Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi - thanks for this module - by far the easiest thing I've seen to work with for Drupal.
Was wondering though - is it normal to need to wrap decrypted output in trim()? Without doing this my decrypted output contains special characters in addition to the original string. No big deal, just wondering if I'm missing something...
Comments
Comment #1
easyfit CreditAttribution: easyfit commentedHey and thanks for the kind words! :)
Yes it is normal to have to trim the output, I'll try to explain why. I'm definitely no encryption expert, but if I've understood it correctly it's because the strings being encrypted will be padded to a certain length when you encrypt them so then when you decrypt them you will get that padding as "noise" on the end of the string.
I could probably add a call to trim() in aes_decrypt() to avoid confusing people with this, but I didn't since I was afraid that there might be a scenario where someone would like to encrypt a string containing the same character which is used for padding, which would then decrypt incorrectly. That's probably not very likely though, so I might add the trim() in a future version.
Comment #2
calebgilbert CreditAttribution: calebgilbert commentedThanks for the explanation - makes perfect sense.
Maybe if you add that call to trim() in aes_decrypt() you could make it an argument so that people could choose whether they wanted it trimmed or not. Just an idea. :-)
Comment #3
easyfit CreditAttribution: easyfit commentedYeah I'll probably do exactly that, if/when I take the time to get a new version out.
Comment #4
easyfit CreditAttribution: easyfit commentedThis change has now been implemented in 1.4, unfortunately I couldn't make the trim() optional since it would cause an inconsistency between implementations.