[PHP] Re: Encrypt and decrypt cookie
Note that IVs only affect block cipher modes other than ECB mode. ECB mode ignores IVs completely. J Titu Kim wrote: Hi, I am using libmcrypt-2.5.3 to do encryption in php. I use exactly the steps provided in mcrypt_module_open available on php website http://php.benscom.com/manual/en/function.mcrypt-module-open.php I can encrypt and decrypt a string correctly. However, if i encrypt a cookie to write to user's browser, the decryption is incorrect when i try to decrypt this cookie when user comes again. I found out the main cause is the function mcrypt_module_open. This function return a different resource everytime it is called. Eventually it cause the decryption on cookie to be incorrect. Can someone give me suggestion on how to encrypt and decrypt a cookie? Thanks very much. Kim __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Encrypt and decrypt cookie
I am not a specialist, but I discovered the parameter iv and the related function create_iv. Most likely you must provide an created iv before encryption, store the cypher and the iv together in the cookie and at retreaval, use both in decrypt. So in between: /* Terminate encryption handler */ mcrypt_generic_deinit ($td); /* Initialize encryption module for decryption */ mcrypt_generic_init ($td, $key, $iv); you store and retreave from the cookie both $iv and $td. $key must be on your server. $iv must be some random stuff that changes between encryption and decryption (between sessions). Play with it and you will find out. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
