How Does Csecuritymanager Work

Yii 1.1 General Discussion
1

Hi all,

I can’t get CSecuritymanager to work to encrypt a simple string (meaning the encrypted strings are improbably short, I get different results for the same string/key combinations and attempts to decrypt the string result in an “mcrypt iv size incorrect” error). There seems to be no documentation apart from the class reference and some threads in this forum (both of which didn’t help me).

Basically I’m doing this:

encrypt:


Yii::app()->getSecurityManager()->setEncryptionKey('somekey');

$model->prop = Yii::app()->getSecurityManager()->encrypt('astring');

$model->save();

decrypt:


Yii::app()->getSecurityManager()->setEncryptionKey('somekey');

$model = SomeModel::model()->find($pk);

echo Yii::app()->getSecurityManager()->decrypt($model->prop);

which I found in a forum post and which doesn’t work for me (showing the symptoms mentioned above).

Do I need configuration settings in main.php or are default values (and what are they) ? What format/length is expected for ‘somekey’ (probably depends on the chosen encryption algorithm ?). Do I need any special PHP settings (mcrypt is obviously installed). Etc…

Thank you for your time,

Eike

2

did you read: http://www.yiiframework.com/doc/api/1.1/CSecurityManager?

do you have PHP MCrypt binary extension loaded?

3

Both. I said so in my original post (to the left of the part where it says “it didn’t help”). Besides CSecuritymanager would throw an exception if mcrypt wasn’t loaded.

Since native php mcrypt functions work just fine I assume that I have some kind of configuration error. In the end I wrote a pretty basic extension for encrypting/decrypting strings. I still would prefer to use the functions offered by the framework so if anybody could help I’d be grateful.

Thank you for your time,

Eike

4

so if have got working examples of mcrypt maybe you cold compare them with implementation of encrypt/decrypt of securitymanager?




	public function encrypt($data,$key=null)

	{

		$module=$this->openCryptModule();

		$key=$this->substr($key===null ? md5($this->getEncryptionKey()) : $key,0,mcrypt_enc_get_key_size($module));

		srand();

		$iv=mcrypt_create_iv(mcrypt_enc_get_iv_size($module), MCRYPT_RAND);

		mcrypt_generic_init($module,$key,$iv);

		$encrypted=$iv.mcrypt_generic($module,$data);

		mcrypt_generic_deinit($module);

		mcrypt_module_close($module);

		return $encrypted;

	}


	/**

	 * Decrypts data

	 * @param string $data data to be decrypted.

	 * @param string $key the decryption key. This defaults to null, meaning using {@link getEncryptionKey EncryptionKey}.

	 * @return string the decrypted data

	 * @throws CException if PHP Mcrypt extension is not loaded

	 */

	public function decrypt($data,$key=null)

	{

		$module=$this->openCryptModule();

		$key=$this->substr($key===null ? md5($this->getEncryptionKey()) : $key,0,mcrypt_enc_get_key_size($module));

		$ivSize=mcrypt_enc_get_iv_size($module);

		$iv=$this->substr($data,0,$ivSize);

		mcrypt_generic_init($module,$key,$iv);

		$decrypted=mdecrypt_generic($module,$this->substr($data,$ivSize,$this->strlen($data)));

		mcrypt_generic_deinit($module);

		mcrypt_module_close($module);

		return rtrim($decrypted,"\0");

	}

they are pretty simple so it should not be a problem. You could even add some debug traces in those functions to see variable values just for debugging