problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181757] |
Thu, 30 May 2013 06:28 |
ViVi
Messages: 5 Registered: May 2013
Karma: 0
|
Junior Member |
|
|
This is driving me crazy !
I'm getting a string from the user (form,input,type=text)
I escape it (mysql_real_escape_string)
And write it encrypted to DB (AES_ENCRYPT).
Then I read it back (SELECT AES_DECRYPT).
It works 99.99 % of the time.
"Sometime" it fails: i.e. the read value is NOT = to the written one.
To be more specific: the "encrypted" value (select 'catName') contains
something, the decrypted one ( SELECT AES_DECRYPT(`catName`...)
contains garbage.
I've not been able to track down WHEN it fails, but some strings
everytime fail, other strings are OK.
OK are .... almost all
the following string
doppio " apice
FAILS everytime.
I've tried defining the DB field (catName) VARCHAR or BINARY to no
avail.
I dont thing it's a "quote" problem, because if I dont encrypt/decrypt
the string all works fine.
Can someone help me ?
TIA
.... get data from user:
echo " <form action=\"thisScript.php\" name='theName' method=\"post\">
\n";
echo "<input name=\"cat\" type=\"text\" value=\"\" maxlength=\"20\"
size=\"20\" >\n";
echo "<br><INPUT type=\"submit\" style=\"height: 25px; width: 100px\"
value=\"GO\"><br><br>";
.... connect & select DB
.... Write to DB
$s_="SALT";
$cat=$_REQUEST['cat'];
$cat=mysql_real_escape_string($cat);
mysql_query("INSERT INTO `tableName` (`catName`) VALUES
( AES_ENCRYPT('$cat' , '$s_') )");
$rc_=mysql_insert_id();
.... read it from DB
$rlib=mysql_query("SELECT AES_DECRYPT(`catName`, '".$s_."') as cate
FROM `tableName` where `cat_idx` = ".$rc_."")or die(mysql_error());
$myrow = mysql_fetch_array($rlib);
$out=$myrow['cat'];
if ( $out != $_REQUEST['cat'] ) echo "<br><br><b>BAD !</b><br><br>";
|
|
|
Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181758 is a reply to message #181757] |
Thu, 30 May 2013 07:46 |
Denis McMahon
Messages: 634 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On Wed, 29 May 2013 23:28:32 -0700, ViVi wrote:
> I've not been able to track down WHEN it fails, but some strings
> everytime fail, other strings are OK.
How long are the strings that fail - I seem to recall that aes works on
128 bit chunks - so multiples of 16 bytes.
One padding scheme I have seen uses n digits of hex character n as
padding, with 16 wrapping to 0, so for example if the data is a multiple
of 16 bytes, the last 16 bytes are 0, but then if the length of the data
mod 16 is:
1 - 15 * f
2 - 14 * e
............
15 - 1 * 1
0 - 16 * 0
Then after you decrypt, remove the padding chars, given that the last
char tells you how much padding there is.
> OK are .... almost all the following string doppio " apice FAILS
> everytime.
> I've tried defining the DB field (catName) VARCHAR or BINARY to no
> avail.
Also, there's a suggestion elsewhere that I googled that the sql data
field should be varbinary or blob. Is it possible that your encrypted
data is longer than your fixed width field, or in some cases not
compatible with varchar?
--
Denis McMahon, denismfmcmahon(at)gmail(dot)com
|
|
|
Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181759 is a reply to message #181758] |
Thu, 30 May 2013 08:21 |
The Natural Philosoph
Messages: 993 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 30/05/13 08:46, Denis McMahon wrote:
> On Wed, 29 May 2013 23:28:32 -0700, ViVi wrote:
>
>
>> I've not been able to track down WHEN it fails, but some strings
>> everytime fail, other strings are OK.
> How long are the strings that fail - I seem to recall that aes works on
> 128 bit chunks - so multiples of 16 bytes.
>
> One padding scheme I have seen uses n digits of hex character n as
> padding, with 16 wrapping to 0, so for example if the data is a multiple
> of 16 bytes, the last 16 bytes are 0, but then if the length of the data
> mod 16 is:
>
> 1 - 15 * f
> 2 - 14 * e
> ...........
> 15 - 1 * 1
> 0 - 16 * 0
>
> Then after you decrypt, remove the padding chars, given that the last
> char tells you how much padding there is.
>
>> OK are .... almost all the following string doppio " apice FAILS
>> everytime.
