|
|
 |
LX. Mcrypt暗号化関数
この関数は、CBC, OFB, CFB ,ECB 暗号モードのDES,TripleDES,Blowfish
(デフォルト),3-WAY, SAFER-SK64, SAFER-SK128, TWOFISH, TEA, RC2
,GOST のような広範なブロックアルゴリズムをサポートするmcryptライブ
ラリへのインターフェースです。加えて、"フリーではない" と思われる
RC6 および IDEA もサポートします。
注意: この拡張モジュールはWindows環境
では利用できません。
ここで示す関数は、 を
使用して動作します。この拡張モジュールを使用するには、 からlibmcrypt-x.x.tar.gz をダウン
ロードし、含まれているインストール用の指示に従って下さい。
libmcrypt 2.4.xとリンクした場合、加えてブロックアルゴリズム:
CAST, LOKI97, RIJNDAEL, SAFERPLUS, SERPENT および次のストリーム暗
号: ENIGMA (crypt), PANAMA, RC4 ,WAKE がサポートされます。
libmcrypt 2.4.x を使用した場合、暗号モード nOFB もサポートされます。
この拡張機能を利用可能にするためには、
PHP を --with-mcrypt パラメータを
付けてコンパイルする必要があります。必ず、
--disable-posix-threadsを付けて
libmcrypt をコンパイルするようにして下さい。
これらの関数の動作は、php.iniの設定により変化します。
表 1. mcrypt設定オプション | 名前 | デフォルト | 変更の可否 |
|---|
| mcrypt.algorithms_dir | NULL | PHP_INI_ALL | | mcrypt.modes_dir | NULL | PHP_INI_ALL |
PHP_INI_*定数の詳細および定義に関しては、
ini_set()を参照して下さい。
この拡張モジュールはリソース型を全く定義しません。
これらの定数は、この拡張モジュールで定義されており、
この拡張モジュールがPHP内部にコンパイルされているか実行時に動的にロー
ドされるかのどちらかの場合のみ使用可能です。
mcryptは4つのブロック暗号モード(CBC, OFB, CFB, ECB)で実行可能です。
libmcrypt-2.4.x以降にリンクした場合、ブロック暗号モード nOFG と
STREAMモードでも実行可能です。MCRYPT_MODE_mode 形式を関数で使用する
際には、いくつかの制約があります。ここで、これらの各モードの通常の使
用法の概要を示します。詳細なリファレンスおよび議論に関しては、
Applied Cryptography by Schneier (ISBN 0-471-11709-9) を参照下さい。
MCRYPT_MODE_ECB (electronic codebook) は、他のキーを暗号化すると
いったランダムデータに適しています。出力データが短くランダムであ
るというECBの短所は、都合の良い逆の効果を持っています。
MCRYPT_MODE_CBC (cipher block chaining)は、特に、ECBよりも著しく
高いセキュリティでファイルを暗号化する用途に適しています。
MCRYPT_MODE_CFB (cipher feedback) は、1バイト毎に暗号化する必要がある
バイトストリームを暗号化する際に最も適したモードです。
MCRYPT_MODE_OFB (output feedback、8ビット形式) はCFBと互換性があ
りますが、エラーの伝播が許容されないアプリケーションに使用するこ
とが可能です。このモードは(8ビットモードで処理を行うため)安全では
なく、使用は推奨されません。
MCRYPT_MODE_NOFB (output feedback, nビット形式) はOFB と互換です
が、アルゴリズムのブロックサイズを変更可能なため、より安全です。
MCRYPT_MODE_STREAM は、WAKEやRC4のようないくつかのストリームアル
ゴリズムを読み込む追加のモードです。
他のモードおよびランダムデバイス定数:
以下にmcrypt拡張モジュールにより現在サポートされている暗号のリス
トを示します。サポートされる暗号の完全なリストについては、
mcrypt.h の define を参照下さい。mcrypt-2.2.x API に関する一般的
な規則は、MCRYPT_暗号名でPHPから暗号をアクセス可能であるというこ
とです。mcrypt-2.4.xおよびmcrypt-2.5.xのAPIについてもこれらの定数
は使用できますが、mcrypt_module_open() をコー
ルする際に文字列で暗号名を指定することも可能です。
MCRYPT_3DES MCRYPT_ARCFOUR_IV (libmcrypt > 2.4.x のみ) MCRYPT_ARCFOUR (libmcrypt > 2.4.x のみ) MCRYPT_BLOWFISH MCRYPT_CAST_128 MCRYPT_CAST_256 MCRYPT_CRYPT MCRYPT_DES MCRYPT_DES_COMPAT (libmcrypt 2.2.x only) MCRYPT_ENIGMA (libmcrypt > 2.4.x のみ、
