1

mcrypt_decrypt is giving me additional invisible characters which are NOT VISIBLE by just echoing out on the page. Can ONLY BE SEEN by writing it to the text file. Means, just displaying on the page is OK and hard to be noticed.

Here is the code sample by Googling. Please guide me what is the correct usage is there's something wrong:

function encrypt ($pure_string, $key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $encryption_key, $pure_string, MCRYPT_MODE_ECB, $iv);
    return $encrypted_string;
}

function decrypt ($encrypted_string, $key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $decrypted_string = mcrypt_decrypt(MCRYPT_BLOWFISH, $encryption_key, $encrypted_string, MCRYPT_MODE_ECB, $iv);
    return $decrypted_string;
}

but when i try it:

$encrypted_string = encrypt("This is the original string.", "ABC123");
echo decrypt($encrypted_string, "ABC123");

.. i am getting something like:

This is the original string.�������

This strange characters ������� are actually not visible when you/ i just echo it. Can only be seen by writing into the text file.

  • So what am i missing please?
  • Is there any perfect way to achieve this encrypt/decrypt?

Thank you.

Improve this question
4
  • 1
    MCRYPT_MODE_ECB -- bad .. you should not be using this Commented Jun 3, 2013 at 11:30
  • possible duplicate of PHP decryption fails on some strings with trim()'s Commented Jun 3, 2013 at 11:31
  • @Baba NO this is not a duplicate. Totally different problem. This is also not the trim issue. Commented Jun 3, 2013 at 11:33
  • 1
    Added it has duplicate because .. there so many issues with your encryption MCRYPT_RAND , MCRYPT_MODE_ECB lack of PKCS7 padding , padding oracle attacks .. you can lean a lot of the example class with having to duplicate the answer here Commented Jun 3, 2013 at 11:35

4 Answers 4

Reset to default
2

You can use trim($string, "\0\4") to cut out these characters.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This works actually, even i'm not sure it is the good solution or not. At least the ������� characters goes away.
You would have so many problems in future .. you proper padding .. its not difficult
2

This is padding. ECB mode requires input to be multiple of cipher block size, so additional bytes are added (most likely it is PKCS#5 padding).

To remove PKCS#5 padding you can use following code:

$dec_s = strlen($decrypted);
$padding = ord($decrypted[$dec_s-1]);
$decrypted = substr($decrypted, 0, -$padding);
Improve this answer

3 Comments

So what is the correct usage please, since i really don't know.
o_O sorry but it is returning blank string "". Lets say $decrypted = "This is the original string.�������" . Also, is it about to put in the Decryption (after Decrypting the String) right?
Hm, what actually characters are at the end? Can you show the ord($decrypted[strlen($decrypted)-1]) ?
2

rtrim() will remove the padding that mcrypt added...

Improve this answer

Comments

-2

function encrypt ($pure_string, $key) {

=> $key

$encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $encryption_key, $pure_string, MCRYPT_MODE_ECB, $iv);

=> $encryption_key

not equal

Improve this answer

1 Comment

If its code example, please wrap it in appropriate way for highlighting and make sure syntax is correct. Also, little explanation is usually useful.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.