Jump to content

Encryption function RijndaelManaged with specifics

digitallabs

By digitallabs
in PHP Coding Help

 Share

Recommended Posts

digitallabs Newbie

digitallabs

Posted
Posted (edited)

Hi there

 

I normally code PHP, but I'm no encryption expert. My friend has asked me to encrypt a string using PHP so that:

 

Encryption keystring : 

 

  • BinHex Encoder for Data
  • UTF8 Encoder for KeyString
  • KeyArrayLength : 16 - KeyString is converted to byteArray using UTF8 encoder and then the result byteArray is trimmed upto 16 length (i.e KeyArrayLength)
  • SaltString = Encryption keystring
  • SaltString Length = 16
  • KeySaltTextEncoder = UTF8
  • Initialization Vector = Salt (Salt is obtained by converting Saltstring to byteArray using UTF8 encoder and then the result byteArray is trimmed upto 16 length i.e. SaltString length)
  • Uses the  RijndaelManaged implementation
  • KeySize : 256
  • BlockSize : 128
  • Mode : Cipher Block Chaining (CBC)
  • Padding : PaddingMode.PKCS7

 

I don't understand the English part, so how to do it in PHP? Ideally I need a function where I can feed my string and the key that he supplied which has 44 characters in length.

 

So far I have this:mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $the_raw_key, $str, MCRYPT_MODE_CBC, $the_raw_key);

(it doesn't work, but even if it did work doesn't mean I'm doing the right thing)

My friend will decrypt the information and the decryption needs to work without too many code changes on the encryption side.

 

Hope someone can help me!

 

Many thanks in advance!

Edited by digitallabs
Jacques1 Prolific Member

Jacques1

Posted
Posted (edited)

So this project is just for fun, right? The data isn't really important, is it? Because if the data is important, stop it. You do in fact have to be an expert to protect critical data. Broken cryptography isn't worth anything; it's actually worse than nothing, because people will assume that their data is safe when it's not.

 

But even if this is a fun project, a lot of this doesn't even make sense. What does the key have to do with UTF-8 encoding? The key is not a password! It must be a sequence of exactly 32 bytes (for AES-256) or 16 bytes (for AES-128) obtained from a cryptographically secure random number generator (e. g. /dev/random on Unix machines).

Edited by Jacques1
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.