AES 128 CBC encryption in PHP

1
votes

Hello guys I have a problem with my encryption. I created a simple member registration that can encrypt user's data. but before encrypting it I must format it in JSON format. But I have a problem in getting back the correct data. When I decoded my code. It has an excess character in the JSON that's why I can't get the correct value. But the JSON data is correct after decrypting it.

Here's my goal.

  1. Get member's input data
  2. Format the data in JSON format
  3. Encrypt it using AES 128 CBC encryption (I created a function the returns an array. One is the encrypted and the other is the decrypted)
  4. Display the encrypted and the decrypted data in plain text

Here's my code so far.

My function in encrypting and decrypting data

public function encryption($data){

    # --- ENCRYPTION ---

    # the key should be random binary, use scrypt, bcrypt or PBKDF2 to
    # convert a string into a key
    # key is specified using hexadecimal
    $key = pack('H*', "73f8d4969098400c44dcb50111eb4193");

    # show key size use either 16, 24 or 32 byte keys for AES-128, 192
    # and 256 respectively
    $key_size =  strlen($key);
    //echo "Key size: " . $key_size . "<br />";

    $plaintext = $data;

    # create a random IV to use with CBC encoding
    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

    # creates a cipher text compatible with AES (Rijndael block size = 128)
    # to keep the text confidential 
    # only suitable for encoded input that never ends with value 00h
    # (because of default zero padding)
    $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key,
                                 $plaintext, MCRYPT_MODE_CBC, $iv);

    # prepend the IV for it to be available for decryption
    $ciphertext = $iv . $ciphertext;

    # encode the resulting cipher text so it can be represented by a string
    $ciphertext_base64 = base64_encode($ciphertext);

    //echo  $ciphertext_base64 . "<br />";

    # === WARNING ===

    # Resulting cipher text has no integrity or authenticity added
    # and is not protected against padding oracle attacks.

    # --- DECRYPTION ---

    $ciphertext_dec = base64_decode($ciphertext_base64);

    # retrieves the IV, iv_size should be created using mcrypt_get_iv_size()
    $iv_dec = substr($ciphertext_dec, 0, $iv_size);

    # retrieves the cipher text (everything except the $iv_size in the front)
    $ciphertext_dec = substr($ciphertext_dec, $iv_size);

    # may remove 00h valued characters from end of plain text
    $plaintext_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key,
                                    $ciphertext_dec, MCRYPT_MODE_CBC, $iv_dec);

    //echo  $plaintext_dec . "<br />";

    $enc_data = array();

    $enc_data['encrypted'] = $ciphertext_base64;
    $enc_data['decrypted'] = $plaintext_dec;

    return $enc_data;

}

Here's the process

$a = array();

$a['billing_address'] = array(
    'type' => $var_type1,
    'title' => $this->input->post('title'),
    'address' => $this->input->post('address1'),
    'address2' => $this->input->post('address2'),
    'barangay' => $billing_brgy_name,
    'city' => $billing_city_name,
    'country' => $this->input->post('country'),
    'state' => $this->input->post('state'),
    'zip_code' => $this->input->post('zipcode')
);

$a['shipping_address'] = array(
    'type2' => $var_type2,
    'title2' => $this->input->post('title'),
    'lastname2' => ucwords($this->input->post('lastname2')),
    'firstname2' => ucwords($this->input->post('firstname2')),
    'address1_2' => $this->input->post('address1_2'),
    'address2_2' => $this->input->post('address2_2'),
    'barangay2' => $shipping_brgy_name,
    'city2' => $shipping_city_name,
    'country2' => $this->input->post('country2'),
    'state2' => $this->input->post('state2'),
    'zip_code2' => $this->input->post('zipcode2'),
    'phone' => $this->input->post('tel2_1')
);

$account_info = array(
    'user_id' => NULL,
    'partner_id' => $this->input->post('partner_id'),
    'firstname' => ucwords($this->input->post('firstname')),
    'lastname' => ucwords($this->input->post('lastname')),
    'username' => strtolower($this->input->post('username')),
    'password' => $this->input->post('pass2'),
    'tel1' => $this->input->post('tel1'),
    'tel2' => $this->input->post('tel2'),
    'birthdate' => $timestamp,
    'gender' => $this->input->post('gender'),
    'status' => $this->input->post('status'),
    'addresses' => $a
);

$encode = json_encode($account_info);

$enc = $this->encryption($encode);

$i = $enc['decrypted'];

echo $encode;
print_r(json_decode($encode));
echo $enc['encrypted']."<br />";
echo $enc['decrypted'];

Here's the sample output

The normal data in JSON format

{"user_id":null,"partner_id":"werewr","firstname":"Eqwe","lastname":"Qweqw","username":"wewe123","password":"11111111","tel1":"ewr","tel2":"werwer","birthdate":1386691200,"gender":"M","status":"Separated","addresses":{"billing_address":{"type":"B","title":"Ms.","address":"sdfsdf","address2":"sdfsfd","barangay":"Magsaysay","city":"San Jose","country":"PH","state":"DIN","zip_code":"22"},"shipping_address":{"type2":"S","title2":"Ms.","lastname2":"12312","firstname2":"32132","address1_2":"sdfs","address2_2":"fsdfsd","barangay2":"San Roque","city2":"Pandi","country2":"PH","state2":"BUL","zip_code2":"2323","phone":"12313"}}}

