Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I'm new to encrypt.module. I can't seem to decrypt anything I encrypt.
Here's a snippet of code I'm using to test:
$cipher = encrypt('foo');
$plain = decrypt($cipher);
if ('foo' != $plain) {
dpm("It's broke.", __FUNCTION__);
}
In the above test, $cipher is a:3:{s:4:"text";s:31:"K\324\370%\273tS\361/m\352\265;\241y"\367FRLe^U>\322c\235Јs("";s:6:"method";s:14:"mcrypt_rij_256";s:8:"key_name";s:15:"secure_file_key";}
While $plain is \257\341\376\354\374C^G졟\205\237_M7˹\357^R\270\373\213\247\317\367 ^@\271\264Y\201^Q
Can anyone tell me what I'm doing wrong?
Comments
Comment #1
Dave Cohen CreditAttribution: Dave Cohen commentedIn attempting to troubleshoot this, I've noticed a possible problem with _encrypt_decrypt().
Here's a snippet of code from that function:
The thing to notice is that the function gets the $key, then never passes it to the callback. The callback falls back to using drupal_private_key. But _encrypt_decrypt() stores a different $key_name.
Am I correct that the 7.x-1.x branch is wildly broken? Which branch or tag is recommended?
Comment #2
greggles7.x.2-x is recommended. There are a few issues that need to be fixed before I'd make it the actual recommended on the project page, though maybe that's foolish of me.
I don't have time to work on them myself as we don't currently use this module but I'd be happy to review patches (especially with tests). This is a case where I think tests should be mandatory given the importance of the code to any sites using it.
Comment #3
Dave Cohen CreditAttribution: Dave Cohen commentedAfter that second comment, I tried aes.module and so far it's working.
I didn't try encrypt 2.x because the project page seems to warn people away from it. But I'll let you know if I do give it a try.
Comment #4
gregglesWhich parts of the page feel like they warn you away from it? I tried to make it encourage folks to use the 2.x branch ;)
I haven't looked at aes.module in a while, but it felt lacking last time I did. One big thing it lacks is automated tests. It also will always store password history for users on the site which seems like a related but frequently undesirable feature.
Comment #5
Dave Cohen CreditAttribution: Dave Cohen commentedThat's what scared me off. Although now that I read it closely, it's already in beta. So, are upgrade paths guaranteed?
I'm currently trying just to use aes_encrypt() and aes_decrypt(). I left the settings related to user passwords off. If it's still doing something silly with passwords, I'll avoid it.
Comment #6
Dave ReidI believe this is a duplicate of #1927572: Key file is never used
Comment #7
Dave Reid