mcrypt_module_is_block_mode
A slight improvement of dinamic's function to create a key:
I think the weak point is that capitals are always used in the same part of the string. The following code capitalizes random characters of the string, making the key less predictable:
<?php
$key = substr($key1, 0, $ks/2) . substr($key2, (round(strlen($key2) / 2)), $ks/2);
$key = substr($key.$key1.$key2.$key1,0,$ks);
$buffer = str_split($key);
$limit = count($buffer)-1;
srand((float)microtime() * 1000000);
$end = rand(0, $limit);
$a = 0;
// replace random chars with capitals
while ($a < $end) {
list($usec, $sec) = explode(' ', microtime());
$seed = ((float)$sec) + ((float) $usec * 100000);
mt_srand($seed);
$index = mt_rand(0,$limit);
$buffer[$index] = strtoupper($buffer[$index]);
$a++;
}
$key = join('', $buffer);
?>
mcrypt_module_open
(PHP 4 >= 4.0.2, PHP 5)
mcrypt_module_open — Opens the module of the algorithm and the mode to be used
Description
resource mcrypt_module_open
( string $algorithm
, string $algorithm_directory
, string $mode
, string $mode_directory
)
This function opens the module of the algorithm and the mode to be used. The name of the algorithm is specified in algorithm, e.g. "twofish" or is one of the MCRYPT_ciphername constants. The module is closed by calling mcrypt_module_close(). Normally it returns an encryption descriptor, or FALSE on error.
The algorithm_directory and mode_directory are used to locate the encryption modules. When you supply a directory name, it is used. When you set one of these to the empty string (""), the value set by the mcrypt.algorithms_dir or mcrypt.modes_dir ini-directive is used. When these are not set, the default directories that are used are the ones that were compiled in into libmcrypt (usually /usr/local/lib/libmcrypt).
Examples
Example #1 mcrypt_module_open() examples
<?php
$td = mcrypt_module_open(MCRYPT_DES, '',
MCRYPT_MODE_ECB, '/usr/lib/mcrypt-modes');
$td = mcrypt_module_open('rijndael-256', '', 'ofb', '');
?>
The first line in the example above will try to open the DES cipher from the default directory and the EBC mode from the directory /usr/lib/mcrypt-modes. The second example uses strings as name for the cipher and mode, this only works when the extension is linked against libmcrypt 2.4.x or 2.5.x.
Examples
Example #2 Using mcrypt_module_open() in encryption
<?php
/* Open the cipher */
$td = mcrypt_module_open('rijndael-256', '', 'ofb', '');
/* Create the IV and determine the keysize length, use MCRYPT_RAND
* on Windows instead */
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
$ks = mcrypt_enc_get_key_size($td);
/* Create key */
$key = substr(md5('very secret key'), 0, $ks);
/* Intialize encryption */
mcrypt_generic_init($td, $key, $iv);
/* Encrypt data */
$encrypted = mcrypt_generic($td, 'This is very important data');
/* Terminate encryption handler */
mcrypt_generic_deinit($td);
/* Initialize encryption module for decryption */
mcrypt_generic_init($td, $key, $iv);
/* Decrypt encrypted string */
$decrypted = mdecrypt_generic($td, $encrypted);
/* Terminate decryption handle and close module */
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
/* Show string */
echo trim($decrypted) . "\n";
?>
See also mcrypt_module_close(), mcrypt_generic(), mdecrypt_generic(), mcrypt_generic_init(), and mcrypt_generic_deinit().
add a note
User Contributed Notesmcrypt_module_open
ash
17-Jul-2008 04:07
17-Jul-2008 04:07
dinamic at gmail dot com
13-Nov-2007 04:05
13-Nov-2007 04:05
Also it should be pointed that md5() and/or sha1() should not be used while forming your key for the mcrypt. This is so because hex encoding uses a set of only 16 characters [0-9a-f], which is equivalent to 4 bits, and thus halve the strength of your encryption: 4 x 32 = 128-bit.
I have re-wrote the example shown, so here is my suggestion to get real 256-bit encryption:
<?php
$key1 = "this is a secret key";
$key2 = "this is the second secret key";
$input = "Let us meet at 9 o'clock at the secret place.";
$length = strlen($input);
/* Open the cipher */
$td = mcrypt_module_open('rijndael-256', '', 'cbc', '');
/* Create the IV and determine the keysize length, use MCRYPT_RAND
* on Windows instead */
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$ks = mcrypt_enc_get_key_size($td);
/* Create key */
$key1 = md5($key1);
$key2 = md5($key2);
$key = substr($key1, 0, $ks/2) . substr(strtoupper($key2), (round(strlen($key2) / 2)), $ks/2);
$key = substr($key.$key1.$key2.strtoupper($key1),0,$ks);
/* Intialize encryption */
mcrypt_generic_init($td, $key, $iv);
/* Encrypt data */
$encrypted = mcrypt_generic($td, $input);
/* Terminate encryption handler */
mcrypt_generic_deinit($td);
/* Initialize encryption module for decryption */
mcrypt_generic_init($td, $key, $iv);
/* Decrypt encrypted string */
$decrypted = mdecrypt_generic($td, $encrypted);
/* Terminate decryption handle and close module */
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
/* Show string */
echo "Text: ".substr($decrypted,0,$length) . "<br>";
echo "Encoded: ".$encrypted ."<br>";
echo "<br>key1: $key1 <br>key2: $key2<br>created key: $key";
?>
Mon
02-Mar-2006 04:27
02-Mar-2006 04:27
In the text example:
$key = substr(md5('very secret key'), 0, $ks);
Builds a key of $ks/2 effective bytes.
31-Jul-2003 09:14
Doing a trim($decrypted) will remove the null padding that may occur as a result of decryption.
The problem is if you're encrypting something like a MSWord document which can commonly end with nulls. The result $decrypted will be smaller than the original cleartext - which will then fail to open in MSOffice.
To get around this, make sure you store the length of the original cleartext, and when you decrypt it, do:
$decrypted = substr(mdecrypt_generic($td, $encrypted), 0, $originalLength);