[symfony-users] Re: Slightly offtopic - CC encryption / decryption
Richtermeister wrote: > Correct, > > the key would be stored in the DB and be user specific. > While I agree that storing the session in the DB as well would be a > nice bit of added security, it wouldn't avoid the problem, as I would > still need to store ccs in there encrypted as well.. > Also, how does https protect session information? I'm not aware it > does that, but then again, I'm here asking questions out of ignorance > in the first place.. ;) I would assume it would protect the session key/name since all data over the wire is encrypted, but I agree, I don't see how SSL is solving the problem you are describing. SSL encrypts data between you and the client. You want to encrypt the cc data in the session, which is stored in a file on the server, from potentially malicious users of that server. -- Nathanael d. Noblet Gnat Solutions, Inc T: 403.875.4613 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: Slightly offtopic - CC encryption / decryption
James wrote: > Why do you assume the key is in the session? If I were going to > encrypt something and put it in the session, the key sure would not be > along with it, I would use data specific to the user (each user has > their own key). based on things like username/zipcode/ipaddress > probably a mashup of 3 bits of personal information that not everyone > would be able to get. So the code for generating this key would be less readable than the session file? Since if I can read the session for some reason, I likely can read the source code that generates the session and thus get most of that information... and decrypt the data. Basically what I'm wondering is how you will keep the key, or the data that makes up the key secret. If you used username and or some random data like time, you'd have to store that someplace. So if you have a manner to store that key securely, why encrypt? Just put the CC info there... -- Nathanael d. Noblet Gnat Solutions, Inc T: 403.875.4613 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: Slightly offtopic - CC encryption / decryption
Correct, the key would be stored in the DB and be user specific. While I agree that storing the session in the DB as well would be a nice bit of added security, it wouldn't avoid the problem, as I would still need to store ccs in there encrypted as well.. Also, how does https protect session information? I'm not aware it does that, but then again, I'm here asking questions out of ignorance in the first place.. ;) Have a great day everybody, and thanks for the advice. Daniel On Jun 13, 5:14 pm, James <[EMAIL PROTECTED]> wrote: > Why do you assume the key is in the session? If I were going to > encrypt something and put it in the session, the key sure would not be > along with it, I would use data specific to the user (each user has > their own key). based on things like username/zipcode/ipaddress > probably a mashup of 3 bits of personal information that not everyone > would be able to get. > > James > > On Jun 13, 2008, at 2:58 PM, Nathanael D. Noblet wrote: > > > > > Richtermeister wrote: > >> Hi all, > > >> your points are well taken, and I'm not trying to put the cc numbers > >> into a database for the very same reason.. > >> I do, however, have to put it into the session as part of the > >> checkout > >> process, before I even get to use a payment gateway (after that it'll > >> get obfuscated right away, and I only store the last 4 digits, > >> yes..). > >> Since session files are non-encrypted, > >> and the system may at some point run on a shared server, I would like > >> to encrypt at least the number before I put it in. > > >> Sounds good? > > > What is stopping them from decrypting them? If they can read the > > session > > files, they can read the key to decrypt as well. My suggestion would > > be > > to store the sessions in a DB, so they aren't readable by anyone who > > can't login to your DB with your credentials. Though I guess they can > > read your connection file... I just wonder if there really is a way to > > store this safely... > > > -- > > Nathanael d. Noblet > > Gnat Solutions, Inc > > T: 403.875.4613 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: Slightly offtopic - CC encryption / decryption
