i want to encode a string with aes using a php action in rules, but it doesnt seem to work...any ideas? works with a php field on a node....no errors, but not dice

Comments

funkeyrandy’s picture

funkeyrandy CreditAttribution: funkeyrandy as a volunteer commented
Status: Active » Closed (fixed)

nevermind syntax error on custom hook :)

dpovshed’s picture

dpovshed CreditAttribution: dpovshed commented
Priority: Major » Normal

No problem @funkeyrandy, this is my favorite kind of support request when it solved immediately by topicstarter :)

Just one thing for your information and future use oon drupal.org - Support Request are never have priority more than 'Normal'

Good luck with your module!

funkeyrandy’s picture

funkeyrandy CreditAttribution: funkeyrandy as a volunteer commented

duly noted :)

question: have you ever thought about exposing the iv like the key? in my use case (and i can imagine others) , im creating a product key for use with a standalone app...since it needs to be decoded on that side, they need the iv's synced. just a thought

dpovshed’s picture

dpovshed CreditAttribution: dpovshed commented

@funkeyrandy, thanks for your input and sorry for the delay!

Your though about exposing an IV makes a lot of sense, I have the ame feeling.

I am not too deep into security algorithms, but as far as I see here:

"Traditional stream ciphers such as RC4 do not support an explicit IV as input, and a custom solution for incorporating an IV into the cipher's key or internal state is needed."

it means that to decode data somewhere IV should be passed as well.

For now I think for your purposes you might be satisfied with just peeking IV from variable with code like

$iv = base64_decode(variable_get("aes_encryption_iv", ""));

What do you think?

funkeyrandy’s picture

funkeyrandy CreditAttribution: funkeyrandy as a volunteer commented

yep...in my case, grabbing the iv has worked, but the use case was that it needed to be prepended to the rest of the string. Also, client wanted to provide their iv. Ive got a workaround altering the string generation in the module, but as we can see, a backend field would probably do the trick...just like the key...if left blank, the normal generated iv gets used.

thanks!

dpovshed’s picture

dpovshed CreditAttribution: dpovshed commented

Thank you for detailed description of your case!

I have just created #2553129: Expose IV in settings among with key, welcome to follow it and participate!