v5 crypt

[davidcorreia]

Migrating from php7.3 with phalcon4 to phalcon5 with php8.1

got some problems with the crypt

from php7.3 with phalcon 4

app/services.php

use Phalcon\Crypt;
$di->setShared('crypt', function () {
    $crypt = new Crypt();
    // Set a global encryption key
    //$crypt->setKey('mySuperLongAndSecretKey');
    $crypt->setKey('123456');

    return $crypt;
});



echo  $this->crypt->encryptBase64('test');
//JqSabaK7jzLjX3xeGyYpf1z7pC0=

`

from php8.1 with phalcon5

use Phalcon\Encryption\Crypt;
$di->setShared('crypt', function () {
    $crypt = new Crypt();
    // Set a global encryption key
    #$crypt->setKey('mySuperLongAndSecretKey');
    $crypt->setKey('123456');

    return $crypt;
});


echo $this->crypt->decryptBase64('JqSabaK7jzLjX3xeGyYpf1z7pC0=');

origins \Exception: Hash does not match. from: phalcon/Encryption/Crypt.zep at line: 224

also encryptBase64('test') in php8.1 phalcon5 returns a bigger string something like this m/94hAkh/PJsiE5opDAHv50rsRbh35l//opROfwdGH+XbBlXmhOEFKESvC45Ag66apJJqA==

The problem might be in the key... how ever changing the key will need a migrate process.

what do you advise?

[niden]

I don't experience what you do with the same code. I wrote a test as follows:

$key    = substr(md5(uniqid()), 0, 16); // 16 characters long
$source = 'BvQrk+D^b&saR/L#mQig+8V9v^W&S/&moY7';

$crypt = new Crypt();
$crypt->setKey($key);

$encrypted = $crypt->encryptBase64($source);

// This one I got it by echoing the `$encrypted` above using php 7.4       
$expected = 'wwj9F2tFQPF81WXtEEZxymsv+QxnqCJc7yc1nUz8YB+vpj/b5BoTWQmazy2FxWAroiJJfA==';
$actual   = $encrypted;
$I->assertSame($expected, $actual);

$expected = $source;
$actual   = $crypt->decryptBase64($encrypted);
$I->assertSame($expected, $actual);

This test passes on all versions. If there was a discrepancy in the PHP versions, the latter part of the test would fail.

I am not sure why you get a much smaller encrypted string according to your code

[davidcorreia]

what if the key is not 16 chars?

the sample was with '123456' and the original has 128 chars. can it be the reason?

EDIT:
i got no errors when encrypt & decrypt on the same version (php & phalcon)

only when using the encrypt values stored in the bd from php7.3 & phalcon4

[niden]

Actually, that did not work. I got a different encryption value every time I run the tests. It should be like that really. Encrypting a value should not return the same encrypted string to avoid exploits.

The example I gave above was wrong (I corrected the code - wrong variable assignment).

Still, old hashes should work, so long as you kept the algorithm the same.

Honestly I do not know why your encrypted value is so short.

[davidcorreia]

yes i confirm that the base64 is always diferent, it makes sense since the RSA (inside base64) keeps changing for security issues

[niden]

I think you need to rehash all the stored values (if possible). If those are passwords or something like that you can reset all of them. I am not sure what else to suggest. The changes to Crypt from v4 to v5 are substantial but are only structural i.e. refactoring of the component and in particular the padding schemes. The core encryption/decryption mechanism has not changed.

[davidcorreia]

that might be the "easiest" way but theres some sensitive information (i guess thats the point on being encripted :p)

[davidcorreia]

i think i will go with the rehash.

thank you for the fastest reply ever! Phalcon style :)