Yii Framework Forum: AES Encryption - Yii Framework Forum

Jump to content

  • (5 Pages)
  • +
  • « First
  • 2
  • 3
  • 4
  • 5
  • You cannot start a new topic
  • You cannot reply to this topic

AES Encryption AES Encryption Porting from PHP to Yii Rate Topic: -----

#61 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 07 December 2011 - 05:57 AM

I think it's here ... the clientSocialSecurity is not getting populated:

public function behaviors()
        {
        return array(
        'crypt'=>array(
		// this assumes that the behavior is in the folder: protected/behaviors/
        'class'=>'application.behaviors.CryptBehavior',
       	// this sets that the attributes to be encrypted/decrypted are encryptedfieldname of the model
        'attributes'=>array('clientSocialSecurity'),
        )
        );
        }


Again ... wondering if it's in the wrong place. I have it right below 'rules' in my model.
0

#62 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 07 December 2011 - 07:17 AM

Almost positive now it's the encryption key not getting passed. I see the other values getting sent to the CryptBehavior but then when it gets to the encrypted value of clientSocialSecurity it stops (but I do see the encrytped value).

This is my components in main.php:

	'components'=>array(
		'user'=>array(
			// enable cookie-based authentication
			'allowAutoLogin'=>true,
		),
		'securityManager'=>array(
        'cryptAlgorithm'=>array(
        'rijndael-128',
        '',
        'ecb',
        ''
        ),
       'encryptionKey'=>'mysecretkeygoeshere',
	),

0

#63 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 07 December 2011 - 09:53 AM

Hi Antonio.

If you ever come back to this thread :-) ... I'd like to just have you see these two items.

When I print out the $key and $value in the afterFind within the CryptBehavior.php you sent me, I see all the fields and values for the client database table. It looks something like this:

Id -> 238
clientFirstName -> Christopher
clientLastName -> Murray
clientMiddleInitial ->
clientBirthDate -> 1900-11-22
clientStreetAddress -> 29 GReenleaf Road
clientStreetAddress2 ->
clientCity -> Boston
clientState -> MA
clientZip -> 01234
clientHomePhone -> 5083545345
clientHomePhoneMessages -> Yes
clientBusinessPhone -> 508242342
clientBusinessPhoneMessages -> Yes
clientCellPhone -> 5082943243
clientCellPhoneMessages -> Yes
clientEmail -> christomurr@gmail.com
clientEmailMessages -> Yes
clientSocialSecurity -> »º$tÐq!ÀÅtø…µj$è

So, I have two questions really:

I am specifying the clientSocialSecurity in the behavior function you sent me, so am I supposed to be seeing all the fields in the CryptBehavior like this?

public function behaviors()
        {
        return array(
        'crypt'=>array(
        'class'=>'application.behaviors.CryptBehavior',
        'attributes'=>array('clientSocialSecurity'),
        )
        );
        }



Secondly, You can see the output fails right at the clientSocialSecurity value. So, I am assuming it is indeed getting the value of that field but that the error message I mention in a previous post about an empty string is the missing encryption key. I have set that as mentioned previously in my main.php.

Do you have any more thoughts on this? I feel like I'm really close.

Thanks,
Christopher
0

#64 User is offline   Antonio Ramirez 

  • Elite Member
  • Yii
  • Group: Yii Dev Team
  • Posts: 1,448
  • Joined: 04-October 10

Posted 07 December 2011 - 11:22 AM

I have looked around and it seems the encryptionKey is not passed... ??? very weird if its well set on the main.php config file, but lets try one LAST try, if that doesnt happen, then I wont be able to help you :)

Lets be more agressive, and include the encryptionKey right before the securityManager encrypts/decrypts
// so, on your beforeSave / afterFind do the following: 

Yii::app()->securityManager->setEncryptionKey('mysecretkeyhere');

// now lets encrypt or decrypt...


Obviously, this is jus to test if is something wrong with securitymanager or your settings... as this approach is.. ehem... no good :)

Cheers
¿How long would it take for you to understand that you own nothing in this world?

www.ramirezcobos.com
www.2amigos.us
www.github.com/tonydspaniard
www.github.com/2amigos


Posted Image
0

#65 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 07 December 2011 - 12:03 PM

HI Antonio,

Thank you again for looking at this.

I put that code right where you said and here is the output:

mcrypt_generic_init() [<a href='function.mcrypt-generic-init'>function.mcrypt-generic-init</a>]: Iv size incorrect; supplied length: 2, needed: 16
0

#66 User is offline   Antonio Ramirez 

  • Elite Member
  • Yii
  • Group: Yii Dev Team
  • Posts: 1,448
  • Joined: 04-October 10

Posted 07 December 2011 - 12:24 PM

Everywhere I look around, it tells me that your encryption key length is incorrect... $IV is created on CSecurityManager depending on the requirements of the module... ????

I do not really understand what is happening... Do you have that data already in the database or is encrypted/decrypted by CSecurityManager from scratch?
¿How long would it take for you to understand that you own nothing in this world?

www.ramirezcobos.com
www.2amigos.us
www.github.com/tonydspaniard
www.github.com/2amigos


Posted Image
0

#67 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 07 December 2011 - 12:28 PM

It is data already in a database ... it was encrytped using AES_ENCRYPT on the insert to MySQL.
0

#68 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 07 December 2011 - 12:32 PM

When I run this command directly from the database it works:

SELECT clientFirstName, AES_DECRYPT( clientSocialSecurity, 'C3yZ)pO|RgP|IaBuCT' ) AS socsec
FROM clients

0

#69 User is offline   Antonio Ramirez 

  • Elite Member
  • Yii
  • Group: Yii Dev Team
  • Posts: 1,448
  • Joined: 04-October 10

Posted 07 December 2011 - 12:41 PM

View Postchristomurr, on 07 December 2011 - 12:32 PM, said:

When I run this command directly from the database it works:

SELECT clientFirstName, AES_DECRYPT( clientSocialSecurity, 'C3yZ)pO|RgP|IaBuCT' ) AS socsec
FROM clients



Give me a couple of minutes... will post a mysql_aes_encrypt / mysql_aes_decrypt compliant behavior :)
¿How long would it take for you to understand that you own nothing in this world?

www.ramirezcobos.com
www.2amigos.us
www.github.com/tonydspaniard
www.github.com/2amigos


Posted Image
0

#70 User is offline   Antonio Ramirez 

  • Elite Member
  • Yii
  • Group: Yii Dev Team
  • Posts: 1,448
  • Joined: 04-October 10

Posted 07 December 2011 - 12:55 PM

Emily DIckison wrote you a perfect solution for your problem. I didn't know the data was already encrypted there!!!

Here the steps
// on your main.php config file
'components'=>array(
                'user'=>array(
                        // enable cookie-based authentication
                        'allowAutoLogin'=>true,
                ),
                'securityManager'=>array(
                        'cryptAlgorithm'=>array(
                        'rijndael-128',
                        '',
                        'ecb',
                        ''
                       ),
                      // the above is not needed, but this is highly important
                      'encryptionKey'=>'mysecretkeygoeshere',
        ),


The behavior, replace the one i sent you with this one

<?php

/**
 * CryptBehavior class
 *
 * Encrypts specific attributes with CSecurityManager
 * 
 * @author Antonio Ramirez <antonio@ramirezcobos.com>
 */
class CryptBehavior extends CActiveRecordBehavior {

	public $attributes = array();
	public $useAESMySql = false;

	/**
	 * Encrypts the value of specified attributes before saving to database
	 * @param CEvent $event
	 * @return parent::beforeSave
	 */
	public function beforeSave($event)
	{

		foreach ($this->getOwner()->getAttributes() as $key => $value)
		{
			if (in_array($key, $this->attributes) && !empty($value))
			{
				if ($this->useAESMySql)
					$this->getOwner()->{$key} = $this->mysqlAESEncrypt($value, Yii::app()->securityManager->getEncryptionKey());
				else
					$this->getOwner()->{$key} = utf8_encode(Yii::app()->securityManager->encrypt($value));
			}
		}
		return parent::beforeSave($event);
	}

	/**
	 * Decripts the values of specified attributes after finding from database
	 * @param CEvent $event
	 * @return parent::afterFind
	 */
	public function afterFind($event)
	{
		foreach ($this->getOwner()->getAttributes() as $key => $value)
		{
			if (in_array($key, $this->attributes) && !empty($value))
			{
				if ($this->useAESMySql)
					$this->getOwner()->{$key} = $this->mysqlAESDecrypt($value, Yii::app()->securityManager->getEncryptionKey());
				else
					$this->getOwner()->{$key} = Yii::app()->securityManager->decrypt(utf8_decode($value));
			}
		}
		return parent::afterFind($event);
	}

