/**
* Generate a new honeypot and return the form HTML
* @param $honeyInputName
* @param $honeyInputTime
* @return string
*/
public function generate($honeyInputName, $honeyInputTime)
{
try {
$this->key = Crypto::createNewRandomKey();
// WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
// they may leak the key to the attacker through side channels.
} catch (Ex\CryptoTestFailedException $ex) {
return false;
//die('Cannot safely create a key');
} catch (Ex\CannotPerformOperationException $ex) {
return false;
//die('Cannot safely create a key');
}
// Encrypt the current time
$honeyInputTimeEncrypted = $this->getEncryptedTime();
$html = '<div id="' . $honeyInputName . '_wrap" style="display:none;">' . "\r\n" . '<input name="' . $honeyInputName . '" type="text" value="" id="' . $honeyInputName . '" tabindex="-1">' . "\r\n" . '<input name="' . $honeyInputTime . '" type="text" value="' . $honeyInputTimeEncrypted . '" tabindex="-1">' . "\r\n" . '</div>';
return $html;
}
/**
* Generate a key and return in 'friendly' format.
*
* @param null $unused - not used in this implementation
*
* @return string - friendly
*/
public function generate_key($unused = null)
{
$crypto = new Crypto();
return $this->friendly($crypto->createNewRandomKey());
}
<?php
use Defuse\Crypto\Crypto;
use Defuse\Crypto\Exception as Ex;
require_once 'autoload.php';
try {
$key = Crypto::createNewRandomKey();
// WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
// they may leak the key to the attacker through side channels.
} catch (Ex\CryptoTestFailed $ex) {
die('Cannot safely create a key');
} catch (Ex\CannotPerformOperation $ex) {
die('Cannot safely create a key');
}
$message = "ATTACK AT DAWN";
try {
$ciphertext = Crypto::encrypt($message, $key);
} catch (Ex\CryptoTestFailed $ex) {
die('Cannot safely perform encryption');
} catch (Ex\CannotPerformOperation $ex) {
die('Cannot safely perform encryption');
}
try {
$decrypted = Crypto::decrypt($ciphertext, $key);
} catch (Ex\InvalidCiphertext $ex) {
// VERY IMPORTANT
// Either:
// 1. The ciphertext was modified by the attacker,
// 2. The key is wrong, or
// 3. $ciphertext is not a valid ciphertext or was corrupted.
// Assume the worst.
private function store_encrypted_password($password)
{
// generate a random key
require_once 'php-encryption/autoload.php';
try {
$key = Crypto::createNewRandomKey();
} catch (Ex\CryptoTestFailedException $ex) {
die('Cannot safely create a key');
} catch (Ex\CannotPerformOperationException $ex) {
die('Cannot safely create a key');
}
// store the key in the session
$_SESSION['nextpass']['key'] = $key;
// encrypt the password with the key
try {
$encrypted_password = Crypto::encrypt($password, $key);
} catch (Ex\CryptoTestFailedException $ex) {
die('Cannot safely perform encryption');
} catch (Ex\CannotPerformOperationException $ex) {
die('Cannot safely perform encryption');
}
// store the encrypted password in a cookie
$encrypted_password = Crypto::binToHex($encrypted_password);
$secure = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443;
setcookie("nextpass_password", $encrypted_password, 0, $this->html_code['path'], "", $secure, true);
}
function defuse_crypto($message, $key, $type)
{
//echo $message." ;; ".$key." ;; ".$type;
// init
$err = '';
// manage key origin
if (empty($key) && $type == "encrypt") {
try {
$key = \Defuse\Crypto\Crypto::createNewRandomKey();
} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
$err = 'Cannot safely create a key';
} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
$err = 'Cannot safely create a key';
}
//\Defuse\Crypto\Encoding::binToHex($key);
$tmp = \Defuse\Crypto\Key::saveToAsciiSafeString($key);
//echo $key_plain;
}
if ($type == "encrypt") {
try {
$ciphertext = \Defuse\Crypto\Crypto::Encrypt($message, $key);
} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
$err = 'Cannot safely perform encryption';
} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
$err = 'Cannot safely perform encryption';
}
return array('string' => isset($ciphertext) ? $ciphertext : "", 'error' => $err);
} else {
if ($type == "decrypt") {
try {
$decrypted = \Defuse\Crypto\Crypto::Decrypt($message, $key);
} catch (\Defuse\Crypto\Exception\InvalidCiphertextException $ex) {
$err = 'DANGER! DANGER! The ciphertext has been tampered with!';
} catch (\Defuse\Crypto\Exception\CryptoTestFailedException $ex) {
$err = 'Cannot safely perform decryption';
} catch (\Defuse\Crypto\Exception\CannotPerformOperationException $ex) {
$err = 'Cannot safely perform decryption';
}
return array('string' => isset($decrypted) ? $decrypted : "", 'error' => $err);
}
}
}
public static function createKey()
{
// WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
// they may leak the key to the attacker through side channels.
return Crypto::createNewRandomKey();
}
private function generateNewGroupKey()
{
/**
* @var $key Key
*/
try {
$key = Crypto::createNewRandomKey();
// WARNING: Do NOT encode $key with bin2hex() or base64_encode(),
// they may leak the key to the attacker through side channels.
} catch (Ex\CryptoTestFailedException $ex) {
die('Cannot safely create a key');
} catch (Ex\CannotPerformOperationException $ex) {
die('Cannot safely create a key');
}
return $key;
}
