Cryptographic -> Encrypt with password: Technical details

Elias · September 14, 2019, 3:37pm

Hi @patrick, can you please advise on the current implementation of the Mcrypt algorithm in Wappler?
Are we using AES250? What is the maximum length of the password? What is the best way to store the output in a mySQL database, is it varbinary?
What will be the equivalent under mySQL, is it AES_ENCRYPT?

Elias · September 17, 2019, 5:25pm

@patrick, any update on the above please? Just want to make sure i have all the technical details to be able to decrypt/encrypt the data between a wappler application and a 3rd party

Hyperbytes · September 17, 2019, 5:29pm

I suspect what you need to know will be contained in this post

Elias · September 17, 2019, 5:33pm

Thank you @Hyperbytes, i checked it but could not find: the algorithm used (aes?) The length (128?) The recommended type (hex or string?) and maximum length of the password. I also could not find the recommended mySQL type to store the encrypted column (varbinary?)
Thank you

Hyperbytes · September 17, 2019, 5:34pm

In crypto.php mentioned in the thread there is reference to AES-256-CBC

function formatter_encrypt($val, $password) {
    $key = hash('sha256', $password, TRUE);
    $iv = openssl_random_pseudo_bytes(16);
    if (($l = (strlen($val) & 15)) > 0) { $val .= str_repeat(chr(0), 16 - $l); }
    return base64_encode($iv . openssl_encrypt($val, 'AES-256-CBC', $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv));
}

function formatter_decrypt($val, $password) {
    $key = hash('sha256', $password, TRUE);
    $val = base64_decode($val);
    return rtrim(openssl_decrypt(substr($val, 16), 'AES-256-CBC', $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, substr($val, 0, 16)), "\0");

Elias · September 17, 2019, 5:41pm

Exactly what i needed, i hadnt open the zip file indeed.
Thanks loads @Hyperbytes

Elias · September 17, 2019, 8:23pm

I suggest to add some of this info here:

It could be replaced with: Encrypt the input with password using the secured AES-256-CBC algorithm

patrick · September 18, 2019, 8:07am

The encrypt used mcrypt with the cipler MCRYPT_RIJNDAEL_128 and mode MCRYPT_MODE_CBC. Mcrypt is deprecated as of PHP 7.1.0, so we updated it to use openssl. It uses the AES-256-CBC method and generates exactly the same encrypted data as the mcrypt method. I think it is the best algorithm to use at this moment.

Elias · September 18, 2019, 8:46am

Thanks @patrick I would just suggest to update the description below accordingly in wappler for other users, as when seeing it we feel an obsolete and deprecated algorithm is being used whereas the actual algorithm used (AES-256-CBC) is strong and even contains an initialisation vector to avoid repetition in data encryption

George · September 18, 2019, 3:43pm