MCRYPT_CRYPTへのエイリアス) MCRYPT_GOST MCRYPT_IDEA (non-free) MCRYPT_LOKI97 (libmcrypt > 2.4.x のみ) MCRYPT_MARS (libmcrypt > 2.4.xのみ, non-free) MCRYPT_PANAMA (libmcrypt > 2.4.xのみ) MCRYPT_RIJNDAEL_128 (libmcrypt > 2.4.xのみ) MCRYPT_RIJNDAEL_192 (libmcrypt > 2.4.xのみ) MCRYPT_RIJNDAEL_256 (libmcrypt > 2.4.xのみ) MCRYPT_RC2 MCRYPT_RC4 (libmcrypt 2.2.xのみ) MCRYPT_RC6 (libmcrypt > 2.4.xのみ) MCRYPT_RC6_128 (libmcrypt 2.2.xのみ) MCRYPT_RC6_192 (libmcrypt 2.2.xのみ) MCRYPT_RC6_256 (libmcrypt 2.2.xのみ) MCRYPT_SAFER64 MCRYPT_SAFER128 MCRYPT_SAFERPLUS (libmcrypt > 2.4.xのみ) MCRYPT_SERPENT(libmcrypt > 2.4.xのみ) MCRYPT_SERPENT_128 (libmcrypt 2.2.xのみ) MCRYPT_SERPENT_192 (libmcrypt 2.2.xのみ) MCRYPT_SERPENT_256 (libmcrypt 2.2.xのみ) MCRYPT_SKIPJACK (libmcrypt > 2.4.xのみ) MCRYPT_TEAN (libmcrypt 2.2.xのみ) MCRYPT_THREEWAY MCRYPT_TRIPLEDES (libmcrypt > 2.4.xのみ) MCRYPT_TWOFISH (mcrypt 2.x より古いバージョン、
またはmcrypt > 2.4.xの場合) MCRYPT_TWOFISH128 (TWOFISHxxx are available in newer 2.x versions, but not in the 2.4.x versions) MCRYPT_TWOFISH192 MCRYPT_TWOFISH256 MCRYPT_WAKE (libmcrypt > 2.4.xのみ) MCRYPT_XTEA (libmcrypt > 2.4.xのみ)
(CFBおよびOFBモードでは、)それぞれの暗号関数に初期化ベクトル(IV)
を指定する必要があり、(CBCモードでは)IVを指定することが可能です。
IV は、ユニークである必要があり、暗号化/復号化の際に同じである
必要があります。暗号化されて保存されたデータの場合、関数の出力を
(ファイル名の MD5 キーのように) 保存されたデータの位置を表す
インデックスとして使用することができます。もしくは、暗号化されたデー
タと共にIV を渡すことができます。(このトピックに関する議論について
は、Applied Cryptography by Schneier (ISBN 0-471-11709-9) の 9.3 章を参照下さい)
mcrypt は、上に示した暗号を用いて暗号化および復号化を
行うことが可能です。libmcrypt-2.2.xとリンクした場合、4つの重要な
mcrypt コマンド (mcrypt_cfb(),
mcrypt_cbc(),mcrypt_ecb(),
mcrypt_ofb()) は、MCRYPT_ENCRYPT および
MCRYPT_DECRYPT という 2つのモードの両方で実行可能です。
例 1. 入力値を2.2.xにおいてECBモードのTripleDESで暗号化する |
<?php
$key = "this is a very secret key";
$input = "Let us meet at 9 o'clock at the secret place.";
$encrypted_data = mcrypt_ecb (MCRYPT_3DES, $key, $input, MCRYPT_ENCRYPT);
?>
|
|
この例では、 $encrypted_dataに文字列として暗号化
されたデータが返されます。
libmcrypt 2.4.xまたは2.5.xとリンクした場合、上記の関数も利用可能
ですが、新しい関数を使用されることを推奨します。
例 2. 2.4.x以降においてECBモードでTripleDESにより入力を暗号化する |
<?php
$key = "this is a very secret key";
$input = "Let us meet at 9 o'clock at the secret place.";
$td = mcrypt_module_open (MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
