 decrypt() returning incorrect result |
I'm converting an app from CI 3.1.13 to CI 4.3.1
In CI3 I had: PHP Code: $CI =& get_instance();In CI4 I have: PHP Code: $encrypter = Services::encrypter();In Config/Encryption.php I have: PHP Code: public string $key = REDACTED; //32 Character encryption keyBetween the two version the key has not changed and the digest value hasn't changed. When I step through the code I see that the decrypted result is garbage characters. I see that it's identifying the encryption algorithm as aes-256-ctr. I don't know if that's the correct algorithm or not from what CI3 was using, but something is off. From reading another forum post, I thought this was CI3 compatible as of CI 4.3.0.
(02-17-2023, 05:20 PM)kenjis Wrote: It should work... Should, but it isn't. As a test, with the settings I listed, I was able to encrypt a plain text value, then decrypt it and they matched, so the decryption algorithm is working against it's own encryption. However, I tried encrypting the same plain text that was encrypted in a CI3 version of the same application and it encrypts to a completely different value. In CI3 'hotdoggies' encrypts to: Code: 756f4d370aaf4cdd16b5b6a2917883acb338d2d66d33521114bcbe495ae2b8f351c240be70a709d20f9a16517e824e5f1a8424d2731db02c701a6ae0678bc2ccMecjhJImsNP5ziPf03zRn3z0dS4phxXuK6Ga/Bqb36o=In CI4 'hotdoggies' encrypts to: Code: 30777d629b28662fce7b292c64e0f26393b8b7d9e4ac69a1ee271c3d0c620639be72bb833857e2316a4b1f766352d4b701a33cbfe29585e4ab4aa556a3abf87eKpiCg4Mqen/qzZ/xJi5ewwr1RQdhMA==You can see they are yielding different results, which, then it isn't strange that decrypting a CI3 encrypted value using the CI4 decrypt() is producing an incorrect result. The seed is the same in both CI3 and CI4 versions.
@kenjis
I applied the workaround that @ardimardiana referenced here https://forum.codeigniter.com/showthread...#pid406963 and got it working. In doing so I discovered the problem. CI4 is incorrectly guessing the cipher to use in decrypting the CI3 data as aes-256-ctr, when at least in my case, it is the CI3 standard aes-128-cbc cipher. As soon as I changed @ardimardiana's workaround code to: PHP Code: $ci3 = new Ci3encrypt();The CI3 encryption library decrypted the input properly. I tried forcing the CI4 encryption to use aes-128-cbc and even though the documentation (https://codeigniter.com/user_guide/libra...initialize) shows a cipher option, I'm not seeing cipher or mode in \Config\Encryption.php. Were they removed from CI4 at some point after that documentation?
Oh, thank you for the investigation.
I got your situation. Try: PHP Code: $config = new Encryption();
02-19-2023, 05:44 AM
(This post was last modified: 02-19-2023, 05:44 AM by objecttothis. Edit Reason: Grammar ) (02-18-2023, 04:25 PM)kenjis Wrote: Oh, thank you for the investigation. Excellent. This works. I submitted a PR to add the field into \App\Config\Encryption.php and the documentation example. https://github.com/codeigniter4/CodeIgniter4/pull/7278
This bug has been fixed in develop branch, and it will be included in v4.3.3.
https://github.com/codeigniter4/CodeIgniter4/pull/7273 |
| Welcome Guest, Not a member yet? Register Sign In |
