\Zend\Filter\Encrypt and \Zend\Filter\Decrypt not working together? #3541

pdobrigkeit opened this Issue Jan 23, 2013 · 3 comments


None yet

3 participants


I am trying to do the following:

$value = '123';
$encrypt = new \Zend\Filter\Encrypt();
$encrypted = $encrypt->filter($value);

$vector = $encrypt->getVector();
$decrypt = new \Zend\Filter\Decrypt();

echo $decrypt->filter($encrypted)

The Output is false

Anybody has an idea? Is the Decrypt filter currently broken?

$encrypted = 71aac05c78e7266838ea4cbe830bf25ed6fc539d5e38600ac4e5a79f8c97096cMTIzNDU2Nzg5MDEyMzQ1NlE8l6GsEoACJmSjks9w7Wc=

@ezimuel ezimuel was assigned Jan 24, 2013
ezimuel commented Jan 24, 2013

@pdobrigkeit I fixed this issue with the PR #3550. The problem was related to the correct size of the Vector (salt in BlockCipher).

ezimuel commented Jan 24, 2013

@pdobrigkeit I forgot to mention that the correct way to use the Zend\Filter\Encrypt is to use the encryption key instead of the Vector. The Vector represent only the Initialization Vector (IV) of the encryption algorithm (default is BlockCipher). This Vector is public, is not a secret, and is stored in the encrypted string.
With your example the encrypted message is always encrypted with the key 'ZendFramework'.
A correct use case can be something like that:

$value = '123';
$key   = 'test';

$encrypt = new \Zend\Filter\Encrypt(array('key' => $key)); 
$encrypted = $encrypt->filter($value);
printf ("Encrypted: %s\n", $encrypted);

$decrypt = new \Zend\Filter\Decrypt(array('key' => $key));
printf ("Decrypted: %s\n", $decrypt->filter($encrypted));

Please note that the encrypted output is different on each execution. This because the Vector (IV) is generated random each time. This is a good security practice.

ezimuel commented Jan 25, 2013

After a depth review of Zend\Filter\Encrypt and Decrypt I decided to add the setKey() method, with the last commits on the PR #3550. Moreover, for security reason, I removed the default key 'ZendFramework' from the Filter\Encrypt\BlockCipher. Now it's mandatory to specify the key in order to use the Zend\Filter\Encrypt and Decrypt. The Vector (salt) becomes optional, because we are using the BlockCipher adapter as default.
I'm going to update the documentation of Zend\Filter\Encrypt and Decrypt according with these changes.

@weierophinney weierophinney added a commit that closed this issue Jan 25, 2013
@weierophinney weierophinney Merge branch 'hotfix/3550'
Close #3550
Fixes #3541
@weierophinney weierophinney added a commit to zendframework/zend-filter that referenced this issue May 15, 2015
@weierophinney weierophinney Merge branch 'hotfix/3550' cef4359
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment