Yii Framework Forum: AES Encryption - Yii Framework Forum

Jump to content

  • (5 Pages)
  • +
  • 1
  • 2
  • 3
  • 4
  • Last »
  • You cannot start a new topic
  • You cannot reply to this topic

AES Encryption AES Encryption Porting from PHP to Yii Rate Topic: -----

#21 User is online   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,220
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 05 December 2011 - 04:31 PM

It will if you set the cryptAlgorithm property right.
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

#22 User is offline   Emily Dickinson 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 201
  • Joined: 17-September 10
  • Location:Albuquerque, NM

Posted 05 December 2011 - 04:35 PM

View PostDa:Sourcerer, on 05 December 2011 - 04:31 PM, said:

It will if you set the cryptAlgorithm property right.


Nice! Would you be willing to post a complete solution - including code for the Behavior and the controller?
Em
0

#23 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 05 December 2011 - 04:43 PM

Da:Sourcerer ...

I'm very curious about what you're suggesting. Do you have an example I could see? I've spent so much time on this I've fallen very far behind.

Thanks again to all of you for helping me with this. I look forward to posting an elegant, working solution.

Christopher
0

#24 User is online   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,220
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 05 December 2011 - 04:56 PM

The behaviour is pretty easy:
class EncryptionBehavior extends CActiveRecordBehavior
{
  public $cryptAttribute;
  public $key;

  public function beforeSave($event)
  {
    if($this->cryptAttribute !== null)
      $this->owner->{$this->cryptAttribute} = Yii::app()->securityManager->encrypt($this->owner->{$this->cryptAttribute}, $this->key);
  }

  public function afterFind($event)
  {
    if($this->cryptAttribute !== null)
      $this->owner->{$this->cryptAttribute} = Yii::app()->securityManager->decrypt($this->owner->{$this->cryptAttribute}, $this->key);
  }
}

There is no need to touch the controller for this behaviour. Just enable it in the model's behaviors() method:
class MyModel extends CActiveRecord
{
  ...
  public function behaviors()
  {
    return array(
      'EncryptionBehavior'=>array(
        'class'=>'EncryptionBehavior',
        'key'=>Yii::app()->params['secretKey'],
        'cryptAttribute'=>'myAttribute',
      ),
    );
  }
}


I just typed this freehand, so be cautious with this. Give me an hour or so until my dev machine is ready to go again ;)
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

#25 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 05 December 2011 - 07:40 PM

Da:Sourcerer .... Thank you ... this looks like a great solution. I have it hooked up and gotten rid of the errors that broke my page (wasn't sure where to put things) ... but now I'm not getting the value of the decrypted field to display ... but I'm sure I'm close :-)
0

#26 User is online   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,220
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 05 December 2011 - 07:48 PM

Hm, what do you get instead? Have you set CSecurityManager's cryptAlgorithm to rijndael-128?
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

#27 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 05 December 2011 - 08:19 PM

I changed it and it did not work. But then I tried AES-256-CBC and got a broken page with some interesting output:

mcrypt_module_open() [<a href='function.mcrypt-module-open'>function.mcrypt-module-open</a>]: Could not open encryption module

CSecurityManager requires PHP mcrypt extension to be loaded in order to use data encryption feature.

So perhaps I need to step back and tweak the server?

Thanks again .. this is getting exciting ;-)
0

#28 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 05 December 2011 - 08:22 PM

My mistake ... I do have mcrypt enabled.

I know I entered the database in my table using PHP AES_ENCRYPT in my old application. But when I tried one of the earlier suggestions here I was able to get the decrypted value (echo $data->enabled).

But I much prefer your method and want to get this to work.
0

#29 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 05 December 2011 - 08:26 PM

I set it to rijndael-128 and the page does not break, but neither do I get any value. I'll stop writing now until I figure it out ;-)
0

#30 User is online   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,220
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 05 December 2011 - 08:37 PM

Hm, the first param of mcrypt_module_open() needs to be on of the outputs of mcrypt_list_algorithms(). AES-256-CBC doesn't sound like something that function would return... For reference:
# php -r "print_r(mcrypt_list_algorithms());"
Array
(
  [0] => cast-128
  [1] => gost
  [2] => rijndael-128
  [3] => twofish
  [4] => arcfour
  [5] => cast-256
  [6] => loki97
  [7] => rijndael-192
  [8] => saferplus
  [9] => wake
  [10] => blowfish-compat
  [11] => des
  [12] => rijndael-256
  [13] => serpent
  [14] => xtea
  [15] => blowfish
  [16] => enigma
  [17] => rc2
  [18] => tripledes
)

That is from a 64bit CentOS 6.0 with a suhosin-hardened PHP v5.3.8

The default algorithm for CSecurityManager is des. I really think rijndael-128 is the one to go for in your case. You might have to set it into ECB or CBC-mode, though.
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

#31 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 05 December 2011 - 09:02 PM

class EncryptionBehavior extends CActiveRecordBehavior
I have this in a file called EncryptionBehaviors.php in my components directory:

{
public $cryptAttribute;
public $key;

public function beforeSave($event)
{
if($this->cryptAttribute !== null)
$this->owner->{$this->cryptAttribute} = Yii::app()->securityManager->encrypt($this->owner->{$this->cryptAttribute}, $this->key);
}

public function afterFind($event)
{
if($this->cryptAttribute !== null)
$this->owner->{$this->cryptAttribute} = Yii::app()->securityManager->decrypt($this->owner->{$this->cryptAttribute}, $this->key);
}
}

I then have this is my model, just after the 'relations' array:

public function behaviors() {
return array(
'EncryptionBehavior'=>array(
'class'=>'EncryptionBehavior',
'key'=>Yii::app()->params['secretKey'],
'cryptAttribute'=>'clientSocialSecurity',
),
);
}

And I have this in my config/main.php

'params'=>array(
// this is used in contact page
'adminEmail'=>'webmaster@example.com',
'secretKey'=>'myKeyGoesHere',
),

I can see that things are being called and I am getting no errors. But the field in my view that holds the encrypted value displays nothing. All the other fields that are encrypted (and are not part of this routine) display the encrypted value.

Thank you again for your time.
0

#32 User is online   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,220
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 05 December 2011 - 09:08 PM

Look for the components-stanza in your config/main.php. Add this:
'securityManager'=>array(
  'cryptAlgorithm'=>array(
    'rijndael-128',
    '',
    'cbc',
    ''
  ),
),

programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

#33 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 05 December 2011 - 09:10 PM

I added this and still found no display of the value.
0

#34 User is online   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,220
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 05 December 2011 - 09:11 PM

Hm, I'm out of ideas for now.
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

#35 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 05 December 2011 - 09:17 PM

Thats cool ....ill keep plugging away and hopefully will post some good need.

I cant tell you how much I appreciate you sticking with me and getting me this far ...
0

#36 User is online   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,220
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 05 December 2011 - 11:44 PM

Ah, it must really be set into ECB mode. Setting it into CBC mode won't do you any good.
programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

#37 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 06 December 2011 - 06:12 AM

I have this set in CSecurityManager.php:

public $cryptAlgorithm='rijndael-128';

(although I also tried adding -ebc and -cbc to this)

And I have this set in my config/main.php:

'components'=>array(
'user'=>array(
// enable cookie-based authentication
'allowAutoLogin'=>true,
),
'securityManager'=>array(
'cryptAlgorithm'=>array(
'rijndael-128',
'',
'ecb',
''
),
),

I have this in my model, but now I'm wondering if it belongs something else or in a different position within the model:

public function behaviors() {
return array(
'EncryptionBehavior'=>array(
'class'=>'EncryptionBehavior',
'key'=>Yii::app()->params['secretKey'],
'cryptAttribute'=>'clientSocialSecurity',
),
);
}


I have nothing in the view other than the gii-generated form.

I'm still missing something or putting something in the wrong place.
0

#38 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 06 December 2011 - 09:36 AM

In both code samples from Emily and DaSourcerer, I believe what is failing is that my afterFind and beforeSave functions are not getting executed. The class files appear to be called, but then I get no display of the value. In looking at logs, I don't believe the afterFind (which is what I'm testing first) is getting called/executed.
0

#39 User is offline   ekerazha 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 525
  • Joined: 10-October 08
  • Location:European Union

Posted 06 December 2011 - 12:29 PM

Note: remember that AES-256 is actually less secure than AES-128 :)

This post has been edited by ekerazha: 06 December 2011 - 12:30 PM

Yii user #37
0

#40 User is online   Da:Sourcerer 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,220
  • Joined: 30-March 11
  • Location:Berlin, Germany

Posted 06 December 2011 - 01:31 PM

Something's strange with CSecurityManager. Well, time for plan B:
# php -r "echo bin2hex(openssl_encrypt('abc', 'aes-128-ecb', 'def', true));"
481669422b4fe6acb546d80fb22ad0c4
# echo "SELECT HEX(AES_ENCRYPT('abc', 'def'));" | mysql
HEX(AES_ENCRYPT('abc', 'def'))
481669422B4FE6ACB546D80FB22AD0C4

programmer /ˈprəʊgramə/, noun: a device that converts ►coffee into ►code
0

Share this topic:


  • (5 Pages)
  • +
  • 1
  • 2
  • 3
  • 4
  • Last »
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users