/** * Decrypt a string. * * @param string $text The content for the decryption. * * @return string The decrypted string */ public function Decrypt($text) { $text = $this->splitText($text); // Set the iv. $this->aes->setIV($text[0]); // Decrypt. return $this->aes->decrypt($text[1]); }
public static function decrypt($data, $k, $iv) { $aes = new AES(MCRYPT_MODE_CBC); $aes->setKey($k); $aes->setIV($iv); return $aes->decrypt($data); }
public static function decrypt($data) { $aes = new AES(AES::MODE_ECB); $aes->setKey(self::$key); $data = pack("H*", $data); $data = $aes->decrypt($data); return $data; }
/** * @return mixed */ public function decrypt($text, $key, $options = array()) { $processed_text = ''; $disable_base64 = array_key_exists('base64', $options) && $options['base64'] == FALSE; // If base64 encoding is not disabled. if (!$disable_base64) { $text = base64_decode($text); } $aes = new AES(); $aes->setKey($key); $processed_text = $aes->decrypt($text); return trim($processed_text); }
/** * Process the launchkey option to prepare for usage within the plugin. The option will have encrypted attributes * decrypted as well as set default values for any missing or unset attributes. * * @since 1.0.0 * * @param $input * * @return array */ public function post_get_option_filter($input) { // Define the defaults for attributes $defaults = static::get_defaults(); // If the input is empty (null) set it to an empty array $input ?: array(); // Merge the input array over the defaults array to set any know data to the response $output = array_merge($defaults, $input); // If the secret key attribute is not empty, decrypt it if (!empty($input[LaunchKey_WP_Options::OPTION_SECRET_KEY])) { $key = md5($input[LaunchKey_WP_Options::OPTION_SECRET_KEY]); if (empty($this->cache[$key])) { /** * Use the rocket key as the IV. If null, use the static value. * @link https://docs.launchkey.com/glossary.html#term-iv */ $iv = empty($output[LaunchKey_WP_Options::OPTION_ROCKET_KEY]) ? static::STATIC_IV : $output[LaunchKey_WP_Options::OPTION_ROCKET_KEY]; $this->crypt_aes->setIV($iv); /** * Decrypt the Base64 decoded string and set it as the output value * @link https://docs.launchkey.com/glossary.html#term-base64 */ $this->cache[$key] = $this->crypt_aes->decrypt(base64_decode($input[LaunchKey_WP_Options::OPTION_SECRET_KEY])); } $output[LaunchKey_WP_Options::OPTION_SECRET_KEY] = $this->cache[$key]; } // If the private key attribute is not empty, decrypt it if (!empty($input[LaunchKey_WP_Options::OPTION_PRIVATE_KEY])) { $key = md5($input[LaunchKey_WP_Options::OPTION_PRIVATE_KEY]); if (empty($this->cache[$key])) { /** * Use the decrypted secret key as the IV. If null, use the static value. * @link https://docs.launchkey.com/glossary.html#term-iv */ $iv = empty($output[LaunchKey_WP_Options::OPTION_SECRET_KEY]) ? static::STATIC_IV : $output[LaunchKey_WP_Options::OPTION_SECRET_KEY]; $this->crypt_aes->setIV($iv); /** * Decrypt the Base64 decoded string and set it as the output value * @link https://docs.launchkey.com/glossary.html#term-base64 * * We are suppressing errors as */ $this->cache[$key] = @$this->crypt_aes->decrypt(base64_decode($input[LaunchKey_WP_Options::OPTION_PRIVATE_KEY])); } $output[LaunchKey_WP_Options::OPTION_PRIVATE_KEY] = $this->cache[$key]; } return $output; }
/** * Decrypts a value and verifies the HMAC (Encrypt-Then-Mac) * @param string $authenticatedCiphertext * @param string $password Password to encrypt, if not specified the secret from config.php will be taken * @return string plaintext * @throws \Exception If the HMAC does not match */ public function decrypt($authenticatedCiphertext, $password = '') { if ($password === '') { $password = $this->config->getSystemValue('secret'); } $this->cipher->setPassword($password); $parts = explode('|', $authenticatedCiphertext); if (sizeof($parts) !== 3) { throw new \Exception('Authenticated ciphertext could not be decoded.'); } $ciphertext = hex2bin($parts[0]); $iv = $parts[1]; $hmac = hex2bin($parts[2]); $this->cipher->setIV($iv); if (!hash_equals($this->calculateHMAC($parts[0] . $parts[1], $password), $hmac)) { throw new \Exception('HMAC does not match.'); } return $this->cipher->decrypt($ciphertext); }
