I have a php file which was encrypted using mcrypt and now we need to decrypt it.
Here is the decryption:
abstract class Encryption_Abstract {
const CYPHER = 'blowfish';
const MODE = 'cfb';
protected $key;
public
function __construct($key) {
$this->key = $key;
}
public function encrypt($plaintext) {
return $plaintext;
}
public function decrypt($crypttext) {
return $crypttext;
}
}
//decryptor
class Decryption extends Encryption_Abstract {
function decrypt($crypttext) {
$plaintext = '';
$td = mcrypt_module_open(self::CYPHER, '', self::MODE, '');
$ivsize = mcrypt_enc_get_iv_size($td);
$iv = substr($crypttext, 0, $ivsize);
$crypttext = substr($crypttext, $ivsize);
if ($iv) {
mcrypt_generic_init($td, $this - > key, $iv);
$plaintext = mdecrypt_generic($td, $crypttext);
}
return $plaintext;
}
}
Now this is how we instantiate it and then use it:
$enc = new Decryption(KEYS::PROD); //KEYS::PROD is the decryption key
eval($enc->decrypt(file_get_contents("key_file.txt"))); //<--
Is there any way to not use eval? or is it my only option?
If it's a PHP file and you need to execute it, you can pipe it to a php cli.. but it would be the same. But how would you want to execute a PHP file without executing it?:)