Geek Answers Handbook

Why does PHP / MySQL selectively fail with one specific decryption of an AES string?

I store a sensitive 16 character user string in a MySQL table through PDO functions in PHP5. I have a couple of my own encryption / decryption functions as follows:

function encrypt($in) { $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $enc = mcrypt_encrypt(MCRYPT_RIJNDAEL_256,ENCRYPT_KEY, $in, MCRYPT_MODE_ECB, $iv); return $enc; } function decrypt($in) { $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_256,ENCRYPT_KEY, $in, MCRYPT_MODE_ECB, $iv); return $dec; }

Where ENCRYPT_KEY is a previously defined global constant.

First, I encrypt () the row, and then insert the record into the designated table. Each time, so often, I need to iterate over this information using the SELECT statement, and then decrypt () the results for processing.

Now this happens perfectly for every case , except for one .

In the selection / decryption cycle, one (and only) record of about 50 decrypts as gobbledy-goop. I do not see anything wrong with the encrypt () and decrypt () functions and repeatedly inserted this record with the same results. The call as shown below:

 echo decrypt(encrypt($string));

It works great. So the only thing that I came up with is that MySQL cannot properly save the encrypted version of this particular string, but I don’t understand why. The storage function is as follows:

 function update_sensitive_details($sensitive) { $this->store_sensitive = encrypt($sensitive); try { $sql = "UPDATE table SET store_sensitive = ? WHERE (id = ?);"; $sth = $this->registry->db->prepare($sql); $sth->execute(array($this->store_sensitive,$this->id)); } catch (PDOException $p) { log_error($p); return false; } return true; }

This does not lead to errors, and I can confirm that it actually updates the table with data (although since it is encrypted, it is not integrable when viewed in phpMyAdmin.

Does anyone have any ideas on what could be happening here? I'm at a dead end. The only thing I can think of is that a particular encrypted string is not stored properly by MySQL, since even changing one of sixteen characters fixes the problem. I would have thought that this would be prevented by PDO, but maybe not.

+4
source share
1 answer

Try to wrap your encrypted data with base64_encode () and then base64_decode () before decryption. In some cases, I had data corrupted in MySQL, and this always fixed it.

 function encrypt($in) { $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $enc = mcrypt_encrypt(MCRYPT_RIJNDAEL_256,ENCRYPT_KEY, $in, MCRYPT_MODE_ECB, $iv); $enc = base64_encode($enc); return $enc; } function decrypt($in) { $in = base64_decode($in); $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_256,ENCRYPT_KEY, $in, MCRYPT_MODE_ECB, $iv); return $dec; }
+4
source

More articles:


All Articles