-3

The function will receive a file uploaded, and will encrypt this one to save in the server, i'm think about using openssl_encrypt.

The encryption type will be AES256.

After when a web-service is requested will return a base 64 encrypted document to be decrypted in the JS side using the crypto-js.

For know, my question is how can i do the encryption process using openssl_encrypt php function?

Encrypt process:

  1. fopen
  2. encrypt
  3. encode base64
  4. fwrite
  5. fclose

Decrypt process:

  1. Decode base 64
  2. Decrypt
  3. Open the pdf document

The processes above, is the idea i have in mind, please correct me if i'm wrong or there is a mistake.

Phase 1:

PHP Code:

After handling the file:

$encryptionMethod = "AES-256-CBC";
$secret = "1234567890@@@@@@@@@@123456789012";  //must be 32 char length
$iv = substr($secret, 0, 16);
$encryptedMessage = openssl_encrypt($textToEncrypt, $encryptionMethod, $secret,0,$iv);

On jquery to decrypt doesn't work:

var ckey = "1234567890@@@@@@@@@@123456789012";
var decrypted = CryptoJS.AES.decrypt(data.content, ckey, { iv: "1234567890@@@@@@" });

The pdf is generated again but i'm not able to open, shows an error message "Acrobat cannot open the file"..

Why am i getting this?

Bruno
  • 131
  • 3
  • 17
  • Well, the question has already a vote down, but nobody said why! It's weird! – Bruno Nov 03 '15 at 14:22
  • 2
    It's probably been downvoted because you haven't shown anything that you've attempted. So far you've done some research (which is clear), but you haven't actually tried it. Try first, then ask a question if you have a specific problem. – samlev Nov 03 '15 at 14:30
  • My question for know, is if is possible to do AES256 encryption with openssl function and decrypt with cryptojs? – Bruno Nov 03 '15 at 14:32
  • 1
    If they both support AES256, then yes, it's possible (although there's also differences like picking an appropriate cipher, and sharing the key). Effectively, you may be making the system insecure by sharing the key to decrypt the file with the user in javascript, but I don't know your use case. – samlev Nov 03 '15 at 14:35
  • The point here is, i want to upload a file(PDF) and encrypt this one! After another system will request a WS where will return the file to be decrypted in JS! So, you advice for this case is to use appropriate cipher? Tks – Bruno Nov 03 '15 at 14:37
  • 1
    Yes, you can encrypt in one and decrypt in the other as seen by this [list](http://stackoverflow.com/search?q=[php]+[cryptojs]+openssl_encrypt). Keep in mind that you need to have TLS enabled for this to be remotely secure: [Javascript Cryptography Considered Harmful](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/) – Artjom B. Nov 03 '15 at 15:10
  • Some potentially useful code in this answer: http://stackoverflow.com/questions/32507094/issue-encrypting-with-php-openssl-encrypt-then-decrypting-with-js-cryptojs/32517413#32517413 – JamesG Nov 04 '15 at 02:33
  • Does this answer your question? [AES encryption in php and then decryption with Javascript (cryptojs)](https://stackoverflow.com/questions/11797238/aes-encryption-in-php-and-then-decryption-with-javascript-cryptojs) – Tomerikoo Sep 06 '21 at 14:08

1 Answers1

0

Encrypt/Decrypt working!

PHP SIDE TO ENCRYPT

$encryptionMethod = "AES-256-CBC";
$secret = "1234567890@@@@@@@@@@123456789012";  //must be 32 char length
$iv = substr($secret, 0, 16);
$encryptedMessage = openssl_encrypt($textToEncrypt, $encryptionMethod, $secret,0,$iv);`

CRYPTOJS TO DECRYPT

var cipherParams = CryptoJS.lib.CipherParams.create({ciphertext: CryptoJS.enc.Hex.parse(data.toString())});
var decrypted = CryptoJS.AES.decrypt(cipherParams, CryptoJS.enc.Hex.parse(key), { iv: CryptoJS.enc.Hex.parse(iv) });
window.open("data:application/pdf;base64, " + btoa(decrypted.toString(CryptoJS.enc.Utf8)));
Bruno
  • 131
  • 3
  • 17
  • well! I added the solution to the problem i was asking for, and i got a vote down in my question!! unbelievable how there is people here just to vote and don't even check the whole post! – Bruno Nov 10 '15 at 11:04
  • 2
    This is not very intuitive. What are the "data", "key" and "iv" variables you use in the JavaScript? Please explain. – Nick D Jun 14 '17 at 17:45