Page 1 of 1

Getting Started With Mcrypt Rate Topic: -----

#1 skyhawk133  Icon User is offline

  • Head DIC Head
  • member icon

Reputation: 1876
  • View blog
  • Posts: 20,284
  • Joined: 17-March 01

Posted 03 December 2004 - 03:45 PM

Mcrypt is a wonderful set of library functions for encrypting, decrypting, and hashing data. For Debian users, getting Mcrypt is apparently as easy as:

apt-get install php4-mcrypt
apacectl restart


[Note: I haven't tried this; I'm one of "the rest of us"]
For the rest of us, the process is a little more involved. I recommend building mcrypt as a dynamically loadable extension into PHP. It makes PHP more maintainable and upgradeable, since you don't have to keep recompiling.

First, install libmcrypt. As root:

# wget -c 'http://easynews.dl.sourceforge.net/sourceforge/mcrypt/libmcrypt-2.5.7.tar.gz' (OR WHATEVER THE LATEST VERSION ON YOUR NEAREST MIRROR)
# gunzip libmcrypt-2.5.7.tar.gz
# tar -xvf libmcrypt-2.5.7.tar
# cd libmcrypt-2.5.7
# ./configure --disable-posix-threads


then edit the Makefile:

CFLAGS = -g -O2 --disable-posix-threads


then continue:

# make clean
# make
# make install



Next, compile the mcrypt dynamic module. From PHP source tree of the current version of PHP running on your server:

# cd ext/mcrypt
# phpize
# aclocal
# ./configure
# make clean
# make
# make install


You should now have mcrypt.so in /usr/lib/php4

Add the line:

extension=mcrypt.so


to /etc/php.ini

and issue

# apachectl restart



Next - test it out.

I found this nested loop very useful for checking the sanity of my libmcrypt install. It turned out many of the modules weren't working in certain modes. This will tell you just what your mcrypt is capable of:

/* run a self-test through every listed cipher and mode 
*/
function mcrypt_check_sanity() {
$modes = mcrypt_list_modes();
$algorithms = mcrypt_list_algorithms();

foreach ($algorithms as $cipher) {
       if(mcrypt_module_self_test($cipher)) {
               print $cipher." ok.
\n";
       } else {
               print $cipher." not ok.
\n";
       }
       foreach ($modes as $mode) {
               if(mcrypt_test_module_mode($cipher,$mode)) {
                       $result = "ok";
               } else {
                       $result = "not ok";
               }
               print $cipher." in mode ".$mode." ".$result."
\n";
               mcrypt_module_close($td);
       }
 }
}

// a variant on the example posted in mdecrypt_generic
// that works on versions of libmcrypt
// without mcrypt_generic_deinit() defined
function mcrypt_test_module_mode($module,$mode) {
 /* Data */
 $key = 'this is a very long key, even too long for the cipher';
 $plain_text = 'very important data';

 /* Open module, and create IV */
 $td = mcrypt_module_open($module, '',$mode, '');
 $key = substr($key, 0, mcrypt_enc_get_key_size($td));
 $iv_size = mcrypt_enc_get_iv_size($td);
 $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

 /* Initialize encryption handle */
if (mcrypt_generic_init($td, $key, $iv) != -1) {

 /* Encrypt data */
 $c_t = mcrypt_generic($td, $plain_text);
 mcrypt_generic_end($td);
 mcrypt_module_close($td);

 /* Reinitialize buffers for decryption */
 /* Open module, and create IV */
 $td = mcrypt_module_open($module, '', $mode, '');
 $key = substr($key, 0, mcrypt_enc_get_key_size($td));
 $iv_size = mcrypt_enc_get_iv_size($td);
 $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);

 mcrypt_generic_init($td, $key, $iv);
 $p_t = mdecrypt_generic($td, $c_t);

 /* Clean up */
 mcrypt_generic_end($td);
 mcrypt_module_close($td);
 }

if (strncmp($p_t, $plain_text, strlen($plain_text)) == 0) {
       return TRUE;
} else {
       return FALSE;
}
}

// remember to call:
// mcrypt_check_sanity();
?>



Obviously, there is lots more to be learned at:

http://www.php.net/m.../ref.mcrypt.php

but hopefully this will give you the incentive you've been looking for to start playing with 2-way cryptography. One excellent use I have discovered is encrypting and then decrypting cookies, which almost totally guarantees the cookie has not been tampered with.

Enjoy!

Robert Peake used to teach programming languages at Berkeley before he got his degree in poetry. These days he is a freelance web designer, programmer, and web technology consultant. Robert can be reached via email: robert@peakepro.com

Is This A Good Question/Topic? 0
  • +

Page 1 of 1