Friday, August 21, 2009

Encryption and Decryption Between .NET and PHP

I recently worked on a project that required encryption and decryption by and between .NET and PHP. By default, the 2 technologies don't mesh very well. Being that the data was originally being encrypted and decrypted by .NET, I had to write PHP code that worked with the encryption schemas being used. One of the main problems I ran into was the use of padding, in my case pkcs7 which was used by default in .NET. First thing to do was to make sure the encyption schemas were the same. For example, when using DES, the .NET default mode is MCRYPT_MODE_CBC.  Once that was setup, I could initialize the mcrypt libraries.


$module = mcrypt_module_open(MCRYPT_DES, '', MCRYPT_MODE_CBC, '');
if($module === false)
die("DES module could not be opened");

$blockSize = mcrypt_get_block_size(MCRYPT_DES, MCRYPT_MODE_CBC);
 

The $blockSize variable is used later for padding and padding removal using pkcs7.  Next to encrypt data I had to implement the following:
 
//encryption
$key = substr($key, 0, 8);

$iv = $key;
$rc = mcrypt_generic_init($module, $key, $iv);
//apply pkcs7 padding
$value_length = strlen($value);
$padding = $blockSize - ($value_length % $blockSize);
$value .= str_repeat( chr($padding), $padding);
$value = mcrypt_generic($module, $value);
$value = base64_encode($value);
mcrypt_generic_deinit($module);

//value now encrypted


Basically, the encryption scheme the .NET side was using was set the iv to the key, pad data, encrypt data, then base64 encode data.  So here I've done the same thing in PHP.  Now I needed to do the exact same thing for decryption:


//Decryption
$key = substr($key, 0, 8);
$iv = $key;
$rc = mcrypt_generic_init($module, $key, $iv);
$value = base64_decode($value);
$value = mdecrypt_generic($module, $value);

//apply pkcs7 padding removal
$packing = ord($value[strlen($value) - 1]);
if($packing && $packing < $this->_blockSize){
    for($P = strlen($value) - 1; $P >= strlen($value) - $packing; $P--){
        if(ord($value{$P}) != $packing){
            $packing = 0;
        }//end if
    }//end for
}//end if

$value = substr($value, 0, strlen($value) - $packing);

mcrypt_generic_deinit($module);

//value now decrypted

This is basically the same as encryption but in reverse.  The only real difference is the pkcs7 padding removal.  Hopefully this tidbit helps a few others out there who run into encrypt and decryption issues between .NET and PHP.

Tuesday, August 18, 2009

Thursday, August 6, 2009

Gentoo Linux Resolving the Read Only NTFS Issue

If you run into the problem of mounting an NTFS share, drive, USB, etc. where the mount reads as (rw) but the "dmesg tail" gives you a message like the following:

NTFS-fs error (device sdxx): load_system_files(): $LogFile is not clean. Mounting read-only. Mount in Windows.

Here's the fix for enabling write functionality under Gentoo specifically and more than likely similar in other flavors as well.


First emerge ntfs3g
Next go to your kernel source fire off a make menuconfig and enable:


File systems --->
<*> Filesystem in Userspace support


or in later kernels


File systems --->
<*> FUSE (Filesystem in Userspace) support


Next do a make clean && make
If you're using modules then also do a make modules_install && update-modules.

Next mount your boot partition mount /dev/sdxx /boot (where sdxx is your drive specific device - in my case /dev/sda1)

Copy your new kernel into the boot partition (ie. cp arch/x86/boot/bzImage /boot/kernel)

Unmount the boot partition and reboot loading the new kernel.

Now to mount the NTFS partition with write support use the following:

mount -t ntfs-3g /dev/sdxx /mnt/xxx (where sdxx and xxx are your specific device and mount points - in my case /dev/sdc1 /mnt/usb)

You should be golden from this point forward. If you get an error stating that the drive is not clean or the like use the force option the clean it up mount -t ntfs-3g /dev/sdxx /mnt/xxx -o force.

Windows 7 Intermittent Freeze

So I posted earlier discussing the Windows 7 freezing issue and how updating the bios, etc. appeared to help. That is partially true. However, I'm still fighting the freezing issue. So far I've been able to track it down to non-user input. I can leave the machine alone at the login screen, no user interaction and the machine will still sometimes freeze. It looks like it may have something to do with a background process or an on idle process. I'll keep checking and update my findings.