>> I've tried defining the DB field (catName) VARCHAR or BINARY to no
>> avail.
> Also, there's a suggestion elsewhere that I googled that the sql data
> field should be varbinary or blob. Is it possible that your encrypted
> data is longer than your fixed width field, or in some cases not
> compatible with varchar?
>
definitely you should use varbinary or blob
"
|AES_ENCRYPT()|
< https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_ aes-encrypt>
encrypts a string and returns a binary string. |AES_DECRYPT()|
< https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_ aes-decrypt>
decrypts the encrypted string and returns the original string. The input
arguments may be any length. If either argument is |NULL|, the result of
this function is also |NULL|.
Because AES is a block-level algorithm, padding is used to encode uneven
length strings and so the result string length may be calculated using
this formula:
16 * (trunc(/|string_length|/ / 16) + 1)
If |AES_DECRYPT()|
< https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_ aes-decrypt>
detects invalid data or incorrect padding, it returns |NULL|. However,
it is possible for |AES_DECRYPT()|
< https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_ aes-decrypt>
to return a non-|NULL| value (possibly garbage) if the input data or the
key is invalid."
https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html
--
Ineptocracy
(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
|
|
|
|
Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181762 is a reply to message #181760] |
Thu, 30 May 2013 10:53 |
Doug Miller
Messages: 171 Registered: August 2011
Karma: 0
|
Senior Member |
|
|
ViVi <vincenzo(dot)viboni(at)gmail(dot)com> wrote in news:3bfd0bde-1d5d-45eb-afe9-
9728dc9a1b4c(at)l3g2000vbl(dot)googlegroups(dot)com:
> Thanks to you and to Denis for your patience.
> Unfortunately nor varbinary nor blob helped me.
> About the padding:
> And nothing changes if the string is 16 (or 15 or 14 for cf/lf) bytes
> long
> doppio apice " f
> ....+....0123456 ... and variations
>
Aside from all that, why are you decrypting it in the first place? You may not need to.
Specifically, if the objective is to determine whether a password entered by a user matches
the [encrypted] password stored in your database, the proper way to do this is not to
DEcrypt the stored password and compare it to the entered password, but to ENcrypt the
*entered* password and compare the encrypted versions.
|
|
|
Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181763 is a reply to message #181762] |
Thu, 30 May 2013 11:53 |
ViVi
Messages: 5 Registered: May 2013
Karma: 0
|
Junior Member |
|
|
On 30 Mag, 12:53, Doug Miller <doug_at_milmac_dot_...@example.com>
wrote:
> Aside from all that, why are you decrypting it in the first place? You may not need to.
>
> Specifically, if the objective is to determine whether a password entered by a user matches
> the [encrypted] password stored in your database, the proper way to do this is not to
> DEcrypt the stored password and compare it to the entered password, but to ENcrypt the
> *entered* password and compare the encrypted versions.
I'm not encrypting passwords ...
I'm encrypting really sensible data blah blah blah ;-)
Thankyou anyway for your attention !
|
|
|
Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181764 is a reply to message #181757] |
Thu, 30 May 2013 12:09 |
Jerry Stuckle
Messages: 2598 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 5/30/2013 2:28 AM, ViVi wrote:
> This is driving me crazy !
> I'm getting a string from the user (form,input,type=text)
> I escape it (mysql_real_escape_string)
> And write it encrypted to DB (AES_ENCRYPT).
> Then I read it back (SELECT AES_DECRYPT).
> It works 99.99 % of the time.
> "Sometime" it fails: i.e. the read value is NOT = to the written one.
> To be more specific: the "encrypted" value (select 'catName') contains
> something, the decrypted one ( SELECT AES_DECRYPT(`catName`...)
> contains garbage.
> I've not been able to track down WHEN it fails, but some strings
> everytime fail, other strings are OK.
> OK are .... almost all
> the following string
> doppio " apice
> FAILS everytime.
> I've tried defining the DB field (catName) VARCHAR or BINARY to no
> avail.
> I dont thing it's a "quote" problem, because if I dont encrypt/decrypt
> the string all works fine.
> Can someone help me ?
> TIA
>
<snip code>
Vivi,
Since your problem seems to be with the MySQL functions, you'll probably
get better help in comp.databases.mysql, where the MySQL experts hang out.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181765 is a reply to message #181763] |
Thu, 30 May 2013 12:52 |
The Natural Philosoph
Messages: 993 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 30/05/13 12:53, ViVi wrote:
> On 30 Mag, 12:53, Doug Miller <doug_at_milmac_dot_...@example.com>
> wrote:
>> Aside from all that, why are you decrypting it in the first place? You may not need to.
