FUDforum: comp.lang.php » problem encrypting data (AES_ENCRYPT/AES

Home » Imported messages » comp.lang.php » problem encrypting data (AES_ENCRYPT/AES_DECRYPT)

Show: Today's Messages :: Polls :: Message Navigator

problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181757]

Thu, 30 May 2013 06:28

ViVi
Messages: 5
Registered: May 2013

Karma: 0

Junior Member

This is driving me crazy !
I'm getting a string from the user (form,input,type=text)
I escape it (mysql_real_escape_string)
And write it encrypted to DB (AES_ENCRYPT).
Then I read it back (SELECT AES_DECRYPT).
It works 99.99 % of the time.
"Sometime" it fails: i.e. the read value is NOT = to the written one.
To be more specific: the "encrypted" value (select 'catName') contains
something, the decrypted one ( SELECT AES_DECRYPT(`catName`...)
contains garbage.
I've not been able to track down WHEN it fails, but some strings
everytime fail, other strings are OK.
OK are .... almost all
the following string
doppio " apice
FAILS everytime.
I've tried defining the DB field (catName) VARCHAR or BINARY to no
avail.
I dont thing it's a "quote" problem, because if I dont encrypt/decrypt
the string all works fine.
Can someone help me ?
TIA

.... get data from user:
echo " <form action=\"thisScript.php\" name='theName' method=\"post\">
\n";
echo "<input name=\"cat\" type=\"text\" value=\"\" maxlength=\"20\"
size=\"20\" >\n";
echo "<br><INPUT type=\"submit\" style=\"height: 25px; width: 100px\"
value=\"GO\"><br><br>";
.... connect & select DB
.... Write to DB
$s_="SALT";
$cat=$_REQUEST['cat'];
$cat=mysql_real_escape_string($cat);
mysql_query("INSERT INTO `tableName` (`catName`) VALUES
( AES_ENCRYPT('$cat' , '$s_') )");
$rc_=mysql_insert_id();
.... read it from DB
$rlib=mysql_query("SELECT AES_DECRYPT(`catName`, '".$s_."') as cate
FROM `tableName` where `cat_idx` = ".$rc_."")or die(mysql_error());
$myrow = mysql_fetch_array($rlib);
$out=$myrow['cat'];
if ( $out != $_REQUEST['cat'] ) echo "<br><br><b>BAD !</b><br><br>";

Report message to a moderator

Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181758 is a reply to message #181757]

Thu, 30 May 2013 07:46

Denis McMahon
Messages: 634
Registered: September 2010

Karma: 0

Senior Member

On Wed, 29 May 2013 23:28:32 -0700, ViVi wrote:

> I've not been able to track down WHEN it fails, but some strings
> everytime fail, other strings are OK.

How long are the strings that fail - I seem to recall that aes works on
128 bit chunks - so multiples of 16 bytes.

One padding scheme I have seen uses n digits of hex character n as
padding, with 16 wrapping to 0, so for example if the data is a multiple
of 16 bytes, the last 16 bytes are 0, but then if the length of the data
mod 16 is:

1 - 15 * f
2 - 14 * e
............
15 - 1 * 1
0 - 16 * 0

Then after you decrypt, remove the padding chars, given that the last
char tells you how much padding there is.

> OK are .... almost all the following string doppio " apice FAILS
> everytime.
> I've tried defining the DB field (catName) VARCHAR or BINARY to no
> avail.

Also, there's a suggestion elsewhere that I googled that the sql data
field should be varbinary or blob. Is it possible that your encrypted
data is longer than your fixed width field, or in some cases not
compatible with varchar?

