CSecurityManager not decrypting correctly


I’m not getting the results I expect from CSecurityManager. I’m using it like this…


$user = User::model()->find(1);

$user->test = Yii::app()->getSecurityManager()->encrypt('astring');


now when I retrieve the results I use this…


$user = User::model()->find(1);

echo Yii::app()->getSecurityManager()->decrypt($user->test);

What i get back is gibberish i.e. encrypted text that does not match ‘astring’. The column ‘test’ in my MySQL db is of BLOB datatype.

What’s happening here that I’m not getting?

Hmn, looks like there goes something wrong between saving and loading the encrypted data.

Did you check if the encrypted string before saving is still similar with the string after loading?

Well, I was playing about with this in work today and couldn’t replicate the fault. So, I just checked my model and I had a beforeSave changing the variable to base64_encode hence it not working as expected! silly me.

Now that is sorted, is there a way to change cipher/mode etc? what is the default cipher/mode for this class?

Take a look at yii/framework/base/CSecurityManager.php

I believe that it is 3DES and CBC mode. I have changed mine to RIJNDAEL_256 with ECB mode, so I don’t recall the original settings.

comment the if your table is not utf8, comment the line from your config that sets charset to utf8. also make sure the field length in your table is large enough to store the encrypted value.

I remember experiencing the same problem a while back.