It looks like you're new here. If you want to get involved, click one of these buttons!
hi my openssl_decrypt / encrypt was complaining about the following in the logs:
stderr: PHP Warning: openssl_encrypt() expects at most 4 parameters, 5 given
i tracked this down and noticed every single one of my links were not being decrypted correctly. afterwards i started looking into short.php and realized if i combined the api key with the salt when encrypting / decrypting, it seemed to work (to satisfy the error in the log while trying to combine the api key with the salt to encrypt / decrypt).
im wondering why my openssl_encrypt wont work with the default sendy way. please take a look at my script here:
my php version:
PHP 5.3.6-13ubuntu3.1 with Suhosin-Patch (cli) (built: Aug 29 2011 23:39:16)
running on ubuntu 10.06
according to http://php.net/manual/en/function.openssl-decrypt.php i should be able to use the 5 params, as iv parameter was added in php 5.3.3
Did this happen out of a sudden?
I tested your script, if I used your method with only 4 parameters (without the iv), I'll get this warning:
openssl_encrypt(): Using an empty Initialization Vector (iv) is potentially insecure and not recommended
Which means Sendy's current way of encryption is correct and secure. I'm not sure why yours does not work even though you're using PHP 5.3.6 (higher than 5.3.0).
What do you get when you decrypt using 5 parameters (with vi) using your test script?
its blank when i use the 5 parameters.
im wondering if my php is updated, but somehow my openssl library is outdated?
i just checked my version of openssl: OpenSSL 0.9.8k 25 Mar 2009
Could be. My version of OpenSSL is → OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL 1.0.1e-fips 11 Feb 2013