Search code examples
phpcryptographymcryptecb

Wrong encryption/decryption for specific string using PHP mcrypt_encrypt

I came across a strange problem with encryption/decryption in PHP. Look at the code below:

<?php

function encrypt($encrypt, $mc_key, $iv) 
{
    $passcrypt = trim(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $mc_key, trim($encrypt), MCRYPT_MODE_ECB, $iv));
    $encode = base64_encode($passcrypt);
    return $encode;
}

function decrypt($decrypt, $mc_key, $iv)
{
    $decoded = base64_decode($decrypt);
    $decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $mc_key, trim($decoded), MCRYPT_MODE_ECB, $iv));
    return $decrypted;
}

$key = 'SAtFIAI2g_r=supL43QkO#dTQYjS0JCt';
$iv = '#CvmQT1TlpINQgnc4q%9$k8mt170MXll';
$message = 'AAABzefYdjTYBAFLNMHfLHJZCtAkTKm';

$encrypted = encrypt($message, $key, $iv);
echo $encrypted."\n";

$decrypted = decrypt($encrypted, $key, $iv);
echo $decrypted."\n";

?>

I have $key, $iv which I use to encode $message. So second line should be my decrypted message. But it's not, see the output:

MXk9zteonXhz2zPVK7o4oUJJuXXQRlwOzTO7JbqbsA==
tq֞u�4�&�
        1P&���_pŬ�.��
_

But if you change the $message a bit it works fine. Ex. if $message is: AAABzefYdjTYBAFLNMHfLHJZCtAkTKn the output is:

fAEeJAkluHht8l6ain99YMAMHJtiUAg47XsJBECdrLA=
AAABzefYdjTYBAFLNMHfLHJZCtAkTKn

Any help in finding the solution will be appreciated.

Solution

  • I am not certain this is what's going on here, but it seems likely.

    The variable $decoded holds the binary string after you have base64_decode()-ed it, and should therefore be the exact binary string as produced by your encrypt() function before you base64_encode()-ed it .Don't trim() the base64 decoded value you're calling mcrypt_decrypt() on. If there is a character that gets trimmed off, you're decrypting a different byte string than the one you originally encrypted.

    function decrypt($decrypt, $mc_key, $iv)
{
    $decoded = base64_decode($decrypt);
    $decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $mc_key, $decoded, MCRYPT_MODE_ECB, $iv));
    // Don't wrap $decoded as trim($decoded) here-----------------^^^^^^^^^^
    return $decrypted;
}

    Edit

    For completeness after comments, you should not trim() when encrypting either:

    function encrypt($encrypt, $mc_key, $iv) 
{
    $passcrypt = trim(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $mc_key, $encrypt, MCRYPT_MODE_ECB, $iv));
    // -------------------------------------------Don't trim()----^^^^^^^^^^
    $encode = base64_encode($passcrypt);
    return $encode;
}