/** * Decryption using openssl's AES or phpseclib's AES * (phpseclib uses mcrypt when it is available) * * @param string $encdata encrypted data * @param string $secret the secret * * @return string original data */ public function cookieDecrypt($encdata, $secret) { if (is_null($this->_cookie_iv)) { $this->_cookie_iv = base64_decode($_COOKIE['pma_iv-' . $GLOBALS['server']], true); } if (mb_strlen($this->_cookie_iv, '8bit') < $this->getIVSize()) { $this->createIV(); } if (self::useOpenSSL()) { return openssl_decrypt($encdata, 'AES-128-CBC', $secret, 0, $this->_cookie_iv); } else { $cipher = new Crypt\AES(Crypt\Base::MODE_CBC); $cipher->setIV($this->_cookie_iv); $cipher->setKey($secret); return $cipher->decrypt(base64_decode($encdata)); } }
/** * Break a public or private key down into its constituent components * * @access public * @param string $key * @param string $password optional * @return array */ static function load($key, $password = '') { if (!is_string($key)) { return false; } static $one; if (!isset($one)) { $one = new BigInteger(1); } if (strpos($key, 'BEGIN SSH2 PUBLIC KEY')) { $data = preg_split('#[\\r\\n]+#', $key); $data = array_splice($data, 2, -1); $data = implode('', $data); $components = OpenSSH::load($data); if ($components === false) { return false; } if (!preg_match('#Comment: "(.+)"#', $key, $matches)) { return false; } $components['comment'] = str_replace(array('\\\\', '\\"'), array('\\', '"'), $matches[1]); return $components; } $components = array('isPublicKey' => false); $key = preg_split('#\\r\\n|\\r|\\n#', $key); $type = trim(preg_replace('#PuTTY-User-Key-File-2: (.+)#', '$1', $key[0])); if ($type != 'ssh-rsa') { return false; } $encryption = trim(preg_replace('#Encryption: (.+)#', '$1', $key[1])); $components['comment'] = trim(preg_replace('#Comment: (.+)#', '$1', $key[2])); $publicLength = trim(preg_replace('#Public-Lines: (\\d+)#', '$1', $key[3])); $public = Base64::decode(implode('', array_map('trim', array_slice($key, 4, $publicLength)))); $public = substr($public, 11); extract(unpack('Nlength', Strings::shift($public, 4))); $components['publicExponent'] = new BigInteger(Strings::shift($public, $length), -256); extract(unpack('Nlength', Strings::shift($public, 4))); $components['modulus'] = new BigInteger(Strings::shift($public, $length), -256); $privateLength = trim(preg_replace('#Private-Lines: (\\d+)#', '$1', $key[$publicLength + 4])); $private = Base64::decode(implode('', array_map('trim', array_slice($key, $publicLength + 5, $privateLength)))); switch ($encryption) { case 'aes256-cbc': $symkey = static::generateSymmetricKey($password, 32); $crypto = new AES(AES::MODE_CBC); } if ($encryption != 'none') { $crypto->setKey($symkey); $crypto->setIV(str_repeat("", $crypto->getBlockLength() >> 3)); $crypto->disablePadding(); $private = $crypto->decrypt($private); } extract(unpack('Nlength', Strings::shift($private, 4))); if (strlen($private) < $length) { return false; } $components['privateExponent'] = new BigInteger(Strings::shift($private, $length), -256); extract(unpack('Nlength', Strings::shift($private, 4))); if (strlen($private) < $length) { return false; } $components['primes'] = array(1 => new BigInteger(Strings::shift($private, $length), -256)); extract(unpack('Nlength', Strings::shift($private, 4))); if (strlen($private) < $length) { return false; } $components['primes'][] = new BigInteger(Strings::shift($private, $length), -256); $temp = $components['primes'][1]->subtract($one); $components['exponents'] = array(1 => $components['publicExponent']->modInverse($temp)); $temp = $components['primes'][2]->subtract($one); $components['exponents'][] = $components['publicExponent']->modInverse($temp); extract(unpack('Nlength', Strings::shift($private, 4))); if (strlen($private) < $length) { return false; } $components['coefficients'] = array(2 => new BigInteger(Strings::shift($private, $length), -256)); return $components; }
