Search the Community
Showing results for tags 'encryption'.
-
I need to send a password that's RSA encrypted with a public key (along with some other data). Here are the exact instructions from the documentation for the password: Encode password in Base64 and ensure UTF-8 encoding Encrypt password with RSA with provided public key, no block mode, and PKCS1Padding Encode resulting encryption in Base64 with ensured UTF-8 encoding Here's the code I'm using that to me seems correct: function encryptPassword($pass) { $pass = base64_encode($pass); $fp = fopen("./cert.crt", "r"); $publicKey = fread($fp, 8192); fclose($fp); openssl_get_publickey($publicKey); openssl_public_encrypt($pass, $cryptedText, $publicKey, OPENSSL_PKCS1_PADDING); return base64_encode(utf8_encode($cryptedText)); } I'm getting an error on the other side saying the password can't be decoded. Support from them is basically non-existent other than the error message, and them saying everything is correct on their side. My question is, am I sending what they're asking for according to the documentation? Thanks in advance!
-
Hi, Im creating a simple site in PHP, for the most part its going well, however I struggling with an error that I have encountered. Im generating a random salt upon registering a user. This works fine, However when logging in with this user I am struggling and receive an error. Can somebody please explain where I am going wrong? I have attatched some images to this post which includes coding and the error message. NOTE: signup works fine, it is just the log-in which is broken. I have however included screenshots of both pages for better understanding of how the site works. Signup: http://picpaste.com/pics/SignUp-gZnFffux.1416827271.PNG Log-in: http://picpaste.com/pics/log-in-gB895EyW.1416827394.PNG Error Message: http://picpaste.com/pics/error-pic-JwV9iLp8.1416827510.PNG Kind Regards, Shaun
-
Hello All, I am working on a project where the client has provided me with the public key file and the private-key is being passed via url, along with 2 params that will be used on my end. These are the basics of the process that I am to use for verifying. Generate your own plaintext message matching the format of the string provided Create a SHA1withRSA hash of this message using the provided public key (UTF-16LE encode and pass this value) Base64 decode the signature Using a SHA1withRSA validator, verify your hashed message matches the Base64 decoded value in step 3 At this point I have performed steps 1-3 but am having an issue with step 4. The code is failing here. When I say failing I mean it is not being verified. $base64Sig = base64_decode($signature, true); $publickey = getPemKey(); $rsa = new Crypt_RSA(); $rsa->loadKey($publickey, CRYPT_RSA_PUBLIC_FORMAT_RAW); $hashedPlainText = sha1($utfString); $utfString = mb_convert_encoding($hashedPlainText ,"UTF-16LE"); echo $rsa->verify($hashedPlainText, $base64Sig) ? 'verified' : 'unverified'; If anyone can provide me with a basic example or a few sites that have examples with example data, it would be appreciated as I'm not sure I am "Using a SHA1withRSA validator". Thanks ahead of time!
- 7 replies
-
- rsa
- encryption
-
(and 2 more)
Tagged with:
-
Hi Guys, First off, not sure if this is the correct area to post. My question is a little bit mixed, including SQL and PHP. I'm building a basic private messaging system, and planned to use PHP, SQL for the storage, and a little bit of JS on the client. I'm a little confused when it comes to encryption though. My understanding with user password encryption is that the password is stored in the database as a hash, and then a user sent password is compared to the original hash for verification. I've implemented this successfully using password_verify() and password_hash() functions, and I'm pretty sure it's working fine. However, my big question is in regards to the storage of message data. As far as I can tell, this system won't work, it's really only suitable for password verification because the hash can't really be reverted to the original data, it can only be compared? How should I go about encrypting message data? Is it possible? If I open up a SQL database containing private message data on a server, I don't want to be able to read the contents. Any help would be greatly appreciated!
- 13 replies
-
Well, I have recently started PHP and barely know anything about MySQL. I was wondering if there was a tutorial online thats good enough and can teach me how to create passwords in PHP, encrypt them and then use those passwords to pull data from the MySQL table ?
