/** * Method to decrypt a data string. * * @param string $data The encrypted string to decrypt. * @param JCryptKey $key The key object to use for decryption. * * @return string The decrypted data string. * * @since 3.5 * @throws RuntimeException */ public function decrypt($data, JCryptKey $key) { // Validate key. if ($key->type != 'crypto') { throw new InvalidArgumentException('Invalid key of type: ' . $key->type . '. Expected crypto.'); } // Decrypt the data. try { return Crypto::Decrypt($data, $key->public); } catch (InvalidCiphertextException $ex) { throw new RuntimeException('DANGER! DANGER! The ciphertext has been tampered with!', $ex->getCode(), $ex); } catch (CryptoTestFailedException $ex) { throw new RuntimeException('Cannot safely perform decryption', $ex->getCode(), $ex); } catch (CannotPerformOperationException $ex) { throw new RuntimeException('Cannot safely perform decryption', $ex->getCode(), $ex); } }
private static function TestEncryptDecrypt() { $key = Crypto::CreateNewRandomKey(); $data = "EnCrYpT EvErYThInG"; // Make sure encrypting then decrypting doesn't change the message. $ciphertext = Crypto::Encrypt($data, $key); try { $decrypted = Crypto::Decrypt($ciphertext, $key); } catch (InvalidCiphertextException $ex) { // It's important to catch this and change it into a // CryptoTestFailedException, otherwise a test failure could trick // the user into thinking it's just an invalid ciphertext! throw new CryptoTestFailedException(); } if ($decrypted !== $data) { throw new CryptoTestFailedException(); } // Modifying the ciphertext: Appending a string. try { Crypto::Decrypt($ciphertext . "a", $key); throw new CryptoTestFailedException(); } catch (InvalidCiphertextException $e) { /* expected */ } // Modifying the ciphertext: Changing an IV byte. try { $ciphertext[0] = chr((ord($ciphertext[0]) + 1) % 256); Crypto::Decrypt($ciphertext, $key); throw new CryptoTestFailedException(); } catch (InvalidCiphertextException $e) { /* expected */ } // Decrypting with the wrong key. $key = Crypto::CreateNewRandomKey(); $data = "abcdef"; $ciphertext = Crypto::Encrypt($data, $key); $wrong_key = Crypto::CreateNewRandomKey(); try { Crypto::Decrypt($ciphertext, $wrong_key); throw new CryptoTestFailedException(); } catch (InvalidCiphertextException $e) { /* expected */ } // Ciphertext too small (shorter than HMAC). $key = Crypto::CreateNewRandomKey(); $ciphertext = str_repeat("A", self::MAC_BYTE_SIZE - 1); try { Crypto::Decrypt($ciphertext, $key); throw new CryptoTestFailedException(); } catch (InvalidCiphertextException $e) { /* expected */ } }
public function getContent(Document $document, User $requester, $passPhrase) { $share = $document->getShareOf($requester); $encryptionKey = $this->getEncryptionKey($share, $passPhrase); return \Crypto::Decrypt(base64_decode($document->getEncryptedContent()), $encryptionKey); }
/** * Decrypt a string using AES. * * @param string $plaintext * @param string $key (optional) * @param bool $force_compat (optional) * @return string|false */ public static function decrypt($ciphertext, $key = null, $force_compat = false) { // Get the encryption key. $key = $key ?: config('crypto.encryption_key'); $key = substr(hash('sha256', $key, true), 0, 16); // Check whether the ciphertext is valid. $ciphertext = @base64_decode($ciphertext); if (strlen($ciphertext) < 48) { return false; } // Use defuse/php-encryption if possible. if (!$force_compat && function_exists('openssl_decrypt')) { try { return \Crypto::Decrypt($ciphertext, $key); } catch (\Exception $e) { return false; } } // Otherwise, use the CryptoCompat class. return \CryptoCompat::decrypt($ciphertext, $key); }
/** * Decrypt $this->WeakestLic * @access public * @return array Decrypted lic */ private final function DecryptLic() { // Extract sault from license if ($this->AlgoVersion < 2) { $chunks = explode("rmYG", current($this->WeakestLic)); $sault = $chunks[0]; $lic = $chunks[1]; } else { $sault = substr(current($this->WeakestLic), 0, 24); $lic = substr(current($this->WeakestLic), 24); } // Prepare and generate key - the base of trust $Crypto = new Crypto($this->LicKey); if ($this->AlgoVersion == 2) $shash = $Crypto->Hash("{$sault}{$this->LicKey}", "SHA256"); else $shash = $Crypto->Hash("{$sault} invalid {$this->LicKey}", "SHA256"); $key = substr($shash, 0, 12).substr($shash, -12); // end // Decrypt $retval = $Crypto->Decrypt($lic, $key); $retval = explode("|", $retval); $retval = array_map('trim', $retval); $Crypto = null; return($retval); }
/** * {@inheritdoc} * * json_decode with assoc flag set to true */ public function decrypt($payload) { try { $result = \Crypto::Decrypt(base64_decode($payload), $this->key); return json_decode($result, true); } catch (\InvalidCiphertextException $e) { throw new DecryptException($e->getMessage(), $e->getCode(), $e); } catch (\CannotPerformOperationException $e) { throw new DecryptException($e->getMessage(), $e->getCode(), $e); } catch (\CryptoTestFailedException $e) { throw new EncrypterException($e->getMessage(), $e->getCode(), $e); } }