The decoded data

stdClass Object
(
    [user_id] => 
    [partner_id] => werewr
    [firstname] => Eqwe
    [lastname] => Qweqw
    [username] => wewe123
    [password] => 11111111
    [tel1] => ewr
    [tel2] => werwer
    [birthdate] => 1386691200
    [gender] => M
    [status] => Separated
    [addresses] => stdClass Object
        (
            [billing_address] => stdClass Object
                (
                    [type] => B
                    [title] => Ms.
                    [address] => sdfsdf
                    [address2] => sdfsfd
                    [barangay] => Magsaysay
                    [city] => San Jose
                    [country] => PH
                    [state] => DIN
                    [zip_code] => 22
                )

            [shipping_address] => stdClass Object
                (
                    [type2] => S
                    [title2] => Ms.
                    [lastname2] => 12312
                    [firstname2] => 32132
                    [address1_2] => sdfs
                    [address2_2] => fsdfsd
                    [barangay2] => San Roque
                    [city2] => Pandi
                    [country2] => PH
                    [state2] => BUL
                    [zip_code2] => 2323
                    [phone] => 12313
                )

        )

)

The encrypted data

7cwUCHUeHy8VNJQ+U7e9oDO51REcf2Y6FANnsTSWOnXAvysfjTWxxg6fq/t9EnDcNNs5+m1QNMGdYNlgWmGhv3e+OEaSVPtvDcHiy/DrqpyPKBAvDqiPUEcrd3Lmu8iGZyiMhv/i+fBDxJI6EQ6WbH6o0N+1j9GC8qmZ5BSdq16TKwEEpzHh4NktNMzGLOMugYhD5yzfD+Uwx2H+VfEb9V4epq1xWqbDUP9DeVOFTP5f8FMkMTbamg20lcRvGSykk4NKhk0VVrpUxr556X99cxP9bhFi7unXhqukZghy/7ZDsTrYQGSGktdrCpdPlqlBNHGWuDp592LIwSCNFHwV2Fyg/10ZjVyHAKWW3I56AHaEwqRdJzbDdNSDttbvyq8VwuPruQv8xXOPMw/L66WJ3PAUxiAywcEyKKbKdo9vxD/RSQTQQti0v+9cw+QrBXpCSLh9K0TDk1MwQiboJWstD6ALzIZQff1Hzr9MRzdsk9zQyxsxJ0DP3n9c3Ks4eWRpEHN7N6m+4KhWPMFMPTIiSKWSJvW1MXRiXEDC+e8nVyOd0ICbBKqPzz/pwbmX4yzmAPxm2zSR7Mp+NwKCPrEijT9ofM7DN619NumA15J9egZ6UOf2ZMac5takgHnF7SIoKmnjOhj1QgdlGN/Emuph2/1rXLEr9+TJ79syqdxuxcTbNo/FhPdW/cdvR5H0Jj2d7wuZ6sXta5IJLpPM7MdgYVpPyOdm/4g2FB31E2dOF3wIZ/zaAlbkRxF9CUyUzIPC512Yk1mUK6o77RzYJlTfE/6x8OZJBOf7ycdz2Ap0gnVzXV4fryM6dxvLkwjI5LhN/CtDZ+3luDX9jGx9RqFUPQn6ronnplCQErHTp83WLnI=

The decrypted data

{"user_id":null,"partner_id":"werewr","firstname":"Eqwe","lastname":"Qweqw","username":"wewe123","password":"11111111","tel1":"ewr","tel2":"werwer","birthdate":1386691200,"gender":"M","status":"Separated","addresses":{"billing_address":{"type":"B","title":"Ms.","address":"sdfsdf","address2":"sdfsfd","barangay":"Magsaysay","city":"San Jose","country":"PH","state":"DIN","zip_code":"22"},"shipping_address":{"type2":"S","title2":"Ms.","lastname2":"12312","firstname2":"32132","address1_2":"sdfs","address2_2":"fsdfsd","barangay2":"San Roque","city2":"Pandi","country2":"PH","state2":"BUL","zip_code2":"2323","phone":"12313"}}}{

When I tried to display as an array it results to blank 'no data'. As you can see in my decrypted data there's an excess character of '{' that's why I can't get array form. I can't spot where my code goes wrong. Please help me guys thanks.

1
phpjsonencryptioncryptography

1 Answers

0
votes

Ok I didn't manage to answer my problem but I found a good and simple example in encrypting a data into AES 128 CBC format. Here's what I have

public function encrypt($cipher, $key, $iv , $cc) {

            mcrypt_generic_init($cipher, $key, $iv);
            $encrypted = base64_encode(mcrypt_generic($cipher,$cc));
            mcrypt_generic_deinit($cipher);

            mcrypt_generic_init($cipher, $key, $iv);
            $decrypted = mdecrypt_generic($cipher,base64_decode($encrypted));
            mcrypt_generic_deinit($cipher);

            $encrypted_data = array();
            $encrypted_data['encrypt'] = $encrypted;
            $encrypted_data['decrypt'] = $decrypted;

            return $encrypted_data;

}

......

            $encode = json_encode($account_info);

            $cc = $encode;
            $key = '73f8d4969098400c44dcb50111eb4193';
            $iv =  '1234567890123456';
            $length = strlen($cc);

            $cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_128,'','cbc','');

            $h = $this->encrypt($cipher, $key, $iv, $cc);

            $enc_data = $h['encrypt'];
            $dec_data = substr($h['decrypt'], 0, $length);

            echo $enc_data."\n";
            echo $dec_data."\n";

Hope it can help you as well. :)