Why do you assume the key is in the session? If I were going to encrypt something and put it in the session, the key sure would not be along with it, I would use data specific to the user (each user has their own key). based on things like username/zipcode/ipaddress probably a mashup of 3 bits of personal information that not everyone would be able to get. James On Jun 13, 2008, at 2:58 PM, Nathanael D. Noblet wrote: > > Richtermeister wrote: >> Hi all, >> >> your points are well taken, and I'm not trying to put the cc numbers >> into a database for the very same reason.. >> I do, however, have to put it into the session as part of the >> checkout >> process, before I even get to use a payment gateway (after that it'll >> get obfuscated right away, and I only store the last 4 digits, >> yes..). >> Since session files are non-encrypted, >> and the system may at some point run on a shared server, I would like >> to encrypt at least the number before I put it in. >> >> Sounds good? > > What is stopping them from decrypting them? If they can read the > session > files, they can read the key to decrypt as well. My suggestion would > be > to store the sessions in a DB, so they aren't readable by anyone who > can't login to your DB with your credentials. Though I guess they can > read your connection file... I just wonder if there really is a way to > store this safely... > > -- > Nathanael d. Noblet > Gnat Solutions, Inc > T: 403.875.4613 > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: Slightly offtopic - CC encryption / decryption
Just a thought, but I'd strongly advise you against storing this kind of information unless you/your company has the kind of legal backing and security infrastructure to support protecting such critical information. I know this doesn't answer your question, but the reality is there the is not going to be a good solution for this problem as it is a sort of "chicken and egg" problem. Even if you use the most sophisticated public/private key encryption, compromising the server would spell disaster. (After all, the software can read it, no?) Large companies like PayPal and the like have invested millions in security and indeed, when people buy online they expect this sort of security. Protect your customers and you will protect your business Just my 2-cents. Best, JLS On Jun 13, 2008, at 12:08 PM, Mohammad Ali Safari wrote: > I assume you use the secure protocol (HTTPS) to do all these and > store credit card info on server side. What's the problem then in > regard to security? > > --Mohammad > > On Fri, Jun 13, 2008 at 12:58 PM, Nathanael D. Noblet <[EMAIL PROTECTED] > > wrote: > > Richtermeister wrote: > > Hi all, > > > > your points are well taken, and I'm not trying to put the cc numbers > > into a database for the very same reason.. > > I do, however, have to put it into the session as part of the > checkout > > process, before I even get to use a payment gateway (after that > it'll > > get obfuscated right away, and I only store the last 4 digits, > yes..). > > Since session files are non-encrypted, > > and the system may at some point run on a shared server, I would > like > > to encrypt at least the number before I put it in. > > > > Sounds good? > > What is stopping them from decrypting them? If they can read the > session > files, they can read the key to decrypt as well. My suggestion would > be > to store the sessions in a DB, so they aren't readable by anyone who > can't login to your DB with your credentials. Though I guess they can > read your connection file... I just wonder if there really is a way to > store this safely... > > -- > Nathanael d. Noblet > Gnat Solutions, Inc > T: 403.875.4613 > > > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: Slightly offtopic - CC encryption / decryption
