Hi - thanks for this module - by far the easiest thing I've seen to work with for Drupal.

Was wondering though - is it normal to need to wrap decrypted output in trim()? Without doing this my decrypted output contains special characters in addition to the original string. No big deal, just wondering if I'm missing something...

Comments

easyfit’s picture

Hey and thanks for the kind words! :)

Yes it is normal to have to trim the output, I'll try to explain why. I'm definitely no encryption expert, but if I've understood it correctly it's because the strings being encrypted will be padded to a certain length when you encrypt them so then when you decrypt them you will get that padding as "noise" on the end of the string.

I could probably add a call to trim() in aes_decrypt() to avoid confusing people with this, but I didn't since I was afraid that there might be a scenario where someone would like to encrypt a string containing the same character which is used for padding, which would then decrypt incorrectly. That's probably not very likely though, so I might add the trim() in a future version.

calebgilbert’s picture

Thanks for the explanation - makes perfect sense.

Maybe if you add that call to trim() in aes_decrypt() you could make it an argument so that people could choose whether they wanted it trimmed or not. Just an idea. :-)

easyfit’s picture

Yeah I'll probably do exactly that, if/when I take the time to get a new version out.

easyfit’s picture

Status: Active » Fixed

This change has now been implemented in 1.4, unfortunately I couldn't make the trim() optional since it would cause an inconsistency between implementations.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.