joachimdoerr · August 29, 2015 14:06
diff --git a/Output.md b/Output.md
diff --git a/PHP Source Code.php b/PHP Source Code.php
 <?php

 	/*
 	 * PHP Security Library - User testing.
 	 * Playing around with Pure-PHP security libraries (LIKE A BOSS).
 	 * This example uses AES, which is the Advanced Encryption Standard used by
 	 * the US National Security Agency.
 	 */
 	
 	// The following is to tell the application which folder it will find the library in.
 	// Basically it means we can say `include "Crypt/AES.php";` instead of having to specify
 	// `include "/var/www/path/to/security/library/Crypt/AES.php";`
 	$lib_root = realpath(
 		rtrim($_SERVER['DOCUMENT_ROOT'], DIRECTORY_SEPARATOR)
 		. implode(DIRECTORY_SEPARATOR, array('', 'libs', 'phpseclib', 'phpseclib', ''))
 	);
 	if(!is_string($lib_root)) {
 		echo 'Could not set the library include path. Application terminated.';
 		exit;
 	}
 	set_include_path(get_include_path() . PATH_SEPARATOR . $lib_root);

 	// Now we can include any libraries from PHPSecLib we want :)
 	// For this example I am going to be using the AES Symetrical Encryption Sub-library.
 	// Try to load it and make sure we can use it. If we can't there is no point in continuing with the rest of this script.
 	include "Crypt/AES.php";
 	if(!class_exists('Crypt_AES')) {
 		echo 'Oh noes! We couldn\'t load the AES library! Application terminated.';
 		exit;
 	}

 	// Define our example passwords that we are going to use.
 	$password = 'MolliePosellIsLikeSoAmazingYouCantEvenLookWithoutYourHeadBlowingUp';
 	$password_false = 'ThisKeyJustWillNotWorkBecauseThePlaintextWasEncryptedWithADifferentKey';

 	// Define our example input text we are going to use.
 	$plaintext = "Twisted and gnarled, these roots run deep into realms that open whilst I sleep;\n"
 		. 'designing a counterfeit system composed of intricately versed poem.';

 	// Create a new instance of the library, and set the password we want to use.	
 	$cipher = new Crypt_AES;
 	$cipher->setKey($password);
 	// Encrypt the plaintext with the password we have already set. It's as easy as that!
 	$encrypted = $cipher->encrypt($plaintext);
 	
 	// Perform some other functions to display in the example below.
 	$encrypted_64 = base64_encode($encrypted);
 	$decrypted = $cipher->decrypt($encrypted);
 	
 	// Example of what happens when the wrong key is used to decrypt something.
 	$cipher->setKey($password_false);
 	$false_decrypted = $cipher->decrypt($encrypted);
 	
 	// The rest of this document is HTML, which is just to display the output to the browser in a neat, formatted way.
 ?>
 <!DOCTYPE html>
 <html>
 	<head>
 		<title>PHPSecLib User Testing</title>
 		<style type="text/css">
 			#wrapper {
 				width:960px;
 				margin:0 auto;
 			}
 			pre {
 				padding: 1px 0 1px 20px;
 				margin-left: 10px;
 				border-left: 3px solid lightsteelblue;
 				width: 930px;
 			}
 		</style>
 	</head>
 	<body><div id="wrapper">
 		<h1>PHPSecLib User Testing</h1>
 		<p>The following is an extract of a poem. This is the text we will be using as our example input for encrypting with a password.</p>
 		<pre><p><?php echo $plaintext; ?></p></pre>
 		<p>Next, we have the password in which we shall encrypt everything with.</p>
 		<pre><p><?php echo $password; ?></p></pre>
 		<p>Now, when we encrypt the plain text input with the password we get the following.</p>
 		<pre><p><?php echo $encrypted; ?></p></pre>
 		<p>Now, that was encrypted into a binary sequence of 0's and 1's, so when we try to display it in the browser it looks like garbage. The "de facto" method for sending it to other people is to Base64 encode it into readable characters. That way when a program tries to use it, without knowing how, the sequence won't get muddled up by mistake. It would be comepletely useless then! Here's the encrypted string Base64 encoded into a text string:</p>
 		<pre><p><?php echo $encrypted_64; ?></p></pre>
 		<p>When we decrypt it we <strong>should</strong> get the original plain text. If the following is not the same it means we messed up somewhere!</p>
 		<pre><p><?php echo $decrypted; ?></p></pre>
 		<p>The following <em>fake</em> password will be used to decrypt it, as if someone got hold of the message but didn't know the password so they tried the first thing they thought of.</p>
 		<pre><p><?php echo $password_false; ?></p></pre>
 		<p>What the eavesdropping person will come up with; garbage because they used the wrong key to decrypt it with.</p>
 		<pre><p><em>Actually this function returns false for some reason. Maybe if they correct key is not given this is what it does,
 but nothing in the documentation specifies this. Bad documentation if you ask me.</p></pre>
 	</div></body>
 </html>
	<?php

