public function read() { if (empty($_COOKIE['auth'])) { return false; } try { $cookie = Crypto::Decrypt($_COOKIE['auth'], $this->key); $data = json_decode($cookie); } catch (\Exception $e) { $this->log->error($e->getMessage()); return false; } return $data; }
/** * * Encrypt a message with defuse/php-encryption, using an ephemeral key, * then encrypt the key with RSA. * * @param string $ciphertext * @param PrivateKey $rsaPrivateKey * * @return string * @throws InvalidCiphertextException * @throws InvalidChecksumException */ public static function decrypt($ciphertext, PrivateKey $rsaPrivateKey) { $split = explode(self::SEPARATOR, $ciphertext); if (\count($split) !== 4) { throw new InvalidCiphertextException('Invalid ciphertext message'); } if (!\hash_equals($split[0], self::VERSION_TAG)) { throw new InvalidCiphertextException('Invalid version tag'); } $checksum = \substr(\hash('sha256', implode('$', array_slice($split, 0, 3))), 0, 16); if (!\hash_equals($split[3], $checksum)) { throw new InvalidChecksumException('Invalid checksum'); } $key = Key::loadFromAsciiSafeString(self::rsaDecrypt(Base64::decode($split[1]), $rsaPrivateKey)); return Crypto::Decrypt(Base64::decode($split[2]), $key, true); }
/** * @param string $ciphertext * @param null|Key $key * @return string * @throws CannotPerformOperationException * @throws InvalidCiphertextException */ public function decrypt($ciphertext, $key = null) { $key = $this->getKey($key); return Crypto::Decrypt($ciphertext, $key); }
if ($fail_total >= 3) { $item->event('log')->post(['action' => 'disabled']); $errors = true; response(VALIDATION_TOO_MANY_ATTEMPTS, $errors); } // If all of the above validation checks pass, continue on if (!$errors) { $salt = Crypto::hexToBin($item->salt); $data_encrypted = Crypto::hexToBin($item->secret); // Create decryption key $length = 16; $iterations = PASSWORD_ITERATIONS; $key = hash_pbkdf2("sha256", $password, $salt, $iterations, $length); // Decrypt data, reference: https://github.com/defuse/php-encryption/ try { $data_decrypted = Crypto::Decrypt($data_encrypted, $key); } catch (Ex\InvalidCiphertextException $ex) { // VERY IMPORTANT // Log event $item->event('log')->post(['action' => 'failed']); response(DECRYPTION_PASSWORD_WRONG, true); } catch (Ex\CryptoTestFailedException $ex) { response(ENCRYPTION_UNSAFE, true); } catch (Ex\CannotPerformOperationException $ex) { response(DECRYPTION_UNSAFE, true); } // Delete message $item->delete(); // Log event if ($item->delete()) { $item->event('log')->post(['action' => 'deleted']);
function defuse_crypto($message, $key, $type) { //echo $message." ;; ".$key." ;; ".$type; // init $err = ''; // manage key origin if (empty($key) && $type == "encrypt") { try { $key = \Defuse\Crypto\Crypto::createNewRandomKey(); } catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) { $err = 'Cannot safely create a key'; } catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) { $err = 'Cannot safely create a key'; } //\Defuse\Crypto\Encoding::binToHex($key); $tmp = \Defuse\Crypto\Key::saveToAsciiSafeString($key); //echo $key_plain; } if ($type == "encrypt") { try { $ciphertext = \Defuse\Crypto\Crypto::Encrypt($message, $key); } catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) { $err = 'Cannot safely perform encryption'; } catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) { $err = 'Cannot safely perform encryption'; } return array('string' => isset($ciphertext) ? $ciphertext : "", 'error' => $err); } else { if ($type == "decrypt") { try { $decrypted = \Defuse\Crypto\Crypto::Decrypt($message, $key); } catch (\Defuse\Crypto\Exception\InvalidCiphertextException $ex) { $err = 'DANGER! DANGER! The ciphertext has been tampered with!'; } catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) { $err = 'Cannot safely perform decryption'; } catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) { $err = 'Cannot safely perform decryption'; } return array('string' => isset($decrypted) ? $decrypted : "", 'error' => $err); } } }