0

Have tried numerous examples all over the web but I just can't get the same result in C# as in PHP.

I have a C# web service that will receive an encrypted string that I need to decrypt. The string has been encrypted in PHP using something like the code below. This PHP code will output "eGtLMUc5cXdEblY2dHhDVUhjcm56Zz09" when input string is "1234". Then I try to decrypt it in C# but can't manage to do that, have tried every example I can find but my output is always different from "1234" (most cases just a bunch of random letters/digits).

Input: 1234

Output: eGtLMUc5cXdEblY2dHhDVUhjcm56Zz09

<?php
$secret_key = 'verySecretKey';
$secret_iv = 'secret_iv_string';
$key = hash('sha256', $secret_key);
$iv = substr(md5(md5($secret_iv)), 0, 16);
$method = 'AES-256-CBC';
$inputString = '1234';

$encrypted = openssl_encrypt($inputString, $method, $key,FALSE,$iv);
echo base64_encode($encrypted);
?>

I can decrypt it in PHP using code below.

Input: eGtLMUc5cXdEblY2dHhDVUhjcm56Zz09

Output: 1234

<?php
$encryptedString = 'eGtLMUc5cXdEblY2dHhDVUhjcm56Zz09';
$encrypt_method = 'AES-256-CBC';
$secret_key = 'verySecretKey';
$secret_iv = 'secret_iv_string';
$key = hash('sha256', $secret_key);
$iv = substr(md5(md5($secret_iv)), 0, 16);
$plain_password = openssl_decrypt(base64_decode($encryptedString), $encrypt_method, $key, FALSE, $iv);
echo $plain_password;
?>

Anyone knows how to get the same result in C#?

My code in C# that I want to produce the same as PHP.

Input: 1234

Encrypted: HNEm25Nuqj4mWvkXPWL/Ww==

    private static void tester()
    {
        RijndaelManaged AesEncryption = new RijndaelManaged();
        string plainStr = "1234"; // The text that would be encrypted
        AesEncryption.KeySize = 256;
        AesEncryption.BlockSize = 128;
        AesEncryption.Mode = CipherMode.CBC;
        AesEncryption.Padding = PaddingMode.Zeros;

        string keyStr = "verySecretKey";
        string ivStr = "secret_iv_string";
        AesEncryption.Key = GetSHA256HashBytes(keyStr);
        AesEncryption.IV = ASCIIEncoding.UTF8.GetBytes(GetMD5Hash(GetMD5Hash(ivStr)).Substring(0, 16));

        byte[] plainText = Convert.FromBase64String(plainStr);

        ICryptoTransform crypto = AesEncryption.CreateEncryptor();
        ICryptoTransform decrypto = AesEncryption.CreateDecryptor();

        byte[] cipherText = crypto.TransformFinalBlock(plainText, 0, plainText.Length);
        byte[] decryptedText = decrypto.TransformFinalBlock(cipherText, 0, cipherText.Length);

        Console.Write("The plain text\"{0}\" in the encrypted format is:{1} \n", plainStr, Convert.ToBase64String(cipherText));
        Console.Write("The encrypted text \"{0}\" is decrypted to: {1}", Convert.ToBase64String(cipherText), Convert.ToBase64String(decryptedText));
        Console.Read();
    }
    private static byte[] GetSHA256HashBytes(string input)
    {
        System.Security.Cryptography.SHA256CryptoServiceProvider x = new System.Security.Cryptography.SHA256CryptoServiceProvider();
        byte[] bs = System.Text.Encoding.UTF8.GetBytes(input);
        bs = x.ComputeHash(bs);
        System.Text.StringBuilder s = new System.Text.StringBuilder();
        foreach (byte b in bs)
        {
            s.Append(b.ToString("x2").ToLower());
        }
        return bs;
    }
    private static string GetMD5Hash(string input)
    {
        System.Security.Cryptography.MD5CryptoServiceProvider x = new System.Security.Cryptography.MD5CryptoServiceProvider();
        byte[] bs = System.Text.Encoding.UTF8.GetBytes(input);
        bs = x.ComputeHash(bs);
        System.Text.StringBuilder s = new System.Text.StringBuilder();
        foreach (byte b in bs)
        {
            s.Append(b.ToString("x2").ToLower());
        }
        return s.ToString();
    }
Community
  • 1
  • 1
user3107038
  • 3
  • 3
  • Looked at answer: http://stackoverflow.com/questions/224453/decrypt-php-encrypted-string-in-c-sharp? – eL-Prova Dec 16 '13 at 12:36
  • Seems that that one uses TripleDES, whereas I think I need to use AES. – user3107038 Dec 16 '13 at 13:57
  • In the PHP code, what do your intermediate values $key and $iv look like? – Robert Graves Dec 16 '13 at 15:12
  • Not sure what you mean by intermediate but here is what key and iv value is: Key=cf773b705c51c052eeee100f473a6cd7279f4a56ea0b5af829b899fabcdbc5d5 iv=5f09107e9753cf34 – user3107038 Dec 16 '13 at 16:19
  • Any particular reason why you are only taking 64-bits out of the MD5 sum for your IV? Technically it shouldn't even work since AES-CBC needs an IV with the size of the cipher block (128-bits). Although I don't agree with using MD5 for cryptography, MD5 itself outputs 128-bits of data, your `substr()` function is cutting that in half. Can you elaborate on why you are doing this? – initramfs Dec 16 '13 at 18:25
  • I only tries to mimic the PHP code. I haven't written the PHP code myself, that I got from the other part who is sending the encrypted string to my web service. But is it 64-bits? 16*8=128-bits. – user3107038 Dec 18 '13 at 11:55

0 Answers0