Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

OpenSSL encrypt result changes

php openssl encryption change

This topic has been archived. This means that you cannot reply to this topic.
3 replies to this topic

#1 JakeWelton

JakeWelton

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 152 posts

Posted 17 September 2013 - 01:10 AM

Hi,

 

I have a big problem. I'm using openssl to encrypt login information however when i upload my code to my online server, the result from the encryption changes meaning the user cannot log into their account.

 

Does anyone know a reason for there being a different result from the encryption process. There both using the same key and same method (RC4-40).

 

Any help would be greatly appreciated

 

Thanks


sig.jpg

"Before you judge someone, walk a mile in their shoes; after that, who cares?! Their a mile away and you've got their shoes!"


#2 saturn

saturn

    CC Lurker

  • Just Joined
  • Pip
  • 2 posts

Posted 12 February 2014 - 02:09 AM

Hi welton122,

 

Did you find the problem? I have the same promlem: result of openssl_encrypt() function with the same parameters varies on different server.

 

Thanks for any information.



#3 Alexander

Alexander

    YOL9

  • Moderator
  • 3963 posts

Posted 12 February 2014 - 08:02 PM

What is your specific relevant code? A few vague guesses: If it is encrypted and stored in an improper format (i.e. is truncated by a data column that is too small) it may be unrecoverable. If it the IV generation or padding is different, for example, between two versions of the OpenSSL library, then it may handle padding differently and you must investigate what has changed between the two versions. It all depends on which systems, versions, and code you are specifically using.

Alternatively, could you use something more integrated with PHP such as its crypt library to handle encryption?

Alexander.

All new problems require investigation, and so if errors are problems, try to learn as much as you can and report back.


#4 saturn

saturn

    CC Lurker

  • Just Joined
  • Pip
  • 2 posts

Posted 13 February 2014 - 12:41 AM

Hi Alexander,

 

Thanks for you reply.

 

The main difficulty is that the encryption and decryption are made on different servers. Customers use the module which encrypts the sensative data and send to API which decrypts the data. I am sure that all environments have PHP version >= 5.3.0, cipher method is available and the initialization vector is the same for encryption and decryption. However result of OpenSSL encryption function is different on different servers when we encrypt the same data with the same cipher method and initialization vector. The workable solution for me was to switch from OpenSSL to Mcrypt functions of PHP. This way it works stably.






Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download