* Pure-PHP implementation of RC4.
* Uses mcrypt, if available, and an internal implementation, otherwise.
* Useful resources are as follows:
* - {@link http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt ARCFOUR Algorithm}
* - {@link http://en.wikipedia.org/wiki/RC4 - Wikipedia: RC4}
* RC4 is also known as ARCFOUR or ARC4. The reason is elaborated upon at Wikipedia. This class is named RC4 and not
* ARCFOUR or ARC4 because RC4 is how it is referred to in the SSH1 specification.
* Here's a short example of how to use this library:
* include 'Crypt/RC4.php';
* $rc4 = new Crypt_RC4();
* $rc4->setKey('abcdefgh');
* for ($i = 0; $i < $size; $i++) {
* echo $rc4->decrypt($rc4->encrypt($plaintext));
* LICENSE: Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* @author Jim Wigginton <terrafrost@php.net>
* @copyright 2007 Jim Wigginton
* @license http://www.opensource.org/licenses/mit-license.html MIT License
* @link http://phpseclib.sourceforge.net
if (!class_exists('Crypt_Base')) {
define('CRYPT_RC4_ENCRYPT', 0);
define('CRYPT_RC4_DECRYPT', 1);
* Pure-PHP implementation of RC4.
* @author Jim Wigginton <terrafrost@php.net>
class Crypt_RC4 extends Crypt_Base
* Block Length of the cipher
* so we the block_size to 0
* @see Crypt_Base::block_size
* @see Crypt_RC4::setKeyLength()
var $key_length = 128; // = 1024 bits
* The namespace used by the cipher for its constants.
* @see Crypt_Base::const_namespace
var $const_namespace = 'RC4';
* The mcrypt specific name of the cipher
* @see Crypt_Base::cipher_name_mcrypt
var $cipher_name_mcrypt = 'arcfour';
* Holds whether performance-optimized $inline_crypt() can/should be used.
* @see Crypt_Base::inline_crypt
var $use_inline_crypt = false; // currently not available
* The Key Stream for decryption and encryption
* Determines whether or not the mcrypt extension should be used.
* @see Crypt_Base::Crypt_Base()
parent::__construct(CRYPT_MODE_STREAM);
* PHP4 compatible Default Constructor.
* @see self::__construct()
* Test for engine validity
* This is mainly just a wrapper to set things up for Crypt_Base::isValidEngine()
* @see Crypt_Base::Crypt_Base()
function isValidEngine($engine)
if ($engine == CRYPT_ENGINE_OPENSSL) {
if (version_compare(PHP_VERSION, '5.3.7') >= 0) {
$this->cipher_name_openssl = 'rc4-40';
switch (strlen($this->key)) {
$this->cipher_name_openssl = 'rc4-40';
$this->cipher_name_openssl = 'rc4-64';
$this->cipher_name_openssl = 'rc4';
return parent::isValidEngine($engine);
* Some protocols, such as WEP, prepend an "initialization vector" to the key, effectively creating a new key [1].
* If you need to use an initialization vector in this manner, feel free to prepend it to the key, yourself, before
* [1] WEP's initialization vectors (IV's) are used in a somewhat insecure way. Since, in that protocol,
* the IV's are relatively easy to predict, an attack described by
* {@link http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf Scott Fluhrer, Itsik Mantin, and Adi Shamir}
* can be used to quickly guess at the rest of the key. The following links elaborate:
* {@link http://www.rsa.com/rsalabs/node.asp?id=2009 http://www.rsa.com/rsalabs/node.asp?id=2009}
* {@link http://en.wikipedia.org/wiki/Related_key_attack http://en.wikipedia.org/wiki/Related_key_attack}
* Keys can be between 1 and 256 bytes long.
function setKeyLength($length)
} elseif ($length > 2048) {
$this->key_length = $length >> 3;
parent::setKeyLength($length);
* @see Crypt_Base::decrypt()
* @param string $plaintext
* @return string $ciphertext
function encrypt($plaintext)
if ($this->engine != CRYPT_ENGINE_INTERNAL) {
return parent::encrypt($plaintext);
return $this->_crypt($plaintext, CRYPT_RC4_ENCRYPT);
* $this->decrypt($this->encrypt($plaintext)) == $this->encrypt($this->encrypt($plaintext)).
* At least if the continuous buffer is disabled.
* @see Crypt_Base::encrypt()
* @param string $ciphertext
* @return string $plaintext
function decrypt($ciphertext)
if ($this->engine != CRYPT_ENGINE_INTERNAL) {
return parent::decrypt($ciphertext);
return $this->_crypt($ciphertext, CRYPT_RC4_DECRYPT);
* Setup the key (expansion)
* @see Crypt_Base::_setupKey()
$keyLength = strlen($key);
$keyStream = range(0, 255);
for ($i = 0; $i < 256; $i++) {
$j = ($j + $keyStream[$i] + ord($key[$i % $keyLength])) & 255;
$keyStream[$i] = $keyStream[$j];
$this->stream[CRYPT_RC4_DECRYPT] = $this->stream[CRYPT_RC4_ENCRYPT] = array(
* Encrypts or decrypts a message.
function _crypt($text, $mode)
$stream = &$this->stream[$mode];
if ($this->continuousBuffer) {
$keyStream = &$stream[2];
for ($k = 0; $k < $len; ++$k) {
$text[$k] = $text[$k] ^ chr($keyStream[($ksj + $ksi) & 255]);
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