-
Hello I am trying to create a password storing application, but cannot figure out the best way to store account passwords. The application wont store just user passwords to login, but passwords for other accounts. For example Client wants to be able to store all their Facebook and twitter passwords on the site, then log in when they want to find it. I was going to make it so the admin needed repeat their password they used to login to the application to retrieve another password, all of this is no problem, its just encrypting the passwords and being able to "un-encrypt" it later so they can see it. Any help would be appreciated, the person doesn't really care if its secure, they just want me to store the strings in the Database to be retrieved later, but I want to make it secure. Thank you
- 7 replies
-
- password
- encryption
-
(and 3 more)
Tagged with:
-
Hey , i have a problem in encrypting a password in mysql in the register form if anyone registered make their password encrypt in mysql database but when i want to login i must used the encrypting password ,, is there's a way to use that password i entered in register form for e.g ( 1234 ) not the encrypted password
- 2 replies
-
- mysql
- encryption
-
(and 1 more)
Tagged with:
-
Greetings all, I was trying to learn how to use hash to encrypt my the passwords in my database and that went all fine till I tried to create some log in scripts. The username and password always show as not matching. I'm obviously new to PHP and taking a college course on it right now. This is not an assignment, more just me fooling around trying to learn some things beyond the scope of the course. Here's the code that's not working. I know the problem is on this page here. The actual registration works like a charm and encrypts the password just fine. I just don't understand how to unencrypt that password to check if the user is using the correct password when logging in. <?php // This page defines two functions used by the login/logout process. /* This function determines an absolute URL and redirects the user there. The function takes one argument: the page to be redirected to. The argument defaults to index.php.*/ function redirect_user ($page = 'login.php') { // Start defining the URL... // URL is http:// plus the host name plus the current directory: $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Remove any trailing slashes: $url = rtrim($url, '/\\'); // Add the page: $url .= '/' . $page; // Redirect the user: header("Location: $url"); exit(); // Quit the script. } // End of redirect_user( ) function. /* This function validates the form data (the email address and password). * If both are present, the database is queried. * The function requires a database connection. * The function returns an array of information, including: * - a TRUE/FALSE variable indicating success * - an array of either errors or the database result*/ function check_login($connect, $username = '',$password = '') { $errors = array(); // Initialize error array. // Validate the email address: if (empty($username)) { $errors[] = 'You forgot to enter your user name.'; } else { $username = mysqli_real_escape_string($connect, trim($username)); } // Validate the password: if (empty($password)) { $errors[] = 'You forgot to enter your password.'; } else { $password = mysqli_real_escape_string($connect, trim($password)); } if (empty($errors)) { // If everything's OK. require ("includes/pwhash.php"); $pass_hash = PassHash::hash($password); $q = "SELECT guestid, username FROM memberlist WHERE username='$username' AND password='$pass_hash'"; $r = @mysqli_query ($connect, $q); // Run the query. // Check the result: if (mysqli_num_rows($r) == 1) { // Fetch the record: $row = mysqli_fetch_array ($r,MYSQLI_ASSOC); // Return true and the record: return array(true, $row); } else { // Not a match! $errors[] = 'The user name and password entered do not match those on file.'; } } // End of empty($errors) IF. // Return false and the errors: return array(false, $errors); } // End of check_login( ) function. The actual function that created the hash is here. pwhash.php <?php class PassHash { // blowfish private static $algo = '$2a'; // cost parameter private static $cost = '$10'; // mainly for internal use public static function unique_salt() { return substr(sha1(mt_rand()),0,22); } // this will be used to generate a hash public static function hash($password) { return crypt($password, self::$algo . self::$cost . '$' . self::unique_salt()); } // this will be used to compare a password against a hash public static function check_password($hash, $password) { $full_salt = substr($hash, 0, 29); $new_hash = crypt($password, $full_salt); return ($hash == $new_hash); } } ?> If anyone is willing to help and needs to see other pages let me know. I'll be happy to post them here. Sheesh, working with hashes makes little sense to me. 8( Regards, Nightasy
-
Hi, I've got some issues with my salting when I register... basically everything works fine apart from the salting and I can't get my head around it? Here's my php register function: public function register() { $correct = false; try { $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD ); $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION ); $sql = "INSERT INTO list_members(username, email, password) VALUES(:username, :email, :password)"; $stmt = $con->prepare( $sql ); $stmt->bindValue( "username", $this->username, PDO::PARAM_STR ); $stmt->bindValue( "email", $this->email, PDO::PARAM_STR ); $stmt->bindValue( "password", hash("sha256", $this->password . $this->salt), PDO::PARAM_STR ); $stmt->execute(); return header('Location: index.html'); }catch( PDOException $e ) { return $e->getMessage(); } } And then I have my public variables displayed like this: public $username = null; public $email = null; public $password = null; public $salt = "Zo4rU5Z1YyKJAASY0PT6EUg7BBYdlEhPaNLuxAwU8lqu1ElzHv0Ri7EM6irpx5w"; Help would be much appreciated.
