$_SESSION["userpwd"] = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($cryptokey), $_POST['password'], MCRYPT_MODE_CBC, md5(md5($cryptokey))));;
Thanks.
carlo bation wrote in post #994454:
$_SESSION["userpwd"] = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($cryptokey), $_POST['password'], MCRYPT_MODE_CBC, md5(md5($cryptokey))));;
Maybe this article will help:
http://blog.rapleaf.com/dev/2009/02/19/ruby-and-mcrypt/
As it says at the top of the article there is usually little reason to need mcrypt with Ruby. Instead Ruby contains an OpenSSL implementation that should provided all the crypto functions without the need for additional crypto libraries.
I don’t know if you just need help doing equivalent crypto operations in ruby, or if you need something that is binary-compatible with the above code (to have a ruby and php app. inter-operate for example).
If you just need equivalent crypto/encoding operations then I’d use OpenSSL (through the OpenSSL gem). MD5 hashing is available through Digest::MD5 (require ‘digest/md5’). Base64 encoding/decoding can be done through the Base64 module.
However, if you need to have the exact, binary-compatible ruby equivalent, then you need to be aware (if using OpenSSL) that mcrypt doesn’t do PKCS-style padding (it just zero-pads if I remember correctly). This bit me when making a rails app. that had to read and write roundcube (a php app) session data and so if you’re doing something similar, you’ll want to be aware of the fact. You can tell OpenSSL to zero-pad if you need to: AES decrypt without PKCS padding? - Ruby - Ruby-Forum
Woops, did I say OpenSSL gem? That’d be the OpenSSL class in the standard library: Index of Classes & Methods in openssl: Ruby Standard Library Documentation (Ruby 3.1.2)
The ezcrypto gem is way easier to use, unless you happen to be used to using the openssl C api
Fred
Yeah, I’d agree with that (used it on one project a while back). I couldn’t remember the name of it though.
