0

I encrypted a string in ColdFusion using:

<cfset strEnc=ToBase64(Encrypt("some text","123", "AES","Base64"))>

I can decrypt the string in ColdFusion using:

<cfset strDec=ToString(Decrypt(ToBinary(strEnc), "123", "AES","Base64"))>

But I am unable to decrypt strEnc in PHP. I have found some decrypt functions in PHP. But they require an iv parameter. Can anyone help me?

Leigh
  • 28,765
  • 10
  • 55
  • 103
hans maeier
  • 45
  • 1
  • 7

3 Answers3

3

The native methods offered by each language will vary in terms of expected arguments, parameters and encryptions methods.

To be able to encrypt in one language and decrypt in another, you would need to use a 'global' security tool - one that works cross-language.

I would recommend you have a look at ESAPI (Enterprise Security API) https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API, which is an open-source security library created by OWASP (the Open Web Application Security Project) https://www.owasp.org

There is a ColdFusion-specific implementation of the ESAPI library (https://github.com/damonmiller/cfesapi) and a PHP library (http://code.google.com/p/owasp-esapi-php/)

As both are built on the same core security practices, the implementation of the various methods would work on whatever platform / language you wish to use them on.

ESAPI is essentially built using a series of interfaces which allow you to select and use various parts of the security library to suit your needs.

Have a look at the Encryptor, which provides methods for hashing and encrypting data. It can also sign and seal to add additional data integrity checks if you wanted to go that far. (it all depends how in-depth you wanted to go).

ESAPI essentially allows developers to set details such as hash and salt keys, encryption keys and other details in a security configuration file (a simple text file) which the library will read from. As this is the case, your PHP implementation could easily have the same security details as your ColdFusion implementation, meaning they would share the same encryption / hash / salt etc details, and as such would encrypt and decrypt the same data to the same values.

I haven't added any code samples to this comment, but if this sounds like something that would help you and would fulfil your requirements, check out the links to the ESAPI libraries mentioned above. It's fairly easy to pick up and learn, and will do what you need easily.

Matt Gifford
  • 1,268
  • 9
  • 13
1

Take a look at base64_decode() and aes_decrypt

Community
  • 1
  • 1
Hardik
  • 536
  • 4
  • 11
  • its not working the result string from http://stackoverflow.com/questions/3422759/php-aes-encrypt-decrypt is not the same as coldfusion. Coldfusion: – hans maeier Jun 29 '12 at 07:32
  • so PHP: fnEncrypt('hans', 'EZLKJjqzIArvHFQITyiB9w==') != Coldfusion:ToBase64(Encrypt("hans","EZLKJjqzIArvHFQITyiB9w==", "AES","Base64")) – hans maeier Jun 29 '12 at 07:40
  • interesting! oh i checked encrypt function - the problem is 123 is the key which you are using to encrypt your string and you have to use somehow with php function AES_decrypt. i am not sure how coldfusion functions work but i really want to know which function executes first. – Hardik Jun 29 '12 at 07:46
  • hi, 123 is an example, i have to use this key "EZLKJjqzIArvHFQITyiB9w==" – hans maeier Jun 29 '12 at 07:48
  • i think you can add limit to coldfusion function to match php checkout - http://stackoverflow.com/questions/3196846/un-encrypting-re-encrypting-a-coldfusion-encrypted-string-in-php – Hardik Jun 29 '12 at 08:07
  • its not working for me, i cant add an limit. the syntax is encrypt(string:string, key:string [, algorithm:string [, encoding:string]]):string – hans maeier Jun 29 '12 at 10:01
1
$key = base64_decode($key);

$data = base64_decode($data);

echo mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_ECB);
hans maeier
  • 45
  • 1
  • 7