ID: 48730 Comment by: johanna at neiatec dot com Reported By: johanna at neiatec dot com Status: Open Bug Type: mcrypt related Operating System: OpenBSD and linuxes PHP Version: 5.2.10 New Comment:
Just to make it clear, this problem is with MCRYPT_RIJNDAEL_128 and MCRYPT_RIJNDAEL_256. The example I posted is with 128 but if changed to 256 it doesn't work either. Previous Comments: ------------------------------------------------------------------------ [2009-06-30 05:01:50] johanna at neiatec dot com Description: ------------ RIJNDAEL_256 with ECB_MODE does not work everytime properly, here is the example of a string that is encrypted and then cannot get decrypted to the original. Reproduce code: --------------- $string = "numero_documento_funcionario:=:31194443#&#seccional:=:Principal#&#correo_funcionario:=:cinte...@tulua.gov.co#&#fecha_solicitud:=:2009-04-30 00:00:00#&#numero_radicacion:=:000001#&#numero_camara:=:36###198"; echo "To encrypt: <br /><br />\n"; $key = "9c08eb33218aa11eb8f1423f85d5f554"; echo $string."<br /><br />\nEncrypted: <br /><br />\n"; $encrypted = cifrar($string, $key); echo $encrypted."<br /><br />\nDecrypted ??: <br /><br />\n"; echo descifrar($encrypted, $key)."<br /><br /><br /><br />\n"; function cifrar($message, $key){ $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $enc=mcrypt_encrypt(MCRYPT_RIJNDAEL_128,$key, $message, MCRYPT_MODE_ECB, $iv); $enc = base64_encode(trim($enc)); return $enc; } function descifrar($enc, $key){ $enc = base64_decode(trim($enc)); $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $enc, MCRYPT_MODE_ECB, $iv)); } Expected result: ---------------- I expect the decrypted string to be just the same as the original string. Actual result: -------------- The last characters are not decrypted properly. And this just happens with this very string, if you change any character, add or take away any character, it works. But it is a flaw as strings as this one are generated by my application and it fails at times. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=48730&edit=1