• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Got an error "Decrypting: authentication failed" while using Encryption service

#1
Hi, in my project I need to store category id in category edit page inside a hidden field. Then, after form submit I want to update that particular category. To achieve this, in a secured approach, I used Encryption service of CodeIgniter 4.

Note: In the App\Config\Encryption.php file, I already set the "base 64" encoded value for "key" property that I got after executing createKey() static function of the Encryption class. 

Also, I included that Encryption class with its namespace that is "CodeIgniter\Encryption\Encryption".

Below code is for the editCategory function, where I create the encryption key, then using that key I encrypt category id. Finally, I pass that to the "edit_category" view file.

PHP Code:
public function editCategory($categoryId) {
        
$data = [];
        
$data['title'] = 'Edit Category';

        
/**
         * Access Configuration settings for the Encryption file
         */
        
$config config('Encryption');

        
/**
         * Generate base64 encoded representation of the encryption key
         */
        
$key base64_encode(Encryption::createKey(32));


        
$configuration = new \Config\Encryption();
        
$configuration->key $key;
        
$configuration->driver 'OpenSSL';
        
$encrypter = \Config\Services::encrypter($configuration);

        
$categoryModel = new CategoryModel();
        
$category $categoryModel->where('id'$categoryId)->first();
        
$categoryId $category['id'];

        
$encryptedCategoryId $encrypter->encrypt($categoryId);
        
// echo $encryptedCategoryId;die;

        
$data['category'] = $category;
        
$data['categoryId'] = $encryptedCategoryId;


        echo 
view('templates/admin_header'$data);
        echo 
view('admin/category/edit_category'$data);
        echo 
view('templates/admin_footer');
    } 

In edit_category.php file, I pass the encrypted category id to the updateCategory function.

Code snippet for hidden field in edit_category.php is written below.

PHP Code:
  <input type="hidden" name="categoryId" value="<?= isset($categoryId) ? $categoryId : ''  ?>"

Codes for updateCategory function is shown below, in that function I wanted to display the decrypted version of the category id.

PHP Code:
public function updateCategory() {
        
$data = [];
        
$data['title'] = 'Edit Category';

        
$validation = \Config\Services::validation(); 
        
$rules $validation->getRuleGroup('categoryCreate');

        if(!
$this->validate($rules)) {

            
$data['validation'] = $this->validator;
            echo 
view('templates/admin_header'$data);
            echo 
view('admin/edit_category'$data);
            echo 
view('templates/admin_footer');

        } else {

            
$catId $this->request->getPost('categoryId');
            
            
// configure the encryption service properly, before decrypting
            
$config = new \Config\Encryption();
                        
                        
// load the Encryption.php file's configuration settings
            
$configValues config('Encryption');
            
$config->key base64_decode($configValues->key);
            
$config->driver 'OpenSSL';

            
$encrypter = \Config\Services::encrypter($config);

            
$decryptedCatId $encrypter->decrypt($catId);
            
            die(
'category id: '$decryptedCatId);

            
        }
    } 

Have I done any mistake? Please help.
Reply

#2
In your editCategory function, you setup two instances of the encryption config.

$config = config('Encryption'); // the shared instance
$configuration = new \Config\Encryption(); // the other instance

Yet, you passed to the encrypter is the "other" instance. This causes the wrong starter key to be used in your decryption. You need to manipulate the shared instance.

Then in both editCategory and updateCategory, you don't really need two instances of the same config file. Just use the shared config instance across your code.
Reply

#3
(09-25-2020, 09:19 AM)paulbalandan Wrote: In your editCategory function, you setup two instances of the encryption config.

$config = config('Encryption'); // the shared instance
$configuration = new \Config\Encryption(); // the other instance

Yet, you passed to the encrypter is the "other" instance. This causes the wrong starter key to be used in your decryption. You need to manipulate the shared instance.

Then in both editCategory and updateCategory, you don't really need two instances of the same config file. Just use the shared config instance across your code.

Thanks for your advice.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.