mcrypt_generic_init ($td, $key, $iv);
$encrypted_data = mcrypt_generic ($td, $input);
mcrypt_generic_end ($td);
?>
|
|
この例は、 $encrypted_dataに文字列として暗号化さ
れたデータを取得します。詳細な例については、
mcrypt_module_open()を参照して下さい。
GMScribe
04-Mar-2005 11:58
TO:
16-Feb-2005 01:53
No key is ever truely random, thus it is breakable.
doyouunderstand at gmail dot com
04-Mar-2005 12:52
Access denied error on php_startup when loading the mcrypt library? If you're using Windows 2003 server, PHP 5+, then you may receive the same perplexing error under a CGI install
I solved this problem by switching from CGI to ISAPI. Actually this problem was solved as a side effect of switching (which I did for a bunch of other reasons)....
php at stock-consulting dot com
16-Feb-2005 01:53
amiller of connext point net is correct. The 'one-time pad' is unbreakable, if used correctly. Correct use requires that:
1. the key length equals or exceeds the data length
2. the key must not be used more than once to encrypt data
3. the key must be truly random.
The last point is a bit of a problem. "Random Number Generator" algorithms are only pseudo-random. Once the attacker finds out which PRNG was used, breaking the encryption becomes easy. Hardware solutions for the generation of random data (like, sampling noise via the sound card input and taking the LSB) have also proven to be of dubious quality.
Violation of point 2 makes the encryption worthless. A known-plaintext attack will reveal the key at once.
amiller of connext point net
20-Dec-2004 06:03
"Anonymous'" comment of Nov 19th refers to an encryption scheme known as a 'one-time pad'. Anonymous forgot to mention that, while it's true the one-time pad is secure as long as the key's kept secret, it's also necessary to avoid reusing keys -- multiple plaintexts encrypted using a single key are insecure, too, because of collisions, and that's why it's called a 'one-time pad'. Hope this helps --
Jurgen Schwietering
23-Nov-2004 09:20
Attention when using keys longer than the actual key size (i.e. 160 bit instead of 128 bit).
It will work inbetween PHP scripts, but might cause problems when using openssl or other packages with this integration of mcrypt. Cut them always to the supported size (mcrypt_enc_get_key_size) to avoid sleepless hours.
