Encrypt string based on a php keyword

Asked

Viewed 6,291 times

0

I would like to know if there is a way to encrypt a string reversibly based on a password. In order to decrypt it is necessary to know the password. Just as base64_encode() and base64_decode() but use a key word.

5 answers

1

If you want something like a message system where only the user and the one with whom you talk can read the message, like they have a secret code between them would look like this:

function encrypt($mensagem, $a_chave_do_usuario){
$salt = SALT;
$key = substr(hash('sha256', $salt.$key.$salt), 0, 32);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_ECB, $iv));
return $encrypted;
}

function decrypt($mensagem, $a_chave_do_usuario){
$salt = SALT;
$key = substr(hash('sha256', $salt.$key.$salt), 0, 32);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($data), MCRYPT_MODE_ECB, $iv);
return $decrypted;
}

SALT would be a system constant type: 'A3jdh$4D8gkb#2T7&sM40bn4A7fv35cf=b48On=84c! 623Vvf6vi37vb34@3kf%' The user’s key would be anything he wants when sending a message, for example if it matched someone a keyword between the two only they could decode the message.

So you can get an idea,

If the user type 'I' and put as a secret phrase 'it is confidential' the result this SALT ai is exactly:

yKwhaIqvlh2cLgLe4TXC1No5W8gVpUj6rRpNG6/EME=

Hardly anyone would know that up there is the word 'I'. Only so-and-so A and so-and-so B could read this, even the system administrator wouldn’t know what they were talking to each other, because the two agreed that they would use the keyword 'is secret' between them. Unless the developer keeps the keyword to every message somewhere, just to sniff through other people’s conversations kkkk.

I hope it helps, the possibilities are endless. My session uses something similar a little more complicated because it uses 2 keys. One of the system with plenty of alphanumeric and special 64-digit characters and 128-character dynamics generated with sha512.

  • 1

    The mcrypt_encrypt is already obsolete its use should be avoided, as well as the mcrypt_create_iv is obsolete. Also, I believe that if the purpose is to traffic message I think the best would be to use the gnupg for this and store the user’s private key locally, that is the user’s device is the one who has the key, so the "system administrator" would not have access to key. The key is much stronger than the password, including the PGP key can have password. The salt should never be a constant.

  • The idea is correct, but as the mcrypt_encrypt is deprecated, one option would be to use the openssl_encrypt

1


  • 1

    While this link may answer the question, it is best to include the essential parts of the answer here and provide the link for reference. Replies per link only can be invalidated if the page with the link is changed. - From Review

  • Although you are right there it is interesting to see how this is exactly the same answer that accepts it in SO en http://stackoverflow.com/a/9262137/3331294. I changed the answer to "search for" so the links are only reference now, when I have time I give a outlined in the use.

0

Good morning, I’m still learning and I’d like to understand the meaning of the word "PALAVRA_CHAVE" is there, would be in case the word to encode and decode the string ?

Thanks in advance!

public static final String CHAVE = "PALAVRA_CHAVE";

public static String criptografia(String senha) {
    String aux = "";
    int tamanhoString = senha.length();
    int tamanhoChave = CHAVE.length();

    if (tamanhoString > tamanhoChave) {
        senha = senha.substring(0, CHAVE.length());
    }
    senha = Funcoes.rTrim(senha);

    for (int i = 0; i < senha.length(); i++) {
        int pos = i / tamanhoChave;
        if (pos == 0) {
            pos = tamanhoChave;
        }
        int posLetra = senha.charAt(i) ^ CHAVE.charAt(i);
        if (posLetra == 0) {
            posLetra = senha.charAt(i);
        }
        aux += (char) posLetra;
    }
    return aux;
}

public static String rTrim(String s) {
    int i = s.length() - 1;
    while (i > 0 && Character.isWhitespace(s.charAt(i))) {
        i--;
    }
    return s.substring(0, i + 1);
}

-1

Yes, I have some encryption done in java/Delphi/android a simple example I can give you is this:

public static final String CHAVE = "PALAVRA_CHAVE";

public static String criptografia(String senha) {
    String aux = "";
    int tamanhoString = senha.length();
    int tamanhoChave = CHAVE.length();

    if (tamanhoString > tamanhoChave) {
        senha = senha.substring(0, CHAVE.length());
    }
    senha = Funcoes.rTrim(senha);

    for (int i = 0; i < senha.length(); i++) {
        int pos = i / tamanhoChave;
        if (pos == 0) {
            pos = tamanhoChave;
        }
        int posLetra = senha.charAt(i) ^ CHAVE.charAt(i);
        if (posLetra == 0) {
            posLetra = senha.charAt(i);
        }
        aux += (char) posLetra;
    }
    return aux;
}

public static String rTrim(String s) {
    int i = s.length() - 1;
    while (i > 0 && Character.isWhitespace(s.charAt(i))) {
        i--;
    }
    return s.substring(0, i + 1);
}

If you pass a 1234 password to the function, it will return you #$%$ for example, and if you pass the encryption, the function returns the original password, then it is a matter of you adapt your logic and do in php.

  • That’s a Cifra de Vigenère! Interesting, and historically relevant, but totally insecure since before they even invented rsrs computers.

-3

How to generate a key for discrete An email inserir a descrição da imagem aqui

  • You could improve the statement of your doubt

Browser other questions tagged

You are not signed in. Login or sign up in order to post.