What is wrong decoding this Base64--AES string?

General PHP Help
#1

In the beginning, a unicode string containing the phrase: “string coming from the client…” encrypted with AES256 CBC and then passed from Base64 encoding to become text. That text is put in the php file to decrypt it. I have the following code that does the job. The point is that no string is returned. Has it to do with the use of unicode?
$key and $iv are exactly tha same used for encryption. $str stores the pre-encoded pre-encrypted text.

PHP Code:
` <!doctype html>

<?php function fnDecrypt($sValue, $sSecretKey, $iv) { return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $sSecretKey, base64_decode($sValue), MCRYPT_MODE_CBC, $iv), "\0\3"); } $key = "12345678901234567890123456789012"; $iv = "09876543210987654321098765432100"; $str = "/F/9WXb7y6j1tOcKTmFy608wO2BFo8jZ1HUo4+oPUG9AQ/UyY1KxVcVbNfDtRNAQdIqseKNuK5DPpkhooAxVBAAA"; $newStr = fnDecrypt($str, $Key, $iv); echo "
str = " . $str; echo "
new = " . $newStr; ?> `
#2

At least you should get a syntax error because you misspelled $key. But it should work, just test it in reverse. MCRYPT is deprecated and will be removed from PHP in the future.

<?php
function fnEncrypt($sValue, $sSecretKey, $iv)
{
    return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $sSecretKey, $sValue, MCRYPT_MODE_CBC, $iv));
}
function fnDecrypt($sValue, $sSecretKey, $iv)
{
    return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $sSecretKey, base64_decode($sValue), MCRYPT_MODE_CBC, $iv), "\0\3");
}

$key = "12345678901234567890123456789012";
$iv = "09876543210987654321098765432100";
$str = "hello";
$encStr = fnEncrypt($str, $key, $iv);
$newStr = fnDecrypt($encStr, $key, $iv);
var_dump($str, $encStr, $newStr);
var_dump($str === $newStr); // true
#3

Yes, it escaped my attention. Still, I don’t get the string after decoding-decryption. I tried to write the data return from base64_decode() to a file with no success. I want to write them to see if decoded data match those I had before base64 encoding them. The code tried:

$bin = pack("C*",base64_decode($str));
$fp = fopen("test_bin.txt","wb");
file_put_contents($fp, $bin);
fclose($fp);

$fp = fopen("bin_test.txt","wb");
file_put_contents($fp, base64_decode($str));
fclose($fp);

EDIT: the problem may be the use of unicode in the desktop app that created the base64 string and my page uses utf-8 encoding.

#4

So you get different results from the encoding function on both sides?

#5

What I have tested so far?
Desktop app:
Unicode string -> AES -> Base64.
Ansii string -> AES -> Base64.
Copy paste the result to the php file and try to decrypt it with the above code. An unreadable string is returned with echo.
On the other hand, in php:
String -> AES -> Base64.
Copy paste the result to the desktop app. The app could not get the string, unreadable too.
Then, I did the same tests but now without using AES. The strings were decoded just fine. So, AES is the problem or at least that it seems to be the problem. 256 bits, CBC mode, key, iv are the same in both sides.

#6

Oh my God! In this page: https://www.php.net/manual/en/function.mcrypt-decrypt.php I fount this in the comments:
Caution, MCRYPT_RIJNDAEL_256 is not equivalent to AES_256.
I am using AES-256 so this is it. The point is that I don’t want to pass AES string from desktop app to php only to use the solution provided there, I want the opposite one too. So, how can I fix it?

#7

that’s beyond my experience with encryption. I only have the tip to look at libsodium.

#8

I found out the solution with openssl which supports real AES. Thank you very much for your time and effort!

Sponsor our Newsletter | Privacy Policy | Terms of Service