/** * Break a public or private key down into its constituant components * * @access private * @see _convertPublicKey() * @see _convertPrivateKey() * @param String $key * @param Integer $type * @return Array */ function _parseKey($key, $type) { if ($type != CRYPT_RSA_PUBLIC_FORMAT_RAW && !is_string($key)) { return false; } switch ($type) { case CRYPT_RSA_PUBLIC_FORMAT_RAW: if (!is_array($key)) { return false; } $components = array(); switch (true) { case isset($key['e']): $components['publicExponent'] = $key['e']->copy(); break; case isset($key['exponent']): $components['publicExponent'] = $key['exponent']->copy(); break; case isset($key['publicExponent']): $components['publicExponent'] = $key['publicExponent']->copy(); break; case isset($key[0]): $components['publicExponent'] = $key[0]->copy(); } switch (true) { case isset($key['n']): $components['modulus'] = $key['n']->copy(); break; case isset($key['modulo']): $components['modulus'] = $key['modulo']->copy(); break; case isset($key['modulus']): $components['modulus'] = $key['modulus']->copy(); break; case isset($key[1]): $components['modulus'] = $key[1]->copy(); } return isset($components['modulus']) && isset($components['publicExponent']) ? $components : false; case CRYPT_RSA_PRIVATE_FORMAT_PKCS1: case CRYPT_RSA_PUBLIC_FORMAT_PKCS1: /* Although PKCS#1 proposes a format that public and private keys can use, encrypting them is "outside the scope" of PKCS#1. PKCS#1 then refers you to PKCS#12 and PKCS#15 if you're wanting to protect private keys, however, that's not what OpenSSL* does. OpenSSL protects private keys by adding two new "fields" to the key - DEK-Info and Proc-Type. These fields are discussed here: http://tools.ietf.org/html/rfc1421#section-4.6.1.1 http://tools.ietf.org/html/rfc1421#section-4.6.1.3 DES-EDE3-CBC as an algorithm, however, is not discussed anywhere, near as I can tell. DES-CBC and DES-EDE are discussed in RFC1423, however, DES-EDE3-CBC isn't, nor is its key derivation function. As is, the definitive authority on this encoding scheme isn't the IETF but rather OpenSSL's own implementation. ie. the implementation *is* the standard and any bugs that may exist in that implementation are part of the standard, as well. * OpenSSL is the de facto standard. It's utilized by OpenSSH and other projects */ if (preg_match('#DEK-Info: (.+),(.+)#', $key, $matches)) { $iv = pack('H*', trim($matches[2])); $symkey = pack('H*', md5($this->password . substr($iv, 0, 8))); // symkey is short for symmetric key $symkey .= pack('H*', md5($symkey . $this->password . substr($iv, 0, 8))); // remove the Proc-Type / DEK-Info sections as they're no longer needed $key = preg_replace('#^(?:Proc-Type|DEK-Info): .*#m', '', $key); $ciphertext = $this->_extractBER($key); if ($ciphertext === false) { $ciphertext = $key; } switch ($matches[1]) { case 'AES-256-CBC': $crypto = new AES(); break; case 'AES-128-CBC': $symkey = substr($symkey, 0, 16); $crypto = new AES(); break; case 'DES-EDE3-CFB': $crypto = new TripleDES(CRYPT_DES_MODE_CFB); break; case 'DES-EDE3-CBC': $symkey = substr($symkey, 0, 24); $crypto = new TripleDES(); break; case 'DES-CBC': $crypto = new DES(); break; default: return false; } $crypto->setKey($symkey); $crypto->setIV($iv); $decoded = $crypto->decrypt($ciphertext); } else { $decoded = $this->_extractBER($key); } if ($decoded !== false) { $key = $decoded; } $components = array(); if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { return false; } if ($this->_decodeLength($key) != strlen($key)) { return false; } $tag = ord($this->_string_shift($key)); /* * intended for keys for which OpenSSL's asn1parse returns the following: 0:d=0 hl=4 l= 631 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=2 l= 13 cons: SEQUENCE 9:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption 20:d=2 hl=2 l= 0 prim: NULL 22:d=1 hl=4 l= 609 prim: OCTET STRING */ if ($tag == CRYPT_RSA_ASN1_INTEGER && substr($key, 0, 3) == "0") { $this->_string_shift($key, 3); $tag = CRYPT_RSA_ASN1_SEQUENCE; } if ($tag == CRYPT_RSA_ASN1_SEQUENCE) { /* * intended for keys for which OpenSSL's asn1parse returns the following: 0:d=0 hl=4 l= 290 cons: SEQUENCE 4:d=1 hl=2 l= 13 cons: SEQUENCE 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption 17:d=2 hl=2 l= 0 prim: NULL 19:d=1 hl=4 l= 271 prim: BIT STRING */ $this->_string_shift($key, $this->_decodeLength($key)); $tag = ord($this->_string_shift($key)); // skip over the BIT STRING / OCTET STRING tag $this->_decodeLength($key); // skip over the BIT STRING / OCTET STRING length // "The initial octet shall encode, as an unsigned binary integer wtih bit 1 as the least significant bit, the number of // unused bits in the final subsequent octet. The number shall be in the range zero to seven." // -- http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf (section 8.6.2.2) if ($tag == CRYPT_RSA_ASN1_BITSTRING) { $this->_string_shift($key); } if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { return false; } if ($this->_decodeLength($key) != strlen($key)) { return false; } $tag = ord($this->_string_shift($key)); } if ($tag != CRYPT_RSA_ASN1_INTEGER) { return false; } $length = $this->_decodeLength($key); $temp = $this->_string_shift($key, $length); if (strlen($temp) != 1 || ord($temp) > 2) { $components['modulus'] = new BigInteger($temp, 256); $this->_string_shift($key); // skip over CRYPT_RSA_ASN1_INTEGER $length = $this->_decodeLength($key); $components[$type == CRYPT_RSA_PUBLIC_FORMAT_PKCS1 ? 'publicExponent' : 'privateExponent'] = new BigInteger($this->_string_shift($key, $length), 256); return $components; } if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_INTEGER) { return false; } $length = $this->_decodeLength($key); $components['modulus'] = new BigInteger($this->_string_shift($key, $length), 256); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['publicExponent'] = new BigInteger($this->_string_shift($key, $length), 256); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['privateExponent'] = new BigInteger($this->_string_shift($key, $length), 256); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['primes'] = array(1 => new BigInteger($this->_string_shift($key, $length), 256)); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['primes'][] = new BigInteger($this->_string_shift($key, $length), 256); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['exponents'] = array(1 => new BigInteger($this->_string_shift($key, $length), 256)); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['exponents'][] = new BigInteger($this->_string_shift($key, $length), 256); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['coefficients'] = array(2 => new BigInteger($this->_string_shift($key, $length), 256)); if (!empty($key)) { if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { return false; } $this->_decodeLength($key); while (!empty($key)) { if (ord($this->_string_shift($key)) != CRYPT_RSA_ASN1_SEQUENCE) { return false; } $this->_decodeLength($key); $key = substr($key, 1); $length = $this->_decodeLength($key); $components['primes'][] = new BigInteger($this->_string_shift($key, $length), 256); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['exponents'][] = new BigInteger($this->_string_shift($key, $length), 256); $this->_string_shift($key); $length = $this->_decodeLength($key); $components['coefficients'][] = new BigInteger($this->_string_shift($key, $length), 256); } } return $components; case CRYPT_RSA_PUBLIC_FORMAT_OPENSSH: $parts = explode(' ', $key, 3); $key = isset($parts[1]) ? base64_decode($parts[1]) : false; if ($key === false) { return false; } $comment = isset($parts[2]) ? $parts[2] : false; $cleanup = substr($key, 0, 11) == "ssh-rsa"; if (strlen($key) <= 4) { return false; } extract(unpack('Nlength', $this->_string_shift($key, 4))); $publicExponent = new BigInteger($this->_string_shift($key, $length), -256); if (strlen($key) <= 4) { return false; } extract(unpack('Nlength', $this->_string_shift($key, 4))); $modulus = new BigInteger($this->_string_shift($key, $length), -256); if ($cleanup && strlen($key)) { if (strlen($key) <= 4) { return false; } extract(unpack('Nlength', $this->_string_shift($key, 4))); $realModulus = new BigInteger($this->_string_shift($key, $length), -256); return strlen($key) ? false : array('modulus' => $realModulus, 'publicExponent' => $modulus, 'comment' => $comment); } else { return strlen($key) ? false : array('modulus' => $modulus, 'publicExponent' => $publicExponent, 'comment' => $comment); } // http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue // http://en.wikipedia.org/wiki/XML_Signature // http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue // http://en.wikipedia.org/wiki/XML_Signature case CRYPT_RSA_PRIVATE_FORMAT_XML: case CRYPT_RSA_PUBLIC_FORMAT_XML: $this->components = array(); $xml = xml_parser_create('UTF-8'); xml_set_object($xml, $this); xml_set_element_handler($xml, '_start_element_handler', '_stop_element_handler'); xml_set_character_data_handler($xml, '_data_handler'); // add <xml></xml> to account for "dangling" tags like <BitStrength>...</BitStrength> that are sometimes added if (!xml_parse($xml, '<xml>' . $key . '</xml>')) { return false; } return isset($this->components['modulus']) && isset($this->components['publicExponent']) ? $this->components : false; // from PuTTY's SSHPUBK.C // from PuTTY's SSHPUBK.C case CRYPT_RSA_PRIVATE_FORMAT_PUTTY: $components = array(); $key = preg_split('#\\r\\n|\\r|\\n#', $key); $type = trim(preg_replace('#PuTTY-User-Key-File-2: (.+)#', '$1', $key[0])); if ($type != 'ssh-rsa') { return false; } $encryption = trim(preg_replace('#Encryption: (.+)#', '$1', $key[1])); $comment = trim(preg_replace('#Comment: (.+)#', '$1', $key[2])); $publicLength = trim(preg_replace('#Public-Lines: (\\d+)#', '$1', $key[3])); $public = base64_decode(implode('', array_map('trim', array_slice($key, 4, $publicLength)))); $public = substr($public, 11); extract(unpack('Nlength', $this->_string_shift($public, 4))); $components['publicExponent'] = new BigInteger($this->_string_shift($public, $length), -256); extract(unpack('Nlength', $this->_string_shift($public, 4))); $components['modulus'] = new BigInteger($this->_string_shift($public, $length), -256); $privateLength = trim(preg_replace('#Private-Lines: (\\d+)#', '$1', $key[$publicLength + 4])); $private = base64_decode(implode('', array_map('trim', array_slice($key, $publicLength + 5, $privateLength)))); switch ($encryption) { case 'aes256-cbc': $symkey = ''; $sequence = 0; while (strlen($symkey) < 32) { $temp = pack('Na*', $sequence++, $this->password); $symkey .= pack('H*', sha1($temp)); } $symkey = substr($symkey, 0, 32); $crypto = new AES(); } if ($encryption != 'none') { $crypto->setKey($symkey); $crypto->disablePadding(); $private = $crypto->decrypt($private); if ($private === false) { return false; } } extract(unpack('Nlength', $this->_string_shift($private, 4))); if (strlen($private) < $length) { return false; } $components['privateExponent'] = new BigInteger($this->_string_shift($private, $length), -256); extract(unpack('Nlength', $this->_string_shift($private, 4))); if (strlen($private) < $length) { return false; } $components['primes'] = array(1 => new BigInteger($this->_string_shift($private, $length), -256)); extract(unpack('Nlength', $this->_string_shift($private, 4))); if (strlen($private) < $length) { return false; } $components['primes'][] = new BigInteger($this->_string_shift($private, $length), -256); $temp = $components['primes'][1]->subtract($this->one); $components['exponents'] = array(1 => $components['publicExponent']->modInverse($temp)); $temp = $components['primes'][2]->subtract($this->one); $components['exponents'][] = $components['publicExponent']->modInverse($temp); extract(unpack('Nlength', $this->_string_shift($private, 4))); if (strlen($private) < $length) { return false; } $components['coefficients'] = array(2 => new BigInteger($this->_string_shift($private, $length), -256)); return $components; } }
/** * Decryption using openssl's AES or phpseclib's AES * (phpseclib uses mcrypt when it is available) * * @param string $encdata encrypted data * @param string $secret the secret * * @return string|bool original data, false on error */ public function cookieDecrypt($encdata, $secret) { $data = json_decode($encdata, true); if (!is_array($data) || !isset($data['mac']) || !isset($data['iv']) || !isset($data['payload']) || !is_string($data['mac']) || !is_string($data['iv']) || !is_string($data['payload'])) { return false; } $mac_secret = $this->getMACSecret($secret); $aes_secret = $this->getAESSecret($secret); $newmac = hash_hmac('sha1', $data['iv'] . $data['payload'], $mac_secret); if (!hash_equals($data['mac'], $newmac)) { return false; } if (self::useOpenSSL()) { return openssl_decrypt($data['payload'], 'AES-128-CBC', $secret, 0, base64_decode($data['iv'])); } else { $cipher = new Crypt\AES(Crypt\Base::MODE_CBC); $cipher->setIV(base64_decode($data['iv'])); $cipher->setKey($aes_secret); return $cipher->decrypt(base64_decode($data['payload'])); } }
/** * @param $encryptedMessage * @return String */ public function decrypt($encryptedMessage) { return $this->cipher->decrypt(base64_decode($encryptedMessage)); }
/** * @inheritDoc */ public function decrypt($encryptedValue, $key, $iv) { $this->aes->setKey($key); $this->aes->setIV($iv); return $this->aes->decrypt($encryptedValue); }
/** * @param string $encrypted * * @return bool|string */ public function decrypt($encrypted) { return $this->aes->decrypt(base64_decode($encrypted)); }