Anonymous
20-Nov-2004 04:18
Or, if you don't have the mcrypt library, you can just use these functions:
<?php
function Encrypt($string, $key)
{
$result = '';
for($i=1; $i<=strlen($string); $i++)
{
$char = substr($string, $i-1, 1);
$keychar = substr($key, ($i % strlen($key))-1, 1);
$char = chr(ord($char)+ord($keychar));
$result.=$char;
}
return $result;
}
function Decrypt($string, $key)
{
$result = '';
for($i=1; $i<=strlen($string); $i++)
{
$char = substr($string, $i-1, 1);
$keychar = substr($key, ($i % strlen($key))-1, 1);
$char = chr(ord($char)-ord($keychar));
$result.=$char;
}
return $result;
}
?>
It's very simple encryption, but as long as the key stays secret, very powerful.
emaher at newbay dot com
05-Nov-2004 04:37
Just a note about mcrypt<-->java interop (have a php app encrypting a string and a java app decrypting it)
php mcrypt pads the plaintext with spaces until the plaintext is a multiple of the block size (e.g 16 for most symmetric ciphers). These spaces have to be stripped on when decrypting on the java side. Seems to be no other way of using a sensible padding (e.g. with PKCS #5) on the mcrypt side.
The following php and java will interop
$cipher = "rijndael-128";
$mode = "cbc";
echo "CIPHER: $cipher | MODE: $mode\n";
// data,key, iv
$data = "blah";
$key = "01234567890abcdef";
$iv = "fedcba9876543210";
// set up and encyrpt
$td = mcrypt_module_open($cipher, "", $mode, $iv);
mcrypt_generic_init($td, $key, $iv);
$encrypted_data = mcrypt_generic($td, $data);
echo bin2hex($encrypted_data);
// tear down
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
Java side
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
SecretKeySpec keySpec = new SecretKeySpec("01234567890abcdef".getBytes(), "AES");
IvParameterSpec ivSpec = new IvParameterSpec("fedcba9876543210".getBytes());
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
byte[] outText = cipher.doFinal(fromHexString(input));
System.out.println(new String(outText).trim());
Jan Drda <yan at yan dot cz>
16-Oct-2004 01:24
Sometimes mcrypt library is not aviable e.g. commercial hosting, customer restrictions, etc. Because of these conditions I wrote alternative free synchronous encryption library in pure PHP. It is not so complex as mcrypt, but it is sufficient. Everything including detailed documentation and API description is avaiable at Hoping it helps somebody.
Mois�s D�niz Alem�n
24-Aug-2004 11:48
This is a modified version of a previous script that test the algorithms and modes of mcrypt dll. This new script prints out the result in a table and avoid warnings to be printed.
<?PHP
function mcrypt_check_sanity() {
$modes = mcrypt_list_modes();
$algorithms = mcrypt_list_algorithms();
echo "<table border=1>";
echo "<tr><td align=center><strong>Algorithm</strong></td align=center><td><strong>Status</strong></td>";
foreach ($modes as $mode) echo "<td align=center><strong>".strtoupper($mode)."</strong></td>";
echo "</tr>";
foreach ($algorithms as $cipher) {
echo "<tr><td bgcolor=f0f0ff align=left>".strtoupper($cipher)."</td>";
if(mcrypt_module_self_test($cipher)) {
print "<td bgcolor=green align=center>OK</td>";
} else {
print "<td bgcolor=red align=center>NOT OK</td>";
}
foreach ($modes as $mode) {
if($mode == 'stream') {
$result = "<td bgcolor=gray align=center>NOT TESTED</td>";
} else if(mcrypt_test_module_mode($cipher,$mode)) {
$result = "<td bgcolor=green align=center><strong>OK</strong></td>";
} else {
$result = "<td bgcolor=red align=center>NOT OK</td>";
}
print $result;
}
echo "</tr>";
}
echo "</table>";
}
function mcrypt_test_module_mode($module,$mode) {
$key = 'this is a very long key, even too long for the cipher';
$plain_text = 'very important data';
$td = mcrypt_module_open($module, '',$mode, '');
$key = substr($key, 0, mcrypt_enc_get_key_size($td));
$iv_size = mcrypt_enc_get_iv_size($td);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
if (mcrypt_generic_init($td, $key, $iv) != -1) {
$c_t = mcrypt_generic($td, $plain_text);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$td = mcrypt_module_open($module, '', $mode, '');
$key = substr($key, 0, mcrypt_enc_get_key_size($td));
mcrypt_generic_init($td, $key, $iv);
$p_t = trim(mdecrypt_generic($td, $c_t)); mcrypt_generic_end($td);
mcrypt_module_close($td);
}
if (strncmp($p_t, $plain_text, strlen($plain_text)) == 0) {
return TRUE;
} else {
return FALSE;
}
}
@mcrypt_check_sanity();
?>
wagner at cesnet dot cz
16-Aug-2004 04:38
I have another comment to the script submitted by robert at peakepro dot com. He uses deprecated function mcrypt_generic_end which also closes the module. Subsequent mcrypt_module_close then complains about invalid resource. Moreover, not all combinations of algorith and mode are compatible. It is necessary to check the return value from mcrypt_module_open in order to find whether the module can be open for selected combination. My script also displays some useful information. You can find the full source at my site
Wilmo
11-Aug-2004 02:54
Changing the function as such seems to greatly help.
<?php
function encrypt($encrypt) {
global $key;
srand((double) microtime() * 1000000); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
$passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, MCRYPT_MODE_ECB, $iv);
$encode = base64_encode($passcrypt);
return $encode;
}
?>
by adding:
<?php
srand((double) microtime() * 1000000); ?>
which I guess seeds the encryption routine differently everytime.
Thanks to robert at peakepro dot com sourced from
Cheers,
Wil
Wilmo
11-Aug-2004 02:16
The Algorithm posted by:
Mike Zaccari
29-Jun-2004 03:54
"I'm running PHP 4.3.7 on Apache 2.0.49 on an Xp machine, and after many hours of googling over the internet I found that the easiest way to use the mcrypt function was to do this:"
Thanks for posting this Mike but there seems to be a problem
with your implementation.
On my machine and I suspect others, the output is independent
of the key. I can change the key and this has no effect on
the resulting crypted data. So the input is always encrypted the
same way irregardless of the key and therefore decrypted
with any key.
This would only be secure if an attacker knew nothing about the
algorithm which seems unlikely from an experienced attacker.
I am looking into a fix and will post if resolved.
Does anybody else have this problem? I want to make sure my install is good.
I am running on a gentoo linux box.
Thanks,
Wil
Here is the code I am using to test the algorithm:
<head><title>Encryption</title>
</head>
<body>
<?php print_debug_header(1); ?>
<form name=form method=post action='encrypt.php'>
<table align=center>
<TR><TD>Source Text:</TD><TD><input type=text name=input value=<?php echo $_REQUEST['input']; ?>></TD></TR>
<TR><TD>Key:</TD><TD><input type=text name=key value=<?php echo $_REQUEST['key']; ?>></TD></TR>
</table>
<input type=submit>
</form>
<?php
if(!empty($_REQUEST['input'])){
$encrypted=encrypt($_REQUEST['input']);
$decrypted=decrypt($encrypted);
echo "Encrypted : '$encrypted' Decrypted: '$decrypted' <BR>";
}
$key = $_REQUEST['key'];
function encrypt($encrypt) {
global $key;
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
$passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, MCRYPT_MODE_ECB, $iv);
$encode = base64_encode($passcrypt);
return $encode;
}
function decrypt($decrypt) {
global $key;
$decoded = base64_decode($decrypt);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv);
return $decrypted;
}
?>
</body>
</html>
dzelko at hotmail dot com
14-May-2004 07:11
Windows IIS Users - Problems installing/using mcrypt and other extensions
::
I've noticed a lot of users complaining in forums that they have difficult time getting mcrypt extension to function/ finding or installing working .dlls when using IIS:
::
Easy solution that works well for me: (IIS 6 on Win 2003 Svr and IIS on XP Pro) #customized install later for increased security#
1. Install current stable php version using windows installer #gets php up and running quickly#
2. Download Windows Binary Package
3. Extract Package Library to PHP folder installer generates - overwrite all
4. Edit php.ini as appropriate. (specifically for mcrypt uncomment mcrypt=php_mcrypt.dll)
::
No mo' problems.
Deek Starr
21-Apr-2004 10:16
As per the issue with decrypting (mdecrypt_generic) on iss in windows. My finding as that the new 2004 version works but the 2002 does not.
I'm using WinXP Server 2003 - ISS 6.0 with:
libmcrypt.dll 19-Jan-2004 02:27 163k
php_mycrypt.dll 14-Jan-2004 5:34 36.8k
From the v4.3.6 windows zip distribution of php.
My assumption is that the new IIS 6 should use the new libmcrypt where IIS <= 5 should use the older version.
[ Hope that helps ]
robert at peakepro dot com
02-Mar-2004 10:59
15-Feb-2004 06:17
"I found this nested loop very useful for checking the sanity of my libmcrypt install. It turned out many of the modules weren't working in certain modes. Hopefully this will save someone some frustration:"
I have ammended the mcrypt_check_sanity() function. This is a bug fix: the function was reinitializing the IV, which is unacceptable. Here is the complete, fixed version. Note that 'stream' mode is not tested.
<?PHP
function mcrypt_check_sanity() {
$modes = mcrypt_list_modes();
$algorithms = mcrypt_list_algorithms();
foreach ($algorithms as $cipher) {
if(mcrypt_module_self_test($cipher)) {
print $cipher." ok.<br />\n";
} else {
print $cipher." not ok.<br />\n";
}
foreach ($modes as $mode) {
if($mode == 'stream') {
$result = "not tested";
} else if(mcrypt_test_module_mode($cipher,$mode)) {
$result = "ok";
} else {
$result = "not ok";
}
print $cipher." in mode ".$mode." ".$result."<br />\n";
mcrypt_module_close($td);
}
}
}
function mcrypt_test_module_mode($module,$mode) {
$key = 'this is a very long key, even too long for the cipher';
$plain_text = 'very important data';
$td = mcrypt_module_open($module, '',$mode, '');
$key = substr($key, 0, mcrypt_enc_get_key_size($td));
$iv_size = mcrypt_enc_get_iv_size($td);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
if (mcrypt_generic_init($td, $key, $iv) != -1) {
$c_t = mcrypt_generic($td, $plain_text);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
$td = mcrypt_module_open($module, '', $mode, '');
$key = substr($key, 0, mcrypt_enc_get_key_size($td));
mcrypt_generic_init($td, $key, $iv);
$p_t = trim(mdecrypt_generic($td, $c_t)); mcrypt_generic_end($td);
mcrypt_module_close($td);
}
if (strncmp($p_t, $plain_text, strlen($plain_text)) == 0) {
return TRUE;
} else {
return FALSE;
}
}
mcrypt_check_sanity();
?>
Apologies for any confusion the previous version may have caused. The only working mode listed was ecb, since it does not use an IV.
mp at ecetra dot com
02-Feb-2004 01:35
i rebuilded php from sources today, the distribution was redhat el es 3. first i missed libltdl as mentioned in comment from groundzero, but the redhat has propably changed the rpm content, cause i needed libtool (libtool-lib was already installed, but was not enough). second '--disable-posix-threads' was not required: i am wondering why everybody ask for this, because i never used it and it always worked fine.
kr,
-misk
groundzero at zuavra dot net
09-Jan-2004 01:08
If you've ever compiled PHP from source (any version) you may be familiar with the [in]famous MCRYPT_BLOWFISH_128 compilation error that appears when you attempt to compile --with-mcrypt. It occurs often on Debian but not only there. The problem: during compilation, the PHP configure script always assumes that libmcrypt has been built in conjunction with libltdl. Whenever that is not the case, PHP compilation will fail later saying certain headers (such as the above blowfish example) are missing from mcrypt.h (which is misleading, they're not supposed to be there nor looked after if libltdl was properly involved). Solution: make sure your libmcrypt was linked against libltdl before you even start configuring PHP. You can check by running 'ldd lybmcrypt.so' and verifying that libltdl appears in the output. libltdl can be found in libltld[3][-dev] on Debian or in libtool-libs on Red Hat.
