Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

rsDecrypt()

Description

Decrypts data

@todo Add a third parameter to use with custom metadata (NOT ResourceSpace metadata) for generating MAC. this should
add extra security by making MAC harder to be forged

Parameters

ColumnTypeDefaultDescription
$data string Data to be decrypted
$key string

Return

false|string Returns FALSE if MAC check failed, plaintext otherwise

Location

include/encryption_functions.php lines 64 to 87

Definition

 
function rsDecrypt($data$key)
    {
    global 
$scramble_key;

    
$method  "AES-128-CTR";
    
$options OPENSSL_RAW_DATA;

    
// Get 2 derived subkeys, one for message authentication code (MAC) and the other one for encryption/ decryption.
    
$mac_key hash_hmac("sha256""mac_key"$scramble_keytrue);
    
$enc_key hash_hmac("sha256""enc_key"$scramble_keytrue);
    if (
count(explode("@@"$data))<3){return false;}
    list(
$nonce$cyphertext$mac) = explode("@@"$data);

    
// Check MAC
    
if($mac !== hash_hmac("sha256""{$cyphertext}{$nonce}{$scramble_key}"$mac_key))
        {
        
debug("rsCrypt: MAC did not match!");
        return 
false;
        }
    
// Synthetic Initialization Vector (SIV)
    
$siv substr(hash_hmac("sha256""{$nonce}{$scramble_key}{$key}"$mac_keytrue), 016);

    return 
openssl_decrypt(hex2bin($cyphertext), $method$enc_key$options$siv);
    }

This article was last updated 8th December 2024 20:35 Europe/London time based on the source file dated 1st October 2024 08:15 Europe/London time.