-
Hi, I'm just wondering but what is the best of best kind of encryption that you can get when encrypting passwords? Like what does Facebook use? Thanks
-
Hi everyone first time poster here wOOt! Question is about encryption in Visual Basic then dercrypted on PHP Here are my encryption decryption functions they work fine. The problem is when I pass the base64_encode(encryptedstring) to my web app via parameter string the decryption works mostly well on several smaller strings but longer strings only decrypt halfway! PHP Decrypt: function php_DecryptValue($cypher,$key){ // Our output text $outText = ''; // Iterate through each character for($i=0;$i<strlen($cypher) // Dont need to increment here { for($j=0;$j<strlen($key);$j++,$i++) { $outText .= $key{$j} ^ $cypher{$i}; } } return $outText; } VB6/VBA Encrypt Public Function php_EncryptValue(strText As String, strKey As String) As String 'strText length should match strkey length for maximum strength Dim i As Integer 'Loop counter Dim intKeyChar As Integer 'Character within the key that we'll use to encrypt Dim strTemp As String 'Store the encrypted string as it grows Dim strChar1 As String * 1 'The first character to XOR Dim strChar2 As String * 1 'The second character to XOR Dim s 'Loop through each character in the text For i = 1 To Len(strText) 'Get the next character from the text strChar1 = Mid(strText, i, 1) 'Find the current "frame" within the key intKeyChar = ((i - 1) Mod Len(strKey)) + 1 'Get the next character from the key strChar2 = Mid(strKey, intKeyChar, 1) 'Convert the charaters to ASCII, XOR them, and convert to a character again strTemp = strTemp & Chr(Asc(strChar1) Xor Asc(strChar2)) Next i 'Display the resultant encrypted string php_EncryptValue = strTemp End Function So theses algorithms match up fine I encrypt a string in VBA then base64encode it, then urlencode it and pass it to my webapp like this: http://www.MyWebApp.com/index.php?Hash=sdjafkjlsflsaklfjlasjdlfblahblahblah if the string is 300 or so characters it works, when the string is 700-2000 I have issues but I really feel like its a php encoding issue and not with the encryption algorithms. If I encrypt a string and base encode it my vba app and then paste that value into the decrypt php function i get the string I want. But when I pass it via URL it goes straight to pot. I have tried urlencode on the passed string, I've tried rawurlencode / rawurldecode on the string I've tried just base64_encode/base64_decode but nothing is working 100% Would some php guru kindly point out my mistake? PHP is not my primary language, and I really feel like this is an encoding issue that I'm not seeing clearly. Thanks! David
- 11 replies
-
- php
- encryption
-
(and 3 more)
Tagged with:
-
I am just curious, is this the correct way to implement blowfish encryption? class: <?php /* * @package "Gludoe CMS" * @version 1.0.1 * @authors "Robert Pettet" * @support https://www.gludoe.com/ * @licence https://www.gludoe.com/commons/licence-1.0.0.txt */ if (!defined('_ROOT')) exit(header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found')); class Blowfish { private $key; private $iv; public function __construct($key, $iv) { $this->key = $key; $this->iv = $iv; } public function encrypt($data) { return mcrypt_encrypt(MCRYPT_BLOWFISH, $this->key, $data, MCRYPT_MODE_CBC, $this->iv); } public function decrypt($data) { return mcrypt_decrypt(MCRYPT_BLOWFISH, $this->key, $data, MCRYPT_MODE_CBC, $this->iv); } } ?> example: $blowfish = new blowfish('DfRgBWE4Y4T7UgTWEdFP1Y','85440934'); $data = $blowfish->encrypt('testString'); echo $blowfish->decrypt($data); //Output: testString