simms
03-Oct-2003 09:03
DEBIAN users: avoid mcrypt installation headaches.
to add mcrypt support to an existing php installation, get root and run
apt-get install php4-mcrypt
restart your webserver, and voil�.
steve@itemfront dot ltd dot uk
29-Sep-2003 12:17
Just spent a while getting mcrypt support working with php. Used libmcrypt version 2.5.7 with php 4.3.3. Out of the box it just won't work. Configure as follows:
libmcrypt:
./configure --disable-posix-threads --enable-dynamic-loading
php: ( as you can see, it's built for a SunONE server, but that's the easy bit to configure! )
./configure --with-nsapi=/usr/iplanet/servers --enable-sigchld --with-ldap --with-zlib-dir=/usr/lib --with-mcrypt=<srcdir>/libmcrypt-2.5.7
hth, steve
herowekker at hotmail dot com
31-Jul-2003 12:55
mcrypt_ecb with base64_decode gave some problems, i found out that it had to be chopped to work:
chop(mcrypt_ecb(MCRYPT_BLOWFISH,$key,base64_decode
($input),MCRYPT_DECRYPT));
paul at xmill dot com
05-Nov-2002 06:25
The statement that use of the 'generic' functions is 'recommended' in 2.4+ should probably be 'required'. Having like many others struggled with a "mcrypt module initialization failed" error even when phpinfo() showed mcrypt installed and all its algorithms loaded, I found that:
$key = mcrypt_ecb (MCRYPT_3DES, $magic, $input, MCRYPT_ENCRYPT);
fails, but
$td = mcrypt_module_open (MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
mcrypt_generic_init ($td, $magic, $iv);
$key = mcrypt_generic ($td, $input);
mcrypt_generic_end ($td);
works fine. You can't leave out the creation of the IV to the right length, even though ECB doesn't use it (happily, because I want it repeatable).
scott at boothcreek dot com
28-Mar-2002 09:28
If you are using ECB mode to encrypt it does not seem to use the iv (initialization vector) for much of anything, given the same key it will always decrypt it no matter what the iv is. If you use CBC mode you must decrypt with the same iv that you encrypted with.
If you use a different iv before decrypting, your decrypt will not work. IMHO it seems better to use CBC mode than ECB as ECB will always encrypt to the same cipher text given the same plain text (leaving you open to know plaintext attacks). CBC uses the random iv which means text encrypts to different things. You probably could get the same effect from using random keys in ECB mode.
Read that in the Schneier book - Applied Cryptography (ISBN 0-471-11709-9) This book is a must for anyone seriously using any type of encryption.
pawelNOSPAM at rsc dot pl
03-Aug-2001 01:37
If you compiled mcrypt and php without problem, but phpinfo() shows there are no supported ciphers and modes, try to change mode to 755 on libdirs (/usr/local/libmcrypt, /usr/local/libcrypt).
mountie at paygate dot net
10-Feb-2000 01:21
the encrypted result data maybe binary data and It make errors in sql query.
so use the base64_encode/base64_decode function with mcrypt()
try below
base64_encode(mcrypt_ecb(MCRYPT_BLOWFISH,$key,$input,MCRYPT_ENCRYPT));
mcrypt_ecb(MCRYPT_BLOWFISH,$key,base64_decode($input),MCRYPT_DECRYPT);
nsayer at quack dot kfu dot com
30-Jun-1999 02:31
For a practical example suitable for encrypting and
validating cookies or passing secure messages,
go to
| |
mcal_week_of_year
