I'm trying to encrypt string which is typed in textarea tag or a text input and length of typed string is more than 256 characters.
When length of string in textbox reaches 257 I cannot decrypt it anymore!
I written below codes using sample code on GitHub for AES-GCM encryption it works for short strings but doesn't work for strings more than 256 length.
I search about AES-GCM-256 which I found that there is no (at least easy way) possible way to increase it from 256 to 512 or more which it also make no sense why we do it as it is NOT necessary AT ALL.
I receive error on decrypting of string with length more than 256 which says:
Authentication failed! because key is over size of 256.
This is because string length is more than 256!
Now my question is, how can I encrypt strings more than 256 length? With what method should I encrypt and store long strings in database using AES-GCM in php?
In below attached codes I tried to encrypt sample string then send it to database.
Then I tried to get data from database by calling ID of any data inserted (recently or old data) so I can get information about that column.
This is link to AES-GCM library for PHP.
Update:
This is exact error I receive on decrypting:
Fatal error: Uncaught Sop\GCM\Exception\AuthenticationException: Authentication failed. in C:\xampp\htdocs\vendor\sop\gcm\lib\GCM\Cipher\AES\AESCipher.php:124 Stack trace: #0 C:\xampp\htdocs\vendor\sop\gcm\lib\GCM\AESGCM.php(54): Sop\GCM\Cipher\AES\AESCipher->nativeDecrypt('\x18\x9CTV\xDBI!<\x9B\l\xFD\xC5\x05#...', '\xA9W\xD5\x94d\x1E\xD2\xC9\xD5 \x91\xA4\xFBT\x8C...', 'ER8BqF&@R%#tNt...', '&F=VmZ#gP2udV4H...', '^\xBB\xDF\x81\x91\xEF\xFC\xBE\xAD\xDC\x96\x89\xA6\x01\xDE...') #1 C:\xampp\htdocs\test.php(49): Sop\GCM\AESGCM::decrypt('\x18\x9CTV\xDBI!<\x9B\l\xFD\xC5\x05#...', '\xA9W\xD5\x94d\x1E\xD2\xC9\xD5 \x91\xA4\xFBT\x8C...', 'ER8BqF&@R%#tNt...', '&F=VmZ#gP2udV4H...', '^\xBB\xDF\x81\x91\xEF\xFC\xBE\xAD\xDC\x96\x89\xA6\x01\xDE...') #2 C:\xampp\htdocs\test.php(55): getInformation->getData() #3 {main} thrown in C:\xampp\htdocs\vendor\sop\gcm\lib\GCM\Cipher\AES\AESCipher.php on line 124
//Encrypt and Insert data
$cipher = $_POST['textbox_value'];
if($insert = $this->conn()->prepare("INSERT INTO security_check (cipher,aad,sec_key,iv,auth_tag) VALUES (:cipher,:aad,:secKey,:iv,:aTAg)")){
$aad = 'thisisadditional';
// encryption key
$key = 'thisismysecurekey';
// random initialization vector
$iv = openssl_random_pseudo_bytes(64);
// encrypt and generate the authentication tag
[$ciphertext, $auth_tag] = AESGCM::encrypt($cipher, $aad, $key, $iv);
$bsCipher = bin2hex($ciphertext);
$bsAAD = bin2hex($aad);
$bsKey = bin2hex($key);
$bsIV = bin2hex($iv);
$bsTag = bin2hex($auth_tag);
$insert->bindParam(":cipher",$bsCipher,PDO::PARAM_STR);
$insert->bindParam(":aad",$bsAAD,PDO::PARAM_STR);
$insert->bindParam(":secKey",$bsKey,PDO::PARAM_STR);
$insert->bindParam(":iv",$bsIV,PDO::PARAM_STR);
$insert->bindParam(":aTAg",$bsTag,PDO::PARAM_STR);
if($insert->execute()){
return "Data encrypted";
}else{
return false;
}
}
//Get Data, decrypt it then display it
$column = $_POST['id_of_inserted_data'];
if($select = $this->conn()->prepare("SELECT * FROM security_check WHERE id = :col_id")){
$select->bindParam(":col_id",$column,PDO::PARAM_INT);
$select->execute();
$plaintext = "";
$securities = array();
if($select->rowCount()){
while($rows = $select->fetch(PDO::FETCH_ASSOC)){
$securities = [$rows['cipher'],$rows['auth_tag'],$rows['aad'],$rows['sec_key'],$rows['iv']];
}
$select = null;
}
[$ciphertext, $auth_tag,$aad,$key, $iv] = array_map('hex2bin',$securities);
$plaintext = AESGCM::decrypt($ciphertext, $auth_tag, $aad, $key, $iv);
return "Character Count - ".strlen($plaintext)." ".$plaintext;
}
My Answer:
It seems like the issue you are facing is related to the key size limitation of AES-GCM encryption, which is limited to 256 bits. If you need to encrypt strings longer than 256 characters, you can consider using a different approach such as encrypting the data in chunks or using a different encryption algorithm that supports longer key sizes.
One possible solution is to encrypt the long string in chunks and then concatenate the encrypted chunks before storing them in the database. When decrypting, you can split the concatenated encrypted string into chunks and decrypt each chunk separately before combining them to get the original long string.
Another approach is to use a hybrid encryption scheme where you encrypt the long string with a symmetric encryption algorithm like AES-GCM and then encrypt the symmetric key with a public key encryption algorithm like RSA. This way, you can securely store the encrypted long string and the encrypted symmetric key in the database.
Here is an example of how you can implement hybrid encryption in PHP using AES-GCM and RSA:
php
// Generate a random symmetric key for AES-GCM encryption
$key = random_bytes(32);
// Encrypt the long string with AES-GCM
$encryptedString = openssl_encrypt($longString, 'aes-256-gcm', $key, 0, $iv, $tag);
// Generate a random RSA key pair
$rsaKeyPair = openssl_pkey_new(array(
'private_key_bits' => 2048,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
));
// Encrypt the symmetric key with RSA public key
openssl_public_encrypt($key, $encryptedKey, openssl_pkey_get_details($rsaKeyPair)['rsa']['n']);
// Store $encryptedString and $encryptedKey in the database
// Retrieve $encryptedString and $encryptedKey from the database
// Decrypt the symmetric key with RSA private key
openssl_private_decrypt($encryptedKey, $decryptedKey, $rsaKeyPair);
// Decrypt the long string with AES-GCM using the decrypted symmetric key
$decryptedString = openssl_decrypt($encryptedString, 'aes-256-gcm', $decryptedKey, 0, $iv, $tag);
echo $decryptedString;
This is just a basic example to demonstrate the concept of hybrid encryption. You may need to adapt and enhance it based on your specific requirements and use case.
Rate this post
3 of 5 based on 7205 votesComments