--
Denis McMahon, denismfmcmahon(at)gmail(dot)com

Report message to a moderator

Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181759 is a reply to message #181758]

Thu, 30 May 2013 08:21

The Natural Philosoph
Messages: 993
Registered: September 2010

Karma: 0

Senior Member

On 30/05/13 08:46, Denis McMahon wrote:
> On Wed, 29 May 2013 23:28:32 -0700, ViVi wrote:
>
>
>> I've not been able to track down WHEN it fails, but some strings
>> everytime fail, other strings are OK.
> How long are the strings that fail - I seem to recall that aes works on
> 128 bit chunks - so multiples of 16 bytes.
>
> One padding scheme I have seen uses n digits of hex character n as
> padding, with 16 wrapping to 0, so for example if the data is a multiple
> of 16 bytes, the last 16 bytes are 0, but then if the length of the data
> mod 16 is:
>
> 1 - 15 * f
> 2 - 14 * e
> ...........
> 15 - 1 * 1
> 0 - 16 * 0
>
> Then after you decrypt, remove the padding chars, given that the last
> char tells you how much padding there is.
>
>> OK are .... almost all the following string doppio " apice FAILS
>> everytime.
>> I've tried defining the DB field (catName) VARCHAR or BINARY to no
>> avail.
> Also, there's a suggestion elsewhere that I googled that the sql data
> field should be varbinary or blob. Is it possible that your encrypted
> data is longer than your fixed width field, or in some cases not
> compatible with varchar?
>
definitely you should use varbinary or blob

"

|AES_ENCRYPT()|
< https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_ aes-encrypt>
encrypts a string and returns a binary string. |AES_DECRYPT()|
< https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_ aes-decrypt>
decrypts the encrypted string and returns the original string. The input
arguments may be any length. If either argument is |NULL|, the result of
this function is also |NULL|.

Because AES is a block-level algorithm, padding is used to encode uneven
length strings and so the result string length may be calculated using
this formula:

16 * (trunc(/|string_length|/ / 16) + 1)

If |AES_DECRYPT()|
< https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_ aes-decrypt>
detects invalid data or incorrect padding, it returns |NULL|. However,
it is possible for |AES_DECRYPT()|
< https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_ aes-decrypt>
to return a non-|NULL| value (possibly garbage) if the input data or the
key is invalid."

https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html

--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.

Report message to a moderator

Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181760 is a reply to message #181759]

Thu, 30 May 2013 08:58

ViVi
Messages: 5
Registered: May 2013

Karma: 0

Junior Member

Thanks to you and to Denis for your patience.
Unfortunately nor varbinary nor blob helped me.
About the padding:
And nothing changes if the string is 16 (or 15 or 14 for cf/lf) bytes
long
doppio apice " f
.....+....0123456 ... and variations

Report message to a moderator

Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181762 is a reply to message #181760]

Thu, 30 May 2013 10:53

Doug Miller
Messages: 171
Registered: August 2011

Karma: 0

Senior Member

ViVi <vincenzo(dot)viboni(at)gmail(dot)com> wrote in news:3bfd0bde-1d5d-45eb-afe9-
9728dc9a1b4c(at)l3g2000vbl(dot)googlegroups(dot)com:

> Thanks to you and to Denis for your patience.
> Unfortunately nor varbinary nor blob helped me.
> About the padding:
> And nothing changes if the string is 16 (or 15 or 14 for cf/lf) bytes
> long
> doppio apice " f
> ....+....0123456 ... and variations
>

Aside from all that, why are you decrypting it in the first place? You may not need to.

Specifically, if the objective is to determine whether a password entered by a user matches
the [encrypted] password stored in your database, the proper way to do this is not to
DEcrypt the stored password and compare it to the entered password, but to ENcrypt the
*entered* password and compare the encrypted versions.

Report message to a moderator

Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181763 is a reply to message #181762]

Thu, 30 May 2013 11:53

ViVi
Messages: 5
Registered: May 2013

Karma: 0

Junior Member

On 30 Mag, 12:53, Doug Miller <doug_at_milmac_dot_...@example.com>
wrote:
> Aside from all that, why are you decrypting it in the first place? You may not need to.
>
> Specifically, if the objective is to determine whether a password entered by a user matches
> the [encrypted] password stored in your database, the proper way to do this is not to
> DEcrypt the stored password and compare it to the entered password, but to ENcrypt the
> *entered* password and compare the encrypted versions.
I'm not encrypting passwords ...
I'm encrypting really sensible data blah blah blah ;-)
Thankyou anyway for your attention !