I assume you use the secure protocol (HTTPS) to do all these and store credit card info on server side. What's the problem then in regard to security? --Mohammad On Fri, Jun 13, 2008 at 12:58 PM, Nathanael D. Noblet <[EMAIL PROTECTED]> wrote: > > Richtermeister wrote: > > Hi all, > > > > your points are well taken, and I'm not trying to put the cc numbers > > into a database for the very same reason.. > > I do, however, have to put it into the session as part of the checkout > > process, before I even get to use a payment gateway (after that it'll > > get obfuscated right away, and I only store the last 4 digits, yes..). > > Since session files are non-encrypted, > > and the system may at some point run on a shared server, I would like > > to encrypt at least the number before I put it in. > > > > Sounds good? > > What is stopping them from decrypting them? If they can read the session > files, they can read the key to decrypt as well. My suggestion would be > to store the sessions in a DB, so they aren't readable by anyone who > can't login to your DB with your credentials. Though I guess they can > read your connection file... I just wonder if there really is a way to > store this safely... > > -- > Nathanael d. Noblet > Gnat Solutions, Inc > T: 403.875.4613 > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: Slightly offtopic - CC encryption / decryption
Richtermeister wrote: > Hi all, > > your points are well taken, and I'm not trying to put the cc numbers > into a database for the very same reason.. > I do, however, have to put it into the session as part of the checkout > process, before I even get to use a payment gateway (after that it'll > get obfuscated right away, and I only store the last 4 digits, yes..). > Since session files are non-encrypted, > and the system may at some point run on a shared server, I would like > to encrypt at least the number before I put it in. > > Sounds good? What is stopping them from decrypting them? If they can read the session files, they can read the key to decrypt as well. My suggestion would be to store the sessions in a DB, so they aren't readable by anyone who can't login to your DB with your credentials. Though I guess they can read your connection file... I just wonder if there really is a way to store this safely... -- Nathanael d. Noblet Gnat Solutions, Inc T: 403.875.4613 --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: Slightly offtopic - CC encryption / decryption
Hi all, your points are well taken, and I'm not trying to put the cc numbers into a database for the very same reason.. I do, however, have to put it into the session as part of the checkout process, before I even get to use a payment gateway (after that it'll get obfuscated right away, and I only store the last 4 digits, yes..). Since session files are non-encrypted, and the system may at some point run on a shared server, I would like to encrypt at least the number before I put it in. Sounds good? Thanks for all your help. And thanks Dustin for reminding me of the plugin. I completely forgot about it. :) Have a great day, Daniel On Jun 12, 5:30 pm, "Alistair Stead" <[EMAIL PROTECTED]> wrote: > There are major implication of storing such data and in the UK there are > particularly stringent restrictions on how and where you can store such > data. I believe this goes as far as dictating hardware setup etc. > My advice would be evaluate the reason why you are storing this information > and think about shifting this task to a dedicated payment gateway service. > These services are setup to ensure all legislation is covered and users > personal data is protected. If you are storing data for delayed or repeat > billing these service should be able to facilitate this. > > I have in the past been asked by a number of clients to store this data so > they could process orders manually through a PDQ terminal... All to save > paying for a payment gateway. > > Although the risk may seem small. Just imagine the implications of someone > gaining access to your server? (This does happen) > > Alistair > > 2008/6/12 Dustin Whittle <[EMAIL PROTECTED]>: > > > > > > > Also, see the dwCryptPlugin for a simple interface to mcrypt encryption. > > > - Dustin > > > On 6/12/08 2:33 PM, "Lee Bolding" <[EMAIL PROTECTED]> wrote: > > > > You may want to check this :http://en.wikipedia.org/wiki/PCI_DSS > > > before you go ahead and do that. > > > > "A company processing, storing, or