	/*
	* PHP Security Library - User testing.
	* Playing around with Pure-PHP security libraries (LIKE A BOSS).
	* This example uses AES, which is the Advanced Encryption Standard used by
	* the US National Security Agency.
	*/

	// The following is to tell the application which folder it will find the library in.
	// Basically it means we can say `include "Crypt/AES.php";` instead of having to specify
	// `include "/var/www/path/to/security/library/Crypt/AES.php";`
	$lib_root = realpath(
	rtrim($_SERVER['DOCUMENT_ROOT'], DIRECTORY_SEPARATOR)
	. implode(DIRECTORY_SEPARATOR, array('', 'libs', 'phpseclib', 'phpseclib', ''))
	);
	if(!is_string($lib_root)) {
	echo 'Could not set the library include path. Application terminated.';
	exit;
	}
	set_include_path(get_include_path() . PATH_SEPARATOR . $lib_root);

	// Now we can include any libraries from PHPSecLib we want :)
	// For this example I am going to be using the AES Symetrical Encryption Sub-library.
	// Try to load it and make sure we can use it. If we can't there is no point in continuing with the rest of this script.
	include "Crypt/AES.php";
	if(!class_exists('Crypt_AES')) {
	echo 'Oh noes! We couldn\'t load the AES library! Application terminated.';
	exit;
	}

	// Define our example passwords that we are going to use.
	$password = 'MolliePosellIsLikeSoAmazingYouCantEvenLookWithoutYourHeadBlowingUp';
	$password_false = 'ThisKeyJustWillNotWorkBecauseThePlaintextWasEncryptedWithADifferentKey';

	// Define our example input text we are going to use.
	$plaintext = "Twisted and gnarled, these roots run deep into realms that open whilst I sleep;\n"
	. 'designing a counterfeit system composed of intricately versed poem.';

	// Create a new instance of the library, and set the password we want to use.
	$cipher = new Crypt_AES;
	$cipher->setKey($password);
	// Encrypt the plaintext with the password we have already set. It's as easy as that!
	$encrypted = $cipher->encrypt($plaintext);

	// Perform some other functions to display in the example below.
	$encrypted_64 = base64_encode($encrypted);
	$decrypted = $cipher->decrypt($encrypted);

	// Example of what happens when the wrong key is used to decrypt something.
	$cipher->setKey($password_false);
	$false_decrypted = $cipher->decrypt($encrypted);

	// The rest of this document is HTML, which is just to display the output to the browser in a neat, formatted way.
	?>
	<!DOCTYPE html>
	<html>
	<head>
	<title>PHPSecLib User Testing</title>
	<style type="text/css">
	#wrapper {
	width:960px;
	margin:0 auto;
	}
	pre {
	padding: 1px 0 1px 20px;
	margin-left: 10px;
	border-left: 3px solid lightsteelblue;
	width: 930px;
	}
	</style>
	</head>
	<body><div id="wrapper">
	<h1>PHPSecLib User Testing</h1>
	<p>The following is an extract of a poem. This is the text we will be using as our example input for encrypting with a password.</p>
	<pre><p><?php echo $plaintext; ?></p></pre>
	<p>Next, we have the password in which we shall encrypt everything with.</p>
	<pre><p><?php echo $password; ?></p></pre>
	<p>Now, when we encrypt the plain text input with the password we get the following.</p>
	<pre><p><?php echo $encrypted; ?></p></pre>
	<p>Now, that was encrypted into a binary sequence of 0's and 1's, so when we try to display it in the browser it looks like garbage. The "de facto" method for sending it to other people is to Base64 encode it into readable characters. That way when a program tries to use it, without knowing how, the sequence won't get muddled up by mistake. It would be comepletely useless then! Here's the encrypted string Base64 encoded into a text string:</p>
	<pre><p><?php echo $encrypted_64; ?></p></pre>
	<p>When we decrypt it we <strong>should</strong> get the original plain text. If the following is not the same it means we messed up somewhere!</p>
	<pre><p><?php echo $decrypted; ?></p></pre>
	<p>The following <em>fake</em> password will be used to decrypt it, as if someone got hold of the message but didn't know the password so they tried the first thing they thought of.</p>
	<pre><p><?php echo $password_false; ?></p></pre>
	<p>What the eavesdropping person will come up with; garbage because they used the wrong key to decrypt it with.</p>
	<pre><p><em>Actually this function returns false for some reason. Maybe if they correct key is not given this is what it does,
	but nothing in the documentation specifies this. Bad documentation if you ask me.</p></pre>
	</div></body>
	</html>
No results found