search

kevinsandow / PBEWithMD5AndDES

PHP >= 7.2 implementation for passphrase based encryption (PBE) as defined in PKCS#5 version 2.0 (RFC 2898)
MIT License
17 stars 12 forks source link

PKCS#5 / PKCS#7 #7

Open anniew86 opened 2 years ago

anniew86 commented 2 years ago

the About statment mentions PKCS#5 but the coding use PKCS#7 , to get the PKCS#5 following code of DESEncryptor.php have to be removed:

if (!$this->encrypt) { $aPadding = array_values(unpack('C', substr($text, -1))); $padding = $aPadding[0]; $text = substr($text, 0, strlen($text) - $padding); }

I needed to use it with PKCS#5, perhaps you can implement a suitable parameter

kevinsandow commented 2 years ago

PKCS#5 is a subset of PKCS#7, where PKCS#7 supports variable block sizes. In this case the implementation is hard-coded to protected $blockSize = 8; thus using PKCS#5.

The code you mentioned only affects the decryption, are you sure the data was correctly encrypted, since PKCS#5 uses the same decryption method as PKCS#7, quoted from the RFC https://datatracker.ietf.org/doc/html/rfc2898#section-6.1.2

      5. Separate the encoded message EM into a message M and a padding
         string PS:

                 EM = M || PS ,

         where the padding string PS consists of some number psLen
         octets each with value psLen, where psLen is between 1 and 8.
         If it is not possible to separate the encoded message EM in
         this manner, output "decryption error" and stop.

I might not have the last part implemented, to respect only paddings in range from 1 to 8, but otherwise it is implemented as specified.