This has been driving me mad for some time until I discovered this undocumented behavior, which I think may be a bug - if you don’t explicitly include the decryption key in the decrypt() method call, it doesn’t work for longer strings.
The setup:
config/main.php
'components'=>array(
...
// hashing/encryption settings
'securityManager'=>array(
'cryptAlgorithm' => 'blowfish', // or whatever
'encryptionKey' => '1234567890123456789012345678901234567890123456789012345678901234', // or whatever
),
The test code:
$eKey = Yii::app()->getSecurityManager()->getEncryptionKey();
echo 'eKey = '.$eKey.'<br />';
echo '<br />';
$shortStr = 'short';
echo '1a. shortStr = '.$shortStr.' --- Len = '.strlen($shortStr).'<br />';
$eShortStr = Yii::app()->getSecurityManager()->encrypt($shortStr);
echo '1b. eShortStr = '.$eShortStr.' --- Len = '.strlen($eShortStr).'<br />';
echo '1c. Decrypted eShortStr = '.Yii::app()->getSecurityManager()->decrypt($eShortStr).'<br />';
echo '<br />';
$medStr = 'x_My_name_is_Bond_James_Bond_x';
echo '2a. medStr = '.$medStr.' --- Len = '.strlen($medStr).'<br />';
$eMedStr = Yii::app()->getSecurityManager()->encrypt($medStr);
echo '2b. eMedStr = '.$eMedStr.' --- Len = '.strlen($eMedStr).'<br />';
echo '2c. Decrypted = '.Yii::app()->getSecurityManager()->decrypt($eMedStr).'<br />';
echo '<br />';
$longStr = 'The quick brown fox jumped over the lazy dogs tail - ABCDEFGHIJKLMNOPQRSTUVWXYZ - 0123456789';
echo '3a. longStr = '.$longStr.' --- Len = '.strlen($longStr).'<br />';
$eLongStr = Yii::app()->getSecurityManager()->encrypt($longStr);
echo '3b. eLongStr = '.$eLongStr.' --- Len = '.strlen($eLongStr).'<br />';
echo '3c. Decrypted = '.Yii::app()->getSecurityManager()->decrypt($eLongStr).'<br />';
echo '<br />';
$xStr = 'The quick brown fox jumped over the lazy dogs tail - ABCDEFGHIJKLMNOPQRSTUVWXYZ - 0123456789 - 9876543210 - ZYXWVUTSRQPONMLKJIHGFEDCBA - liat sgod yzal eht revo depmuj xof nworb kciuq ehT';
echo '4a. xStr = '.$xStr.' --- Len = '.strlen($xStr).'<br />';
$eXStr = Yii::app()->getSecurityManager()->encrypt($xStr);
echo '4b. eXStr = '.$eXStr.' --- Len = '.strlen($eXStr).'<br /><br /><br />';
echo '4c. Decrypted = '.Yii::app()->getSecurityManager()->decrypt($eXStr).'<br />';
echo '<br />';
The above test code will not decrypt correctly for lines 2c., 3c. and 4c. even though the documentation says that if decrypt()'s $key parameter is ommited but is defined in config/main.php then it will use it. What I found is that one must explicitly call decrypt() as follows:
echo '2c. Decrypted = '.Yii::app()->getSecurityManager()->decrypt($eMedStr, $eKey).'<br />';
echo '3c. Decrypted = '.Yii::app()->getSecurityManager()->decrypt($eLongStr, $eKey).'<br />';
echo '4c. Decrypted = '.Yii::app()->getSecurityManager()->decrypt($eXStr, $eKey).'<br />';
The short string at 1c. decrypted fine but I didn’t fully test it, and suspect there may be a length limit to it. When I didn’t explicitly add the $key parameter I always got this error:
PHP warning
mcrypt_generic_init(): Iv size incorrect; supplied length: 1, needed: 8
Am I missing something or is this a real bug? Please let me know.
EDIT - I forgot to add: CentOS 6.2 x86_64, PHP 5.5 Remi version.
Thanks,