	/**
	 * MySQL compliant functions
	 * Thanks Emily!!!
         * ----------------------------------
	 * @param string $val the value to decrypt
	 * @param string $ky the key
	 * @return string the values decrypted 
	 */
	public function mysqlAESDecrypt($val, $ky)
	{
		$key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
		for ($a = 0; $a < strlen($ky); $a++)
			$key[$a % 16] = chr(ord($key[$a % 16]) ^ ord($ky[$a]));
		$mode = MCRYPT_MODE_ECB;
		$enc = MCRYPT_RIJNDAEL_128;
		$dec = @mcrypt_decrypt($enc, $key, $val, $mode, @mcrypt_create_iv(@mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
		return rtrim($dec, (( ord(substr($dec, strlen($dec) - 1, 1)) >= 0 and ord(substr($dec, strlen($dec) - 1, 1)) <= 16) ? chr(ord(substr($dec, strlen($dec) - 1, 1))) : null));
	}
        /**	
        * MySQL compliant functions	
        * Thanks Emily!!!         
        * ----------------------------------	
        * @param string $val the value to encrypt	 
        * @param string $ky the key	 
        * @return string the values encrypted 	 */	
        public function mysqlAESEncrypt($val, $ky)
	{
		$key = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
		for ($a = 0; $a < strlen($ky); $a++)
			$key[$a % 16] = chr(ord($key[$a % 16]) ^ ord($ky[$a]));
		$mode = MCRYPT_MODE_ECB;
		$enc = MCRYPT_RIJNDAEL_128;
		$val = str_pad($val, (16 * (floor(strlen($val) / 16) + (strlen($val) % 16 == 0 ? 2 : 1))), chr(16 - (strlen($val) % 16)));
		return @mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv(mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
	}

}


Now, to use it on your model:

public function behaviors()
{
        return array(
        'crypt'=>array(
                // this assumes that the behavior is in the folder: protected/behaviors/
                'class'=>'application.behaviors.CryptBehavior',
                // this sets that the attributes to be encrypted/decrypted are encryptedfieldname of the model
               'attributes'=>array('clientSocialSecurity'),
               'useAESMySql'=>true
               )
        );
}



Let's see if it works!
¿How long would it take for you to understand that you own nothing in this world?

www.ramirezcobos.com
www.2amigos.us
www.github.com/tonydspaniard
www.github.com/2amigos


Posted Image
0

#71 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 07 December 2011 - 01:04 PM

The social security field is empty :-(
I'll keep checking to see if I've done something wrong ...
0

#72 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 07 December 2011 - 01:14 PM

I see this in some debug output:

securityManager 	array
(
'class' => 'CSecurityManager'
'hashAlgorithm' => 'sha1'
'cryptAlgorithm' => array
(
'0' => 'rijndael-128'
'1' => ''
'2' => 'ecb'
'3' => ''
)
'behaviors' => array()
) 

Which make me wonder in main.php is not being read, because I have the encrypt key in there/.
0

#73 User is offline   Antonio Ramirez 

  • Elite Member
  • Yii
  • Group: Yii Dev Team
  • Posts: 1,448
  • Joined: 04-October 10

Posted 07 December 2011 - 01:19 PM

View Postchristomurr, on 07 December 2011 - 01:14 PM, said:

I see this in some debug output:

securityManager 	array
(
'class' => 'CSecurityManager'
'hashAlgorithm' => 'sha1'
'cryptAlgorithm' => array
(
'0' => 'rijndael-128'
'1' => ''
'2' => 'ecb'
'3' => ''
)
'behaviors' => array()
) 

Which make me wonder in main.php is not being read, because I have the encrypt key in there/.


Chris, your main.php file is the config file of the whole application Yii... not reading that file is not even running the first page of your Yii powered application... so, what is that behaviors variable in your main?¿ I am truly sorry, but it seems that you are not setting your main.php config file properly...

