AES_ENCRYPT in model

Question

AES_ENCRYPT in model

hajcu Jan '17

Created Jan '17	Last Reply Jan '20	Replies 11	Views 808	Votes 2

hajcu 8.7k

Jan '17

On model level, we can always encrypt value in function beforeSave, but i don't know how to make fetch in the same way, so when i fetch data, there are automatilcy AES_DECRYPT. I want to do this without phsql.

public function beforeSave(){
    $this->name = new RawValue('AES_ENCRYPT("'.$this->name.'", "secret_pass")');
}

So when i do this, it's work properly, so name is encrypted in blob field in database

$model  = new Model();
$model->name = "abc";
$model->save();

but i don't know how to fetch unencrypted data directly from model, similar to this:

$data = Model::findFirst();

or

$data = Model::find();

2

Lajos Bencz · Answer 1 · 2017-01-20T04:06:52-07:00

There's a pair function for beforeSave: afterFetch ;]

https://docs.phalcon.io/en/3.0.0/reference/models.html#initializing-preparing-fetched-records

Wojciech Ślawski · Answer 2 · 2017-01-20T04:53:54-07:00

afterFetch. Keep in mind events are runned only if you return full models. So if you will get only some columns they will not be runned.

hajcu · Answer 3 · 2017-01-20T10:14:08-07:00

I test afterFetch , and it's not working i try this

public function afterFetch(){
    $this->patient_first_name = new RawValue('AES_DECRYPT("'.$this->patient_first_name.'", "secret_pass")');
}

and model do not decrypt this

ntesic · Answer 4 · 2017-01-20T11:02:35-07:00

You don't need RawValue in afterFetch() Try $this->patient_first_name = AES_DECRYPT($this->patient_first_name, "secret_pass");

Why code formating is not working on mobile?

Wojciech Ślawski · Answer 5 · 2017-01-20T12:53:39-07:00

Wojciech Ślawski
145.0k

Jan '17

You need to use php function here. Not RawValue.

hajcu · Answer 6 · 2017-01-23T02:46:14-07:00

Do you have example how to do that ?, so, what i should exacly put in function afterFetch to decrypt this value ?

Wojciech Ślawski · Answer 7 · 2017-01-23T03:36:05-07:00

Wojciech Ślawski
145.0k

Jan '17

Use openssl_decrypt

Lajos Bencz · Answer 8 · 2017-01-23T03:40:32-07:00

You should first decide where to put the encrypt/decrypt logic. You CAN have encryption on SQL and decryption on PHP side, but that requires you to share the same encryption key between the two systems (bad idea).

Phalcon has built-in security methods, you'd be better off using that (you also have more control over the key/algo/padding).

https://docs.phalcon.io/en/3.0.0/reference/crypt.html#setting-up-an-encryption-service

$di->set(
    "crypt",
    function () {
        $crypt = new Crypt();
        // Set a global encryption key
        $crypt->setKey(
            "your secret goes here"
        );
        return $crypt;
    },
    true
);

public function beforeSave(){
    $this->name = $this->getDI()->get('crypt')->encryptBase64($this->name);
}
public function afterFetch(){
    $this->name = $this->getDI()->get('crypt')->decryptBase64($this->name);
}

le51 · Answer 9 · 2017-01-23T12:17:23-07:00

le51
43.9k

Jan '17

good topic !

hajcu · Answer 10 · 2017-01-25T12:19:20-07:00

OK, about build in crypt function, i know about this, this was not the question about changing the way to encrypt, but question about AES_DECRYPT in model ;)

BUT ! Based on internet post, i write that part of code

private function mysql_aes_key($key)
{
        $new_key = str_repeat(chr(0), 16);
        for($i=0,$len=strlen($key);$i<$len;$i++)
        {
            $new_key[$i%16] = $new_key[$i%16] ^ $key[$i];
        }
        return $new_key;
}

private function decrypt($field)
 {
        $key = $this->mysql_aes_key("secret_pass");

        $val = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $field, MCRYPT_MODE_ECB, mcrypt_create_iv( mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB), MCRYPT_DEV_URANDOM));

        return trim($val);
}

and now in after fetch function

public function afterFetch(){
        $this->patient_idx = $this->decrypt($this->patient_idx);
}

But there are some dummy characters sometime in data, i think i be able to solve this more less in next comming days, so i post answere here ;)

Wojciech Ślawski · Answer 11 · 2017-01-25T15:02:36-07:00

Wojciech Ślawski
145.0k

Jan '17

You can also use just phalcon crypt service :D

hajcu · Answer 12 · 2017-01-26T03:03:04-07:00

hajcu
8.7k

edited Jan '17
Jan '17

Can you put the code, how can i use crypt service to decrypt AES_ENCRYPT value in database ?

Wojciech Ślawski · Answer 13 · 2017-01-26T04:04:00-07:00

public function afterFetch()
{
    $this->patient_idx = $this->getDI()->get('crypt')->decrypt($this->patient_idx, 'secret_pass');
}

Of course decrypt service must be set with correct cipher etc.

Lajos Bencz · Answer 14 · 2017-01-30T03:58:44-07:00

mcrypt is now earmarked as deprecated, any decent dev would refrain from building a project which utilizes it. As we advised, the best approach for this is to drop mcrypt altogether, and use the built-in methods of Phalcon.

If you want to stick with mcrypt, it's up to you, but don't come looking for help on the dedicated channel for Phalcon ;] (no offense intended)

Krunal79-flutter · Answer 15 · 2020-01-16T04:03:30-07:00

Krunal79-flutter
-28

Jan '20

https://icetutor.com/