transmitting payment card data must > > > be PCI DSS compliant or risk losing their ability to process credit > > > card payments and being audited and/or fined" > > > > I think you'll find that one way functions are mandatory, and that > > > you're only ever allowed to store the last 4 card digits in plain. > > > > On 12 Jun 2008, at 22:02, Richtermeister wrote: > > > >> Thanks Mohammad, > > > >> that is exactly what I was looking for! > > >> And another reason to get mcrypt working on my server ;) > > > >> Thanks again, > > >> have a great day. > > > >> Daniel > > > >> On Jun 12, 1:37 pm, "Mohammad Ali Safari" <[EMAIL PROTECTED]> > > >> wrote: > > >>> Hi, > > >>> I use the methods in PHP mcrypt module. > > > >>> I have these two methods: > > > >>> // Decription Encryption > > >>> public static function encrypt($string, $key){ > > >>> $cipher_alg = MCRYPT_RIJNDAEL_128; > > >>> $iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg, > > >>> MCRYPT_MODE_ECB), > > >>> MCRYPT_RAND); > > >>> $encrypted_string = base64_encode(mcrypt_encrypt($cipher_alg, $key, > > >>> $string, MCRYPT_MODE_CBC, $iv)); > > >>> $iv_encode = base64_encode($iv); > > >>> return $encrypted_string.'_'.$iv_encode; > > >>> } > > > >>> public static function decrypt($encrypted_string, $key){ > > >>> $cipher_alg = MCRYPT_RIJNDAEL_128; > > >>> list($encrypted_string, $iv) = explode('_', $encrypted_string); > > >>> $decrypted_string = mcrypt_decrypt($cipher_alg, $key, > > >>> base64_decode($encrypted_string), MCRYPT_MODE_CBC, > > >>> base64_decode($iv)); > > >>>$len = strlen($decrypted_string); > > >>>$j = $len-1; > > >>>while ($decrypted_string[$j] == "\0") $j--; > > >>>$decrypted_string = substr($decrypted_string, 0, $j+1); > > >>> return $decrypted_string; > > >>> } > > > >>> where $key is some fixed value stored in my app.yml file. > > > >>> --Mohammad > > -- > Alistair Stead > Senior Interactive Developer > > Mobile: +44 (0) 7788 107 333 > Email: [EMAIL PROTECTED] > WWW: designdisclosure.com > > The information contained in this email is confidential and may contain > proprietary information. It is meant solely for the intended > recipient/recipients. Access to this email by anyone else is unauthorised. > If you are not the intended recipient, any disclosure, copying, distribution > or any action taken or omitted in reliance on this, is prohibited and may be > unlawful. Please consider the environment before printing this e-mail. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: Slightly offtopic - CC encryption / decryption
There are major implication of storing such data and in the UK there are particularly stringent restrictions on how and where you can store such data. I believe this goes as far as dictating hardware setup etc. My advice would be evaluate the reason why you are storing this information and think about shifting this task to a dedicated payment gateway service. These services are setup to ensure all legislation is covered and users personal data is protected. If you are storing data for delayed or repeat billing these service should be able to facilitate this. I have in the past been asked by a number of clients to store this data so they could process orders manually through a PDQ terminal... All to save paying for a payment gateway. Although the risk may seem small. Just imagine the implications of someone gaining access to your server? (This does happen) Alistair 2008/6/12 Dustin Whittle <[EMAIL PROTECTED]>: > > Also, see the dwCryptPlugin for a simple interface to mcrypt encryption. > > - Dustin > > > On 6/12/08 2:33 PM, "Lee Bolding" <[EMAIL PROTECTED]> wrote: > > > > > You may want to check this : http://en.wikipedia.org/wiki/PCI_DSS > > before you go ahead and do that. > > > > "A company processing, storing, or transmitting payment card data must > > be PCI DSS compliant or risk losing their ability to process credit > > card payments and being audited and/or fined" > > > > I think you'll find that one way functions are mandatory, and that > > you're only ever allowed to store the last 4 card digits in plain. > > > > On 12 Jun 2008, at 22:02, Richtermeister wrote: > > > >> > >> Thanks Mohammad, > >> > >> that is exactly