That file is in protected/config

Double check the steps i sent you... i cannot be more clear than that... if that fails, i apologize as i am not useful for you

Good luck
¿How long would it take for you to understand that you own nothing in this world?

www.ramirezcobos.com
www.2amigos.us
www.github.com/tonydspaniard
www.github.com/2amigos


Posted Image
0

#74 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 07 December 2011 - 01:25 PM

No, you've been wonderfully helpful. I think that output is coming directly from the secutirymanager ...
I believe my main.php is set right.
0

#75 User is offline   Antonio Ramirez 

  • Elite Member
  • Yii
  • Group: Yii Dev Team
  • Posts: 1,448
  • Joined: 04-October 10

Posted 07 December 2011 - 02:35 PM

Is you main.php like this?

'securityManager'=>array(
                        'cryptAlgorithm'=>array(
                        'rijndael-128',
                        '',
                        'ecb',
                        ''
                       ),
                      // the above is not needed, but this is highly important
                      'encryptionKey'=>'C3yZ)pO|RgP|IaBuCT',

¿How long would it take for you to understand that you own nothing in this world?

www.ramirezcobos.com
www.2amigos.us
www.github.com/tonydspaniard
www.github.com/2amigos


Posted Image
0

#76 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 07 December 2011 - 02:39 PM

Yes.
0

#77 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 07 December 2011 - 02:44 PM

When I echo '$dec' from the CryptBehavior.php I get this:

uEڼ�KeM|����u�1z�Œ�Lr��TD&l�Q

which is not the decrypted value. So, I'm looking into what else in there might be the issue.
0

#78 User is offline   Antonio Ramirez 

  • Elite Member
  • Yii
  • Group: Yii Dev Team
  • Posts: 1,448
  • Joined: 04-October 10

Posted 07 December 2011 - 06:37 PM

Hi christomurr,

This is going to be my last post on this threat :)

I was curious so I setup a full test on my end and, I am truly sorry to say... Everything went fantastic. This is what I did:

1- I created a new field in one of my tables name it test_field and made it VARBINARY type

2- I runned the following script against my table, as I wanted to decrypt already encrypted data in my database
UPDATE tbl_country SET test_field=AES_ENCRYPT('testing AES encryption','C3yZ)pO|RgP|IaBuCT')  WHERE id=241


3- Then I setup on my configuration file main.php the SecurityManager to have the encryptionKey as the one above. Exactly as specified previously to you...

4- Setup the behaviors of MY MODEL to work with attributes to be 'test_field' and 'useAESMySql'=>true, as specified to you

5- Tested with the following code, and guess what?
$country = Country::model()->findByPk(241);

echo $country->test_field;


It works like a charm...

So, please, follow the instructions above very carefully, they are the correct ones and the behavior works perfect.

Cheers and good luck!
¿How long would it take for you to understand that you own nothing in this world?

www.ramirezcobos.com
www.2amigos.us
www.github.com/tonydspaniard
www.github.com/2amigos


Posted Image
0

#79 User is offline   christomurr 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 40
  • Joined: 03-December 11
  • Location:Boston, MA

Posted 08 December 2011 - 03:55 PM

Antonio,

I can't thank you enough for all your help and patience. Truly, I'm amazed that you stuck with me through all of that.

I finally set aside my install and began an entire new clean one. I stepped through your instructions and, voila, it works like a charm. Very nice solution. Thank you again for helping me.

Can I ask one last question? How would I structure the behavior in my model to accommodate multiple fields to be encrypted/decrytped?

Now, off to read some documentation on Yii ;-) I'd like to return the favor and help others here.

Regards,
Christopher
0

#80 User is offline   paystey 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 46
  • Joined: 12-October 11

Posted 08 December 2011 - 05:35 PM

Just a quick answer in case it's as simple as I think it is at a glance.

Add whichever field it is to the attributes array where the behaviour is set on the model (in the model file):


public function behaviors()
{
        return array(
        'crypt'=>array(
                // this assumes that the behavior is in the folder: protected/behaviors/
                'class'=>'application.behaviors.CryptBehavior',
                // this sets that the attributes to be encrypted/decrypted are encryptedfieldname of the model
       		'attributes'=>array('clientSocialSecurity', 'Some', 'More', 'Attribute', 'Names'),
       		'useAESMySql'=>true
       		)
        );
}

( 'attributes'=>array('clientSocialSecurity', 'Some', 'More', 'Attribute', 'Names'),)
If that doesn't work maybe wait for antonio or I can take a harder look in the morning :)
0

Share this topic:


  • (5 Pages)
  • +
  • « First
  • 2
  • 3
  • 4
  • 5
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users