$key = Crypto::CreateNewRandomKey(); // WARNING: Do NOT encode $key with bin2hex() or base64_encode(), // they may leak the key to the attacker through side channels. } catch (CryptoTestFailedException $ex) { die('Cannot safely create a key'); } catch (CannotPerformOperationException $ex) { die('Cannot safely create a key'); } $message = "ATTACK AT DAWN"; try { $ciphertext = Crypto::Encrypt($message, $key); } catch (CryptoTestFailedException $ex) { die('Cannot safely perform encryption'); } catch (CannotPerformOperationException $ex) { die('Cannot safely perform decryption'); } try { $decrypted = Crypto::Decrypt($ciphertext, $key); } catch (InvalidCiphertextException $ex) { // VERY IMPORTANT // Either: // 1. The ciphertext was modified by the attacker, // 2. The key is wrong, or // 3. $ciphertext is not a valid ciphertext or was corrupted. // Assume the worst. die('DANGER! DANGER! The ciphertext has been tampered with!'); } catch (CryptoTestFailedException $ex) { die('Cannot safely perform encryption'); } catch (CannotPerformOperationException $ex) { die('Cannot safely perform decryption'); }
/** * Decrypts a message * @param string $message The message to decryept * @return string $decrypted The decrypted message */ public static function decrypt($message, $key = NULL) { if ($key != NULL) { Yii::log('warning', 'Use of the `$key` parameter is deprecated', 'cii'); } if (empty($message)) { return null; } $key = self::getEncryptionKey(); try { $decrypted = Crypto::Decrypt(hex2bin($message), $key); } catch (InvalidCiphertextException $ex) { Yii::log('Ciphertext or key is invalid', 'error', 'cii'); return null; } catch (CryptoTestFailedException $ex) { Yii::log('Ciphertext or key is invalid', 'error', 'cii'); return null; } catch (CannotPerformOperationException $ex) { Yii::log('Ciphertext or key is invalid', 'error', 'cii'); return null; } return $decrypted; }
response(VALIDATION_MESSAGE_NOTFOUND, $errors, $logger); } else { $item = $repo->findById($id); $salt = base64_decode($item->salt); $data_encrypted = base64_decode($item->secret); } } // If all of the above validation checks pass, continue on if (!$errors) { // Create decryption key $length = 16; $iterations = 10000; $key = hash_pbkdf2("sha256", $password, $salt . PASSWORD_PEPPER, $iterations, $length); // Decrypt data, reference: https://github.com/defuse/php-encryption/ try { $data_decrypted = Crypto::Decrypt($data_encrypted, $key); } catch (InvalidCiphertextException $ex) { // VERY IMPORTANT response(DECRYPTION_PASSWORD_WRONG, true, $logger); } catch (CryptoTestFailedException $ex) { response(ENCRYPTION_UNSAFE, true, $logger); } catch (CannotPerformOperationException $ex) { response(DECRYPTION_UNSAFE, true, $logger); } // Delete message if ($use_orchestrate) { // Check if Orchestrate is enabled $item = $client->purge(ORCHESTRATE_COLLECTION, $id); $logger->info(LOG_ORCHESTRATE_PURGE); } else { // Fallback to Flywheel
public function get_session($session_id) { //加密后的 session_id $decode = base64_decode($session_id); //检验 session_id 是否被篡改 $keySize = Crypto::KEY_BYTE_SIZE; $key = mb_substr($decode, 0, $keySize, '8bit'); $decode = mb_substr($decode, $keySize, null, '8bit'); try { $decrypted = Crypto::Decrypt($decode, $key); } catch (InvalidCiphertextException $ex) { // VERY IMPORTANT // Either: // 1. The ciphertext was modified by the attacker, // 2. The key is wrong, or // 3. $ciphertext is not a valid ciphertext or was corrupted. // Assume the worst. //被人恶意修改Cookie return FALSE; } catch (CryptoTestFailedException $ex) { die('Cannot safely perform encryption'); } catch (CannotPerformOperationException $ex) { die('Cannot safely perform decryption'); } if (empty($decrypted)) { return FALSE; } //session id $session_id = $decrypted; session_id($session_id); session_start(); return $_SESSION[$this->login_in_session_name]; }
require __DIR__ . '/private/app.php'; $key = Crypto::CreateNewRandomKey(); $message = 'ATTACK AT DAWN'; $result = null; if (isset($_POST['key'])) { $key = base64url_decode(strval($_POST['key'])); } if (isset($_POST['message'])) { $message = strval($_POST['message']); } try { if (isset($_POST['encode'])) { $result = Crypto::Encrypt($message, $key); } else { if (isset($_POST['decode'])) { $message = Crypto::Decrypt(base64url_decode(strtr($message, array("\r" => '', "\n" => ''))), $key); } } } catch (\Exception $exception) { } // WARNING: Do NOT encode $key with bin2hex() or base64_encode(), // they may leak the key to the attacker through side channels. ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Using encryption in PHP | php_encryption</title> <link href="static/bower_components/bootstrap/dist/css/bootstrap.css" type="text/css" rel="stylesheet">