what I was looking for! > >> And another reason to get mcrypt working on my server ;) > >> > >> Thanks again, > >> have a great day. > >> > >> Daniel > >> > >> > >> > >> On Jun 12, 1:37 pm, "Mohammad Ali Safari" <[EMAIL PROTECTED]> > >> wrote: > >>> Hi, > >>> I use the methods in PHP mcrypt module. > >>> > >>> I have these two methods: > >>> > >>> // Decription Encryption > >>> public static function encrypt($string, $key){ > >>> $cipher_alg = MCRYPT_RIJNDAEL_128; > >>> $iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg, > >>> MCRYPT_MODE_ECB), > >>> MCRYPT_RAND); > >>> $encrypted_string = base64_encode(mcrypt_encrypt($cipher_alg, $key, > >>> $string, MCRYPT_MODE_CBC, $iv)); > >>> $iv_encode = base64_encode($iv); > >>> return $encrypted_string.'_'.$iv_encode; > >>> } > >>> > >>> public static function decrypt($encrypted_string, $key){ > >>> $cipher_alg = MCRYPT_RIJNDAEL_128; > >>> list($encrypted_string, $iv) = explode('_', $encrypted_string); > >>> $decrypted_string = mcrypt_decrypt($cipher_alg, $key, > >>> base64_decode($encrypted_string), MCRYPT_MODE_CBC, > >>> base64_decode($iv)); > >>>$len = strlen($decrypted_string); > >>>$j = $len-1; > >>>while ($decrypted_string[$j] == "\0") $j--; > >>>$decrypted_string = substr($decrypted_string, 0, $j+1); > >>> return $decrypted_string; > >>> } > >>> > >>> where $key is some fixed value stored in my app.yml file. > >>> > >>> --Mohammad > >>> > > > > > > > > > > > > > -- Alistair Stead Senior Interactive Developer Mobile: +44 (0) 7788 107 333 Email: [EMAIL PROTECTED] WWW: designdisclosure.com The information contained in this email is confidential and may contain proprietary information. It is meant solely for the intended recipient/recipients. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted in reliance on this, is prohibited and may be unlawful. Please consider the environment before printing this e-mail. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: Slightly offtopic - CC encryption / decryption
Also, see the dwCryptPlugin for a simple interface to mcrypt encryption. - Dustin On 6/12/08 2:33 PM, "Lee Bolding" <[EMAIL PROTECTED]> wrote: > > You may want to check this : http://en.wikipedia.org/wiki/PCI_DSS > before you go ahead and do that. > > "A company processing, storing, or transmitting payment card data must > be PCI DSS compliant or risk losing their ability to process credit > card payments and being audited and/or fined" > > I think you'll find that one way functions are mandatory, and that > you're only ever allowed to store the last 4 card digits in plain. > > On 12 Jun 2008, at 22:02, Richtermeister wrote: > >> >> Thanks Mohammad, >> >> that is exactly what I was looking for! >> And another reason to get mcrypt working on my server ;) >> >> Thanks again, >> have a great day. >> >> Daniel >> >> >> >> On Jun 12, 1:37 pm, "Mohammad Ali Safari" <[EMAIL PROTECTED]> >> wrote: >>> Hi, >>> I use the methods in PHP mcrypt module. >>> >>> I have these two methods: >>> >>> // Decription Encryption >>> public static function encrypt($string, $key){ >>> $cipher_alg = MCRYPT_RIJNDAEL_128; >>> $iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg, >>> MCRYPT_MODE_ECB), >>> MCRYPT_RAND); >>> $encrypted_string = base64_encode(mcrypt_encrypt($cipher_alg, $key, >>> $string, MCRYPT_MODE_CBC, $iv)); >>> $iv_encode = base64_encode($iv); >>> return $encrypted_string.'_'.$iv_encode; >>> } >>> >>> public static function decrypt($encrypted_string, $key){ >>> $cipher_alg = MCRYPT_RIJNDAEL_128; >>> list($encrypted_string, $iv) = explode('_', $encrypted_string); >>> $decrypted_string = mcrypt_decrypt($cipher_alg, $key, >>> base64_decode($encrypted_string), MCRYPT_MODE_CBC, >>> base64_decode($iv)); >>>$len = strlen($decrypted_string); >>>$j = $len-1; >>>while ($decrypted_string[$j] == "\0") $j--; >>>$decrypted_string = substr($decrypted_string, 0, $j+1); >>> return $decrypted_string; >>> } >>> >>> where $key is some fixed value stored in my app.yml file. >>> >>> --Mohammad >>> > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: Slightly offtopic - CC encryption / decryption
