AES Encryption AES Encryption Porting from PHP to Yii
#21
Posted 05 December 2011 - 04:31 PM
#22
Posted 05 December 2011 - 04:35 PM
Da:Sourcerer, on 05 December 2011 - 04:31 PM, said:
Nice! Would you be willing to post a complete solution - including code for the Behavior and the controller?
Em
#23
Posted 05 December 2011 - 04:43 PM
I'm very curious about what you're suggesting. Do you have an example I could see? I've spent so much time on this I've fallen very far behind.
Thanks again to all of you for helping me with this. I look forward to posting an elegant, working solution.
Christopher
#24
Posted 05 December 2011 - 04:56 PM
class EncryptionBehavior extends CActiveRecordBehavior { public $cryptAttribute; public $key; public function beforeSave($event) { if($this->cryptAttribute !== null) $this->owner->{$this->cryptAttribute} = Yii::app()->securityManager->encrypt($this->owner->{$this->cryptAttribute}, $this->key); } public function afterFind($event) { if($this->cryptAttribute !== null) $this->owner->{$this->cryptAttribute} = Yii::app()->securityManager->decrypt($this->owner->{$this->cryptAttribute}, $this->key); } }
There is no need to touch the controller for this behaviour. Just enable it in the model's behaviors() method:
class MyModel extends CActiveRecord { ... public function behaviors() { return array( 'EncryptionBehavior'=>array( 'class'=>'EncryptionBehavior', 'key'=>Yii::app()->params['secretKey'], 'cryptAttribute'=>'myAttribute', ), ); } }
I just typed this freehand, so be cautious with this. Give me an hour or so until my dev machine is ready to go again

#25
Posted 05 December 2011 - 07:40 PM
#26
Posted 05 December 2011 - 07:48 PM
#27
Posted 05 December 2011 - 08:19 PM
mcrypt_module_open() [<a href='function.mcrypt-module-open'>function.mcrypt-module-open</a>]: Could not open encryption module
CSecurityManager requires PHP mcrypt extension to be loaded in order to use data encryption feature.
So perhaps I need to step back and tweak the server?
Thanks again .. this is getting exciting ;-)
#28
Posted 05 December 2011 - 08:22 PM
I know I entered the database in my table using PHP AES_ENCRYPT in my old application. But when I tried one of the earlier suggestions here I was able to get the decrypted value (echo $data->enabled).
But I much prefer your method and want to get this to work.
#29
Posted 05 December 2011 - 08:26 PM
#30
Posted 05 December 2011 - 08:37 PM
# php -r "print_r(mcrypt_list_algorithms());" Array ( [0] => cast-128 [1] => gost [2] => rijndael-128 [3] => twofish [4] => arcfour [5] => cast-256 [6] => loki97 [7] => rijndael-192 [8] => saferplus [9] => wake [10] => blowfish-compat [11] => des [12] => rijndael-256 [13] => serpent [14] => xtea [15] => blowfish [16] => enigma [17] => rc2 [18] => tripledes )
That is from a 64bit CentOS 6.0 with a suhosin-hardened PHP v5.3.8
The default algorithm for CSecurityManager is des. I really think rijndael-128 is the one to go for in your case. You might have to set it into ECB or CBC-mode, though.
#31
Posted 05 December 2011 - 09:02 PM
I have this in a file called EncryptionBehaviors.php in my components directory:
{
public $cryptAttribute;
public $key;
public function beforeSave($event)
{
if($this->cryptAttribute !== null)
$this->owner->{$this->cryptAttribute} = Yii::app()->securityManager->encrypt($this->owner->{$this->cryptAttribute}, $this->key);
}
public function afterFind($event)
{
if($this->cryptAttribute !== null)
$this->owner->{$this->cryptAttribute} = Yii::app()->securityManager->decrypt($this->owner->{$this->cryptAttribute}, $this->key);
}
}
I then have this is my model, just after the 'relations' array:
public function behaviors() {
return array(
'EncryptionBehavior'=>array(
'class'=>'EncryptionBehavior',
'key'=>Yii::app()->params['secretKey'],
'cryptAttribute'=>'clientSocialSecurity',
),
);
}
And I have this in my config/main.php
'params'=>array(
// this is used in contact page
'adminEmail'=>'webmaster@example.com',
'secretKey'=>'myKeyGoesHere',
),
I can see that things are being called and I am getting no errors. But the field in my view that holds the encrypted value displays nothing. All the other fields that are encrypted (and are not part of this routine) display the encrypted value.
Thank you again for your time.
#32
Posted 05 December 2011 - 09:08 PM
'securityManager'=>array( 'cryptAlgorithm'=>array( 'rijndael-128', '', 'cbc', '' ), ),
#34
Posted 05 December 2011 - 09:11 PM
#35
Posted 05 December 2011 - 09:17 PM
I cant tell you how much I appreciate you sticking with me and getting me this far ...
#36
Posted 05 December 2011 - 11:44 PM
#37
Posted 06 December 2011 - 06:12 AM
public $cryptAlgorithm='rijndael-128';
(although I also tried adding -ebc and -cbc to this)
And I have this set in my config/main.php:
'components'=>array(
'user'=>array(
// enable cookie-based authentication
'allowAutoLogin'=>true,
),
'securityManager'=>array(
'cryptAlgorithm'=>array(
'rijndael-128',
'',
'ecb',
''
),
),
I have this in my model, but now I'm wondering if it belongs something else or in a different position within the model:
public function behaviors() {
return array(
'EncryptionBehavior'=>array(
'class'=>'EncryptionBehavior',
'key'=>Yii::app()->params['secretKey'],
'cryptAttribute'=>'clientSocialSecurity',
),
);
}
I have nothing in the view other than the gii-generated form.
I'm still missing something or putting something in the wrong place.
#38
Posted 06 December 2011 - 09:36 AM
#39
Posted 06 December 2011 - 12:29 PM

This post has been edited by ekerazha: 06 December 2011 - 12:30 PM
#40
Posted 06 December 2011 - 01:31 PM
# php -r "echo bin2hex(openssl_encrypt('abc', 'aes-128-ecb', 'def', true));" 481669422b4fe6acb546d80fb22ad0c4 # echo "SELECT HEX(AES_ENCRYPT('abc', 'def'));" | mysql HEX(AES_ENCRYPT('abc', 'def')) 481669422B4FE6ACB546D80FB22AD0C4