/** * Uses Defuse\Crypto\Crypto.hexToBin to convert a self.friendly value back to raw value * * @param $friendlyValue - value returned from 'friendly' function * * @return string - maybe unfriendly value */ protected function unfriendly($friendlyValue) { return $friendlyValue ? Crypto::hexToBin($friendlyValue) : null; }
<?php require_once \dirname(__DIR__) . '/autoload.php'; use Defuse\Crypto\Crypto; $status = 0; for ($i = 0; $i < 100; ++$i) { $random = \openssl_random_pseudo_bytes(32); $encode_a = Crypto::binToHex($random); $encode_b = \bin2hex($random); if ($encode_a !== $encode_b) { $status = 1; \var_dump([$encode_a, $encode_b]); } // echo "\t", $encode_a, "\t", $encode_b, "\n"; $decode_a = Crypto::hexToBin($encode_b); $decode_b = \hex2bin($encode_a); if ($decode_a !== $decode_b) { $status = 1; \var_dump([\base64_encode($decode_a), \base64_decode($decode_b)]); } } if ($status < 0) { echo 'Encoded successfully!', "\n"; } exit($status); \var_dump(Crypto::binToHex("ABJA")); \var_dump(Crypto::hexToBin('41424a41'));
/** * Decrypt something * * @param string $ciphertext The hexadecimal string * @return string cleartext string */ public function decrypt($ciphertext) { return Crypto::decrypt(Crypto::hexToBin($ciphertext), $this->getSecretKey()); }
$errors = true; response(VALIDATION_TOO_MANY_ATTEMPTS, $errors); } // Validation: check if this is a brute force attempt $past = strtotime("-5 min") * 1000; $events->search('value.action:failed AND @path.timestamp:[' . $past . ' TO ' . $now . ']'); $fail_total = $events->getTotalCount(); if ($fail_total >= 3) { $item->event('log')->post(['action' => 'disabled']); $errors = true; response(VALIDATION_TOO_MANY_ATTEMPTS, $errors); } // If all of the above validation checks pass, continue on if (!$errors) { $salt = Crypto::hexToBin($item->salt); $data_encrypted = Crypto::hexToBin($item->secret); // Create decryption key $length = 16; $iterations = PASSWORD_ITERATIONS; $key = hash_pbkdf2("sha256", $password, $salt, $iterations, $length); // Decrypt data, reference: https://github.com/defuse/php-encryption/ try { $data_decrypted = Crypto::Decrypt($data_encrypted, $key); } catch (Ex\InvalidCiphertextException $ex) { // VERY IMPORTANT // Log event $item->event('log')->post(['action' => 'failed']); response(DECRYPTION_PASSWORD_WRONG, true); } catch (Ex\CryptoTestFailedException $ex) { response(ENCRYPTION_UNSAFE, true); } catch (Ex\CannotPerformOperationException $ex) {
public function decrypt_password() { if ($this->logged_in !== true) { $this->debug->error("Not logged in!"); } if (empty($_COOKIE['nextpass_password']) or empty($_SESSION['nextpass']['key'])) { $this->debug->error("Password is not stored in Cookie or Session!"); } require_once 'php-encryption/autoload.php'; $encrypted_password = $_COOKIE['nextpass_password']; $encrypted_password = Crypto::hexToBin($encrypted_password); $key = $_SESSION['nextpass']['key']; try { $password = Crypto::decrypt($encrypted_password, $key); } catch (Ex\InvalidCiphertextException $ex) { // Either: // 1. The ciphertext was modified by the attacker, // 2. The key is wrong, or // 3. $ciphertext is not a valid ciphertext or was corrupted. // Assume the worst. die('DANGER! DANGER! The ciphertext has been tampered with!'); } catch (Ex\CryptoTestFailedException $ex) { die('Cannot safely perform decryption'); } catch (Ex\CannotPerformOperationException $ex) { die('Cannot safely perform decryption'); } return $password; }