You may want to check this : http://en.wikipedia.org/wiki/PCI_DSS before you go ahead and do that. "A company processing, storing, or transmitting payment card data must be PCI DSS compliant or risk losing their ability to process credit card payments and being audited and/or fined" I think you'll find that one way functions are mandatory, and that you're only ever allowed to store the last 4 card digits in plain. On 12 Jun 2008, at 22:02, Richtermeister wrote: > > Thanks Mohammad, > > that is exactly what I was looking for! > And another reason to get mcrypt working on my server ;) > > Thanks again, > have a great day. > > Daniel > > > > On Jun 12, 1:37 pm, "Mohammad Ali Safari" <[EMAIL PROTECTED]> > wrote: >> Hi, >> I use the methods in PHP mcrypt module. >> >> I have these two methods: >> >> // Decription Encryption >> public static function encrypt($string, $key){ >> $cipher_alg = MCRYPT_RIJNDAEL_128; >> $iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg, >> MCRYPT_MODE_ECB), >> MCRYPT_RAND); >> $encrypted_string = base64_encode(mcrypt_encrypt($cipher_alg, $key, >> $string, MCRYPT_MODE_CBC, $iv)); >> $iv_encode = base64_encode($iv); >> return $encrypted_string.'_'.$iv_encode; >> } >> >> public static function decrypt($encrypted_string, $key){ >> $cipher_alg = MCRYPT_RIJNDAEL_128; >> list($encrypted_string, $iv) = explode('_', $encrypted_string); >> $decrypted_string = mcrypt_decrypt($cipher_alg, $key, >> base64_decode($encrypted_string), MCRYPT_MODE_CBC, >> base64_decode($iv)); >>$len = strlen($decrypted_string); >>$j = $len-1; >>while ($decrypted_string[$j] == "\0") $j--; >>$decrypted_string = substr($decrypted_string, 0, $j+1); >> return $decrypted_string; >> } >> >> where $key is some fixed value stored in my app.yml file. >> >> --Mohammad > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: Slightly offtopic - CC encryption / decryption
Thanks Mohammad, that is exactly what I was looking for! And another reason to get mcrypt working on my server ;) Thanks again, have a great day. Daniel On Jun 12, 1:37 pm, "Mohammad Ali Safari" <[EMAIL PROTECTED]> wrote: > Hi, > I use the methods in PHP mcrypt module. > > I have these two methods: > > // Decription Encryption > public static function encrypt($string, $key){ > $cipher_alg = MCRYPT_RIJNDAEL_128; > $iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg, MCRYPT_MODE_ECB), > MCRYPT_RAND); > $encrypted_string = base64_encode(mcrypt_encrypt($cipher_alg, $key, > $string, MCRYPT_MODE_CBC, $iv)); > $iv_encode = base64_encode($iv); > return $encrypted_string.'_'.$iv_encode; > } > > public static function decrypt($encrypted_string, $key){ > $cipher_alg = MCRYPT_RIJNDAEL_128; > list($encrypted_string, $iv) = explode('_', $encrypted_string); > $decrypted_string = mcrypt_decrypt($cipher_alg, $key, > base64_decode($encrypted_string), MCRYPT_MODE_CBC, base64_decode($iv)); > $len = strlen($decrypted_string); > $j = $len-1; > while ($decrypted_string[$j] == "\0") $j--; > $decrypted_string = substr($decrypted_string, 0, $j+1); > return $decrypted_string; > } > > where $key is some fixed value stored in my app.yml file. > > --Mohammad --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: Slightly offtopic - CC encryption / decryption
Hi, I use the methods in PHP mcrypt module. I have these two methods: // Decription Encryption public static function encrypt($string, $key){ $cipher_alg = MCRYPT_RIJNDAEL_128; $iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg, MCRYPT_MODE_ECB), MCRYPT_RAND); $encrypted_string = base64_encode(mcrypt_encrypt($cipher_alg, $key, $string, MCRYPT_MODE_CBC, $iv)); $iv_encode = base64_encode($iv); return $encrypted_string.'_'.$iv_encode; } public static function decrypt($encrypted_string, $key){ $cipher_alg = MCRYPT_RIJNDAEL_128; list($encrypted_string, $iv) = explode('_', $encrypted_string); $decrypted_string = mcrypt_decrypt($cipher_alg, $key, base64_decode($encrypted_string), MCRYPT_MODE_CBC, base64_decode($iv)); $len = strlen($decrypted_string); $j = $len-1; while ($decrypted_string[$j] == "\0") $j--; $decrypted_string = substr($decrypted_string, 0, $j+1); return $decrypted_string; } where $key is some fixed value stored in my app.yml file. --Mohammad --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---