Report message to a moderator

Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181764 is a reply to message #181757]

Thu, 30 May 2013 12:09

Jerry Stuckle
Messages: 2598
Registered: September 2010

Karma: 0

Senior Member

On 5/30/2013 2:28 AM, ViVi wrote:
> This is driving me crazy !
> I'm getting a string from the user (form,input,type=text)
> I escape it (mysql_real_escape_string)
> And write it encrypted to DB (AES_ENCRYPT).
> Then I read it back (SELECT AES_DECRYPT).
> It works 99.99 % of the time.
> "Sometime" it fails: i.e. the read value is NOT = to the written one.
> To be more specific: the "encrypted" value (select 'catName') contains
> something, the decrypted one ( SELECT AES_DECRYPT(`catName`...)
> contains garbage.
> I've not been able to track down WHEN it fails, but some strings
> everytime fail, other strings are OK.
> OK are .... almost all
> the following string
> doppio " apice
> FAILS everytime.
> I've tried defining the DB field (catName) VARCHAR or BINARY to no
> avail.
> I dont thing it's a "quote" problem, because if I dont encrypt/decrypt
> the string all works fine.
> Can someone help me ?
> TIA
>
<snip code>

Vivi,

Since your problem seems to be with the MySQL functions, you'll probably
get better help in comp.databases.mysql, where the MySQL experts hang out.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================

Report message to a moderator

Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181765 is a reply to message #181763]

Thu, 30 May 2013 12:52

The Natural Philosoph
Messages: 993
Registered: September 2010

Karma: 0

Senior Member

On 30/05/13 12:53, ViVi wrote:
> On 30 Mag, 12:53, Doug Miller <doug_at_milmac_dot_...@example.com>
> wrote:
>> Aside from all that, why are you decrypting it in the first place? You may not need to.
>>
>> Specifically, if the objective is to determine whether a password entered by a user matches
>> the [encrypted] password stored in your database, the proper way to do this is not to
>> DEcrypt the stored password and compare it to the entered password, but to ENcrypt the
>> *entered* password and compare the encrypted versions.
> I'm not encrypting passwords ...
> I'm encrypting really sensible data blah blah blah ;-)
> Thankyou anyway for your attention !
yep...I did that when taking credit card details. The data was on a usb
stick. The SEED was on the computer. When unattended, they were separated..

--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.

Report message to a moderator

Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181766 is a reply to message #181764]

Thu, 30 May 2013 14:05

ViVi
Messages: 5
Registered: May 2013

Karma: 0

Junior Member

> Vivi,
> Since your problem seems to be with the MySQL functions, you'll probably
> get better help in comp.databases.mysql, where the MySQL experts hang out..

You're right, it's a mysql problem.
Thank you for your help
Vivi

mysql> truncate table `ex_categoria_master` ;
Query OK, 0 rows affected (0.00 sec)

mysql> INSERT INTO `ex_categoria_master` (`categoria_nome`) VALUES
( AES_ENCRYPT('doppio apice " f','SALT') );
Query OK, 1 row affected, 1 warning (0.02 sec)

mysql> SELECT AES_DECRYPT(`categoria_nome`, 'SALT') as bunny ,
`categoria_nome` FROM `ex_categoria_master` where `categoria_idx` = 1;
+-------+--------------------------------+
| bunny | categoria_nome |
+-------+--------------------------------+
| NULL | gð]q’3$Û

Report message to a moderator

Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181767 is a reply to message #181766]

Thu, 30 May 2013 14:34

The Natural Philosoph
Messages: 993
Registered: September 2010

Karma: 0

Senior Member

On 30/05/13 15:05, ViVi wrote:
>> Vivi,
>> Since your problem seems to be with the MySQL functions, you'll probably
>> get better help in comp.databases.mysql, where the MySQL experts hang out.
> You're right, it's a mysql problem.
> Thank you for your help
> Vivi
>
> mysql> truncate table `ex_categoria_master` ;
> Query OK, 0 rows affected (0.00 sec)
>
> mysql> INSERT INTO `ex_categoria_master` (`categoria_nome`) VALUES
> ( AES_ENCRYPT('doppio apice " f','SALT') );
> Query OK, 1 row affected, 1 warning (0.02 sec)
>
> mysql> SELECT AES_DECRYPT(`categoria_nome`, 'SALT') as bunny ,
> `categoria_nome` FROM `ex_categoria_master` where `categoria_idx` = 1;
> +-------+--------------------------------+
> | bunny | categoria_nome |
> +-------+--------------------------------+
> | NULL | gð]q’3$Ûí¹-)£•…É0³„¬^}ü |
> +-------+--------------------------------+
> 1 row in set (0.00 sec)
>
> mysql> select categoria_idx , `categoria_nome` from
> ex_categoria_master;
> +---------------+--------------------------------+
> | categoria_idx | categoria_nome |
> +---------------+--------------------------------+
> | 1 | gð]q’3$Ûí¹-)£•…É0³„¬^}ü |
> +---------------+--------------------------------+
> 1 row in set (0.00 sec)
please show results of:

show fields in ex_categoria_master;

--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.

Report message to a moderator

Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181768 is a reply to message #181767]

Thu, 30 May 2013 14:38

ViVi
Messages: 5
Registered: May 2013

Karma: 0

Junior Member

i'm definetly a moron:
i've defined the encrypted field too short:
`categoria_nome` varbinary(30) DEFAULT NULL,
and every string longer than 15 chars was corrupted.
....
...
..
sorry for the disturb, and please don't be too rude
:-(

Report message to a moderator

Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181769 is a reply to message #181768]

Thu, 30 May 2013 14:57

The Natural Philosoph
Messages: 993
Registered: September 2010

Karma: 0

Senior Member

On 30/05/13 15:38, ViVi wrote:
> i'm definetly a moron:
> i've defined the encrypted field too short:
> `categoria_nome` varbinary(30) DEFAULT NULL,
> and every string longer than 15 chars was corrupted.
> ...
> ..
> .
> sorry for the disturb, and please don't be too rude
> :-(
ah...NO COMMENT

--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.

Report message to a moderator

OT: MySQL AES_ENCRYPT/AES_DECRYPT (was: Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT)) [message #181814 is a reply to message #181768]

Wed, 05 June 2013 12:51

Arno Welzel
Messages: 317
Registered: October 2011

Karma: 0

Senior Member

Am 30.05.2013 16:38, schrieb ViVi:

> i'm definetly a moron:
> i've defined the encrypted field too short:
> `categoria_nome` varbinary(30) DEFAULT NULL,
> and every string longer than 15 chars was corrupted.
> ...
> ..
> .
> sorry for the disturb, and please don't be too rude
> :-(

Nobody's perfect ;-)

JFTR:

< http://dev.mysql.com/doc/refman/4.1/en/encryption-functions.html#function_a es-encrypt>

Cite:

"Because AES is a block-level algorithm, padding is used to encode
uneven length strings and so the result string length may be calculated
using this formula:

16 * (trunc(string_length / 16) + 1)

If AES_DECRYPT() detects invalid data or incorrect padding, it returns
NULL. However, it is possible for AES_DECRYPT() to return a non-NULL
value (possibly garbage) if the input data or the key is invalid."

--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de

Report message to a moderator

Previous Topic:	I am having some difficulties with Tooltip...
Next Topic:	bug in is_numeric

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sun Nov 10 10:13:31 GMT 2024

Total time taken to generate the page: 0.02927 seconds