>>
>> Specifically, if the objective is to determine whether a password entered by a user matches
>> the [encrypted] password stored in your database, the proper way to do this is not to
>> DEcrypt the stored password and compare it to the entered password, but to ENcrypt the
>> *entered* password and compare the encrypted versions.
> I'm not encrypting passwords ...
> I'm encrypting really sensible data blah blah blah ;-)
> Thankyou anyway for your attention !
yep...I did that when taking credit card details. The data was on a usb
stick. The SEED was on the computer. When unattended, they were separated..
--
Ineptocracy
(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
|
|
|
Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181766 is a reply to message #181764] |
Thu, 30 May 2013 14:05 |
ViVi
Messages: 5 Registered: May 2013
Karma: 0
|
Junior Member |
|
|
> Vivi,
> Since your problem seems to be with the MySQL functions, you'll probably
> get better help in comp.databases.mysql, where the MySQL experts hang out..
You're right, it's a mysql problem.
Thank you for your help
Vivi
mysql> truncate table `ex_categoria_master` ;
Query OK, 0 rows affected (0.00 sec)
mysql> INSERT INTO `ex_categoria_master` (`categoria_nome`) VALUES
( AES_ENCRYPT('doppio apice " f','SALT') );
Query OK, 1 row affected, 1 warning (0.02 sec)
mysql> SELECT AES_DECRYPT(`categoria_nome`, 'SALT') as bunny ,
`categoria_nome` FROM `ex_categoria_master` where `categoria_idx` = 1;
+-------+--------------------------------+
| bunny | categoria_nome |
+-------+--------------------------------+
| NULL | gð]q’3$Û
|
|
|
Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181767 is a reply to message #181766] |
Thu, 30 May 2013 14:34 |
The Natural Philosoph
Messages: 993 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 30/05/13 15:05, ViVi wrote:
>> Vivi,
>> Since your problem seems to be with the MySQL functions, you'll probably
>> get better help in comp.databases.mysql, where the MySQL experts hang out.
> You're right, it's a mysql problem.
> Thank you for your help
> Vivi
>
> mysql> truncate table `ex_categoria_master` ;
> Query OK, 0 rows affected (0.00 sec)
>
> mysql> INSERT INTO `ex_categoria_master` (`categoria_nome`) VALUES
> ( AES_ENCRYPT('doppio apice " f','SALT') );
> Query OK, 1 row affected, 1 warning (0.02 sec)
>
> mysql> SELECT AES_DECRYPT(`categoria_nome`, 'SALT') as bunny ,
> `categoria_nome` FROM `ex_categoria_master` where `categoria_idx` = 1;
> +-------+--------------------------------+
> | bunny | categoria_nome |
> +-------+--------------------------------+
> | NULL | gð]q’3$Ûí¹-)£•…É0³„¬^}ü |
> +-------+--------------------------------+
> 1 row in set (0.00 sec)
>
> mysql> select categoria_idx , `categoria_nome` from
> ex_categoria_master;
> +---------------+--------------------------------+
> | categoria_idx | categoria_nome |
> +---------------+--------------------------------+
> | 1 | gð]q’3$Ûí¹-)£•…É0³„¬^}ü |
> +---------------+--------------------------------+
> 1 row in set (0.00 sec)
please show results of:
show fields in ex_categoria_master;
--
Ineptocracy
(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
|
|
|
|
Re: problem encrypting data (AES_ENCRYPT/AES_DECRYPT) [message #181769 is a reply to message #181768] |
Thu, 30 May 2013 14:57 |
The Natural Philosoph
Messages: 993 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 30/05/13 15:38, ViVi wrote:
> i'm definetly a moron:
> i've defined the encrypted field too short:
> `categoria_nome` varbinary(30) DEFAULT NULL,
> and every string longer than 15 chars was corrupted.
> ...
> ..
> .
> sorry for the disturb, and please don't be too rude
> :-(
ah...NO COMMENT
--
Ineptocracy
(in-ep-toc’-ra-cy) – a system of government where the least capable to lead are elected by the least capable of producing, and where the members of society least likely to sustain themselves or succeed, are rewarded with goods and services paid for by the confiscated wealth of a diminishing number of producers.
|
|
|
|