/** * Generate a new honeypot and return the form HTML * @param $honeyInputName * @param $honeyInputTime * @return string */ public function generate($honeyInputName, $honeyInputTime) { try { $this->key = Crypto::createNewRandomKey(); // WARNING: Do NOT encode $key with bin2hex() or base64_encode(), // they may leak the key to the attacker through side channels. } catch (Ex\CryptoTestFailedException $ex) { return false; //die('Cannot safely create a key'); } catch (Ex\CannotPerformOperationException $ex) { return false; //die('Cannot safely create a key'); } // Encrypt the current time $honeyInputTimeEncrypted = $this->getEncryptedTime(); $html = '<div id="' . $honeyInputName . '_wrap" style="display:none;">' . "\r\n" . '<input name="' . $honeyInputName . '" type="text" value="" id="' . $honeyInputName . '" tabindex="-1">' . "\r\n" . '<input name="' . $honeyInputTime . '" type="text" value="' . $honeyInputTimeEncrypted . '" tabindex="-1">' . "\r\n" . '</div>'; return $html; }
/** * Generate a key and return in 'friendly' format. * * @param null $unused - not used in this implementation * * @return string - friendly */ public function generate_key($unused = null) { $crypto = new Crypto(); return $this->friendly($crypto->createNewRandomKey()); }
<?php use Defuse\Crypto\Crypto; use Defuse\Crypto\Exception as Ex; require_once 'autoload.php'; try { $key = Crypto::createNewRandomKey(); // WARNING: Do NOT encode $key with bin2hex() or base64_encode(), // they may leak the key to the attacker through side channels. } catch (Ex\CryptoTestFailed $ex) { die('Cannot safely create a key'); } catch (Ex\CannotPerformOperation $ex) { die('Cannot safely create a key'); } $message = "ATTACK AT DAWN"; try { $ciphertext = Crypto::encrypt($message, $key); } catch (Ex\CryptoTestFailed $ex) { die('Cannot safely perform encryption'); } catch (Ex\CannotPerformOperation $ex) { die('Cannot safely perform encryption'); } try { $decrypted = Crypto::decrypt($ciphertext, $key); } catch (Ex\InvalidCiphertext $ex) { // VERY IMPORTANT // Either: // 1. The ciphertext was modified by the attacker, // 2. The key is wrong, or // 3. $ciphertext is not a valid ciphertext or was corrupted. // Assume the worst.
private function store_encrypted_password($password) { // generate a random key require_once 'php-encryption/autoload.php'; try { $key = Crypto::createNewRandomKey(); } catch (Ex\CryptoTestFailedException $ex) { die('Cannot safely create a key'); } catch (Ex\CannotPerformOperationException $ex) { die('Cannot safely create a key'); } // store the key in the session $_SESSION['nextpass']['key'] = $key; // encrypt the password with the key try { $encrypted_password = Crypto::encrypt($password, $key); } catch (Ex\CryptoTestFailedException $ex) { die('Cannot safely perform encryption'); } catch (Ex\CannotPerformOperationException $ex) { die('Cannot safely perform encryption'); } // store the encrypted password in a cookie $encrypted_password = Crypto::binToHex($encrypted_password); $secure = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443; setcookie("nextpass_password", $encrypted_password, 0, $this->html_code['path'], "", $secure, true); }
function defuse_crypto($message, $key, $type) { //echo $message." ;; ".$key." ;; ".$type; // init $err = ''; // manage key origin if (empty($key) && $type == "encrypt") { try { $key = \Defuse\Crypto\Crypto::createNewRandomKey(); } catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) { $err = 'Cannot safely create a key'; } catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) { $err = 'Cannot safely create a key'; } //\Defuse\Crypto\Encoding::binToHex($key); $tmp = \Defuse\Crypto\Key::saveToAsciiSafeString($key); //echo $key_plain; } if ($type == "encrypt") { try { $ciphertext = \Defuse\Crypto\Crypto::Encrypt($message, $key); } catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) { $err = 'Cannot safely perform encryption'; } catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) { $err = 'Cannot safely perform encryption'; } return array('string' => isset($ciphertext) ? $ciphertext : "", 'error' => $err); } else { if ($type == "decrypt") { try { $decrypted = \Defuse\Crypto\Crypto::Decrypt($message, $key); } catch (\Defuse\Crypto\Exception\InvalidCiphertextException $ex) { $err = 'DANGER! DANGER! The ciphertext has been tampered with!'; } catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) { $err = 'Cannot safely perform decryption'; } catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) { $err = 'Cannot safely perform decryption'; } return array('string' => isset($decrypted) ? $decrypted : "", 'error' => $err); } } }
public static function createKey() { // WARNING: Do NOT encode $key with bin2hex() or base64_encode(), // they may leak the key to the attacker through side channels. return Crypto::createNewRandomKey(); }
private function generateNewGroupKey() { /** * @var $key Key */ try { $key = Crypto::createNewRandomKey(); // WARNING: Do NOT encode $key with bin2hex() or base64_encode(), // they may leak the key to the attacker through side channels. } catch (Ex\CryptoTestFailedException $ex) { die('Cannot safely create a key'); } catch (Ex\CannotPerformOperationException $ex) { die('Cannot safely create a key'); } return $key; }