-
Hello everybody, i have a problem about php. there's can help me? i don't know how to make encryption in php. i try and i try again, but i can't. please help. thanks before
-
So I am trying to get this simple encryption to work. I am using AES-CBC. and I know the iv is supposed to be randomly generated each time but for our purposes here it will be fine to keep it as it. Below is the code. It seems to encrypt fine but does not decrypt correctly. <?php $iv='1234567890123456'; $key='9tmp7ifi6n03yAmu'; qrdecrypt(encrypt("test",$key,$iv),$key,$iv); function encrypt($str, $key,$iv) { echo 'in encrypt<br>key:'.$key.'<br>iv:'.$iv.'<br>string:'.$str.'<br>'; $td = mcrypt_module_open("rijndael-128", "", "cbc",$iv); mcrypt_generic_init($td, $key, $iv); $encrypted = mcrypt_generic($td, $str); mcrypt_generic_deinit($td); mcrypt_module_close($td); echo "result is:".bin2hex($encrypted).'<br>returning and calling decrypt...<br>'; return bin2hex($encrypted); } function qrdecrypt($code, $key, $iv) { echo 'in decrypt<br>key:'.$key.'<br>iv:'.$iv.'<br>payload:'.$code.'<br>'; //$code = $this->hex2bin($code); $td = mcrypt_module_open("rijndael-128", "", "cbc", ""); try { mcrypt_generic_init($td, $key, $iv); } catch (Exception $e) { echo $e->getMessage(); } $decrypted = mdecrypt_generic($td, $code); $t=var_export($decrypted,true); echo '<br>Decrypted is:'.$t.'<br>'; mcrypt_generic_deinit($td); echo "deinitted<br>"; mcrypt_module_close($td); echo utf8_encode(trim($decrypted)); } this results in... in encrypt key:9tmp7ifi6n03yAmu iv:1234567890123456 string:test result is:12bc2512b0faea4e6d21368df17f87a6 returning and calling decrypt... in decrypt key:9tmp7ifi6n03yAmu iv:1234567890123456 payload:12bc2512b0faea4e6d21368df17f87a6 Decrypted is:'ro"?�o��h�ȫ_.���̬<�9ptاـ�' deinitted ro"?Ëoð¶hÊÈ«_.ÈÈø̬<ã9ptا٠Any help at all would be appreciated. I am thoroughly stuck at this point.
-
Hi Everyone, I just had a few questions about the encryption function crypt(). If I was to do crypt($_POST['password'],CRYPT_BLOWFISH) , assuming I had just sent through a password from the form on the previous page it would return an Blowfish encrypted string. If I then used mysql to write it to my database, how, when the user logs in, would I compare the password that they have entered in the login form to the password in the database. If I compared password to the query result from the database I assume it would return that the strings do not match. My question is how would I go about comparing these two values? Is there a decrypt function that I could use to unencrypt the information from the database so that I could compare the given password with the password in the database? Thanks in advance for any help, advice or ideas! Timothy
- 10 replies
-
- crypt()
- encryption
-
(and 3 more)
Tagged with: