decrypt(encrypt('foo')) != 'foo' [#2275827]

I'm new to encrypt.module. I can't seem to decrypt anything I encrypt.

Here's a snippet of code I'm using to test:

    $cipher = encrypt('foo');
    $plain = decrypt($cipher);
    if ('foo' != $plain) {
      dpm("It's broke.", __FUNCTION__);
    }

In the above test, $cipher is a:3:{s:4:"text";s:31:"K\324\370%\273tS\361/m\352\265;\241y"\367FRLe^U>\322c\235Јs("";s:6:"method";s:14:"mcrypt_rij_256";s:8:"key_name";s:15:"secure_file_key";}

While $plain is \257\341\376\354\374C^G졟\205\237_M7˹\357^R\270\373\213\247\317\367 ^@\271\264Y\201^Q

Can anyone tell me what I'm doing wrong?

Comments

Comment #1

Dave Cohen CreditAttribution: Dave Cohen commented 28 May 2014 at 18:28

In attempting to troubleshoot this, I've noticed a possible problem with _encrypt_decrypt().

Here's a snippet of code from that function:

  // Get Key 
  $key_array = encrypt_get_key($key_name);
  $key = $key_array['key'];
  $key_name = $key_array['name'];
  
  // Failsafe, if no key found, then use 'none' method                        
  if (empty($key) || $key_array == FALSE) {
    $method = 'none';
  }

  // Call callback function for encryption and decryption.
  $processed = call_user_func($methods[$method]['callback'], $op, $text, $options);

The thing to notice is that the function gets the $key, then never passes it to the callback. The callback falls back to using drupal_private_key. But _encrypt_decrypt() stores a different $key_name.

Am I correct that the 7.x-1.x branch is wildly broken? Which branch or tag is recommended?

Comment #2

greggles

he/him

English

Denver, Colorado, USA

CreditAttribution: greggles commented 28 May 2014 at 19:38

7.x.2-x is recommended. There are a few issues that need to be fixed before I'd make it the actual recommended on the project page, though maybe that's foolish of me.

I don't have time to work on them myself as we don't currently use this module but I'd be happy to review patches (especially with tests). This is a case where I think tests should be mandatory given the importance of the code to any sites using it.

Comment #3

Dave Cohen CreditAttribution: Dave Cohen commented 29 May 2014 at 22:34

After that second comment, I tried aes.module and so far it's working.

I didn't try encrypt 2.x because the project page seems to warn people away from it. But I'll let you know if I do give it a try.

Comment #4

greggles

he/him

English

Denver, Colorado, USA

CreditAttribution: greggles commented 29 May 2014 at 22:39

Which parts of the page feel like they warn you away from it? I tried to make it encourage folks to use the 2.x branch ;)

I haven't looked at aes.module in a while, but it felt lacking last time I did. One big thing it lacks is automated tests. It also will always store password history for users on the site which seems like a related but frequently undesirable feature.

Comment #5

Dave Cohen CreditAttribution: Dave Cohen commented 30 May 2014 at 16:46

The 7.x-2.x branch is stabilizing, but still in flux, and should only be used in production environments if you are closely following. Upgrade paths between alpha and beta releases on this branch are not guaranteed.

That's what scared me off. Although now that I read it closely, it's already in beta. So, are upgrade paths guaranteed?

I'm currently trying just to use aes_encrypt() and aes_decrypt(). I left the settings related to user passwords off. If it's still doing something silly with passwords, I'll avoid it.