rsDecrypt()

Coding standards

Security in ResourceSpace

Developer reference

Database

Action functions

Admin functions

Ajax functions

Annotation functions

API functions

Collections functions

Comment functions

Config functions

CSV export functions

Dash functions

Debug functions

Encryption functions

Facial recognition functions

File functions

General functions

Language functions

Log functions

Message functions

Migration functions

Node functions

PDF functions

Plugin functions

Render functions

Reporting functions

Request functions

Research functions

Slideshow functions

Theme permission functions

getThemePathPerms()

User functions

Video functions

Database functions

Metadata functions

Resource functions

Search functions

Map functions

Job functions

get_job_type_priority()

Tab functions

Test functions

Description

Decrypts data

@todo Add a third parameter to use with custom metadata (NOT ResourceSpace metadata) for generating MAC. this should
add extra security by making MAC harder to be forged

Parameters

Column	Type	Default	Description
$data	string		Data to be decrypted
$key	string

Return

false|string

Returns FALSE if MAC check failed, plaintext otherwise

Location

include/encryption_functions.php lines 64 to 87

Definition


 
function rsDecrypt($data, $key)
    {
    global $scramble_key;

    $method  = "AES-128-CTR";
    $options = OPENSSL_RAW_DATA;

    // Get 2 derived subkeys, one for message authentication code (MAC) and the other one for encryption/ decryption.
    $mac_key = hash_hmac("sha256", "mac_key", $scramble_key, true);
    $enc_key = hash_hmac("sha256", "enc_key", $scramble_key, true);
    if (count(explode("@@", $data))<3){return false;}
    list($nonce, $cyphertext, $mac) = explode("@@", $data);

    // Check MAC
    if($mac !== hash_hmac("sha256", "{$cyphertext}{$nonce}{$scramble_key}", $mac_key))
        {
        debug("rsCrypt: MAC did not match!");
        return false;
        }
    // Synthetic Initialization Vector (SIV)
    $siv = substr(hash_hmac("sha256", "{$nonce}{$scramble_key}{$key}", $mac_key, true), 0, 16);

    return openssl_decrypt(hex2bin($cyphertext), $method, $enc_key, $options, $siv);
    }

This article was last updated 17th November 2024 15:35 Europe/London time based on the source file dated 1st October 2024 08:15 Europe/London time.