]=hexdec(substr($key,$i,2));
for ($i=0, $ntext="";
substr($text, $i, 1) !=""; $i++) $ntext.=chr((ord(substr($text,
$i, 1))+$d[($i%strlen($key))])%255);
$ntext=base64_encode($ntext);
return ($ntext);
}
function
decrypt($text, $key) {
$key=str_replace("\n", "",
$key);
$text=base64_decode($text);
for ($i=0;
$i<strlen($key); $i=$i+2) $d[$i/2]=hexdec(substr($key,$i,2));
for
($i=0, $ntext=""; substr($text, $i, 1) !=""; $i++)
$ntext.=chr((ord(substr($text, $i, 1))+$d[($i%strlen($key))])%255);
return ($ntext);
}
}
If you need help, you can mail.
If
there is a better method, please mail me.
TCK
|
|
|
|
| |
mcal_week_of_year