mcrypt_create_iv
I was wrong about ColdFusion always padding with EOT. By default, ColdFusion uses PKCS#5 padding. See the comments on http://us3.php.net/manual/en/ref.mcrypt.php for pkcs5_(un)pad functions
mcrypt_decrypt
(PHP 4 >= 4.0.2, PHP 5)
mcrypt_decrypt — Decrypts crypttext with given parameters
Description
string mcrypt_decrypt
( string $cipher
, string $key
, string $data
, string $mode
[, string $iv
] )
Decrypts the data and returns the unencrypted data.
Parameters
- cipher
-
cipher is one of the MCRYPT_ciphername constants of the name of the algorithm as string.
- key
-
key is the key with which the data is encrypted. If it's smaller that the required keysize, it is padded with '\0'.
- data
-
data is the data that will be decrypted with the given cipher and mode. If the size of the data is not n * blocksize, the data will be padded with '\0'.
- mode
-
mode is one of the MCRYPT_MODE_modename constants of one of "ecb", "cbc", "cfb", "ofb", "nofb" or "stream".
- iv
-
The iv parameter is used for the initialisation in CBC, CFB, OFB modes, and in some algorithms in STREAM mode. If you do not supply an IV, while it is needed for an algorithm, the function issues a warning and uses an IV with all bytes set to '\0'.
Return Values
Returns the decrypted data as a string.
add a note
User Contributed Notesmcrypt_decrypt
david at sickmiller dot com
03-Oct-2008 03:20
03-Oct-2008 03:20
david at sickmiller dot com
02-Oct-2008 01:15
02-Oct-2008 01:15
If you happen to be decrypting something encrypted in ColdFusion, you'll discover that its encrypt function apparently pads the plaintext with ASCII 4, the "end of transmission" character.
Building on eddiec's code, you can remove both nulls and EOTs with this:
<?php
$retval = mcrypt_decrypt( ...etc ...);
$retval = rtrim($retval, "\0\4"); // trim ONLY the nulls and EOTs at the END
?>
smp_info at yahoo dot com
11-Oct-2007 02:27
11-Oct-2007 02:27
Since the returned data seems to be still padded with extra characters, you can get *only* the original data that was encrypted by str_replace()'ing the \x0 characters.
<?php
$decryptedData = str_replace("\x0", '', $encryptedData);
?>
eddiec at stararcher dot com
13-Jul-2005 09:26
13-Jul-2005 09:26
It appears that mcrypt_decrypt pads the *RETURN STRING* with nulls ('\0') to fill out to n * blocksize. For old C-programmers, like myself, it is easy to believe the string ends at the first null. In PHP it does not:
strlen("abc\0\0") returns 5 and *NOT* 3
strcmp("abc", "abc\0\0") returns -2 and *NOT* 0
I learned this lesson painfully when I passed a string returned from mycrypt_decrypt into a NuSoap message, which happily passed the nulls along to the receiver, who couldn't figure out what I was talking about.
My solution was:
<?
$retval = mcrypt_decrypt( ...etc ...);
$retval = rtrim($retval, "\0"); // trim ONLY the nulls at the END
?>
kooktroop at gmail dot com
09-Jul-2004 06:13
09-Jul-2004 06:13
Following on from the mcrypt_encrypt() example:
<?php
$text = "boggles the inivisble monkey will rule the world";
$key = "This is a very secret key";
$iv_size = mcrypt_get_iv_size(MCRYPT_XTEA, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
echo strlen($text) . "<br>";
$enc = mcrypt_encrypt(MCRYPT_XTEA, $key, $text, MCRYPT_MODE_ECB, $iv);
echo strlen($enc) . "<br>";
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$key = "This is a very secret key";
$text = "Meet me at 11 o'clock behind the monument.";
echo strlen($text) . "<br>";
$crypttext = mcrypt_decrypt(MCRYPT_XTEA, $key, $enc, MCRYPT_MODE_ECB, $iv);
echo "$crypttext<br>";
?>