1
$secretKey = "MYSECRETKEY"; 

$plaintext = 'Plain Text Will Be here';

$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);

$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);  

$ivDecode = base64_encode(mcrypt_create_iv($iv_size, MCRYPT_RAND));

$encrypted = trim(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, 
                            substr(sha1($secretKey), 0, 32),
                             $plaintext, 
                             MCRYPT_MODE_CBC, 
                             $iv), "\0..\32");

$encrypted = $iv . $encrypted;

$ciphertext_base64 = base64_encode($encrypted);

#echo  $ciphertext_base64 . "\n"; 
$decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128,
                             substr(sha1($secretKey), 0, 32),
                             base64_decode($ciphertext_base64),
                             MCRYPT_MODE_CBC,
                             base64_decode($ivDecode)), "\0..\32");

echo $decrypted;

when I run above code I got this output.

»_w>ø9â„6ÅkžPlain Text Will Be here

I can't edit $decrypted string because I can't access it. I just can edit $encrypted only. So how can remove extra special characters(»_w>ø9â„6Åkž) from out put by editing $encrypted string. I want to send encrypted text using JSON to the different server to decrypt it.

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
Vijay
  • 114
  • 2
  • 12

1 Answers1

2

It is not possible to split the iv and encrypted data prior to Base64 decoding, first Base64 decode and then split them.

  1. MCRYPT_RIJNDAEL_128 which is also AES has a block size of 128-bits or 16-bytes. The iv must be that size. Instead of including base64_decode($iv) as a parameter actually create a 16-byte iv. Base64 decoding the iv will not work if it is is not Base64 encoded, it isn't in this case.

  2. The key should be 128, 192 or 256 bits (16, 24 or 32 bytes), exactly the correct size for interoperability, do not rely on padding by the encryption algorithms.

  3. Similarly, for the input to be encrypted and the key prepare it in a separate statement so that debugging is easier.

  4. Do not trim the output, the mcrypt_decrypt is correct. Padding may add an additional block, that is required.

  5. Do not Base64 decode the result of the decryption, the plaintext was not Base64 encoded. – zaph just now edit

"text like this ïÕ[pI¤;Køv" probably occurs when attempting to print data as a string, not all binary bytes have a print representation and many have special characters as their print representation in the 0x80-0xff range.

Here is the concept, not tested, I have not used php in 20 years so fix any errors:

$secretKey = "1234567890123456"; # Note the length is 16-bytes, a full key
$plaintext = 'XXXXXXXXX';
echo  $plaintext . "\n";

# --- ENCRYPTION ---
$key = substr(sha1($secretKey), 0, 32)
$iv = mcrypt_create_iv(16, MCRYPT_RAND);  
$ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, 
                             $key,
                             $plaintext, 
                             MCRYPT_MODE_CBC, 
                             $iv);
# prepend the IV for it to be available for decryption
$ciphertext = $iv . $ciphertext;
$ciphertext_base64 = base64_encode($ciphertext);
echo  $ciphertext_base64 . "\n";

# --- DECRYPTION ---
$key = substr(sha1($secretKey), 0, 32)
$cipher_text_iv = base64_decode($ciphertext_base64)
# split the iv and encrypted text
$iv = substr($cipher_text_iv, 0, 16)
$ciphertext = substr($cipher_text_iv, 16)

$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128,
                             $key,
                             $ciphertext,
                             MCRYPT_MODE_CBC,
                             $iv);
echo $decrypted;
zaph
  • 111,848
  • 21
  • 189
  • 228
  • Zaph.. I am able to remove warning but i am still getting special characters when decrypt. I can only edit encrypt. Decrypt is from 3rd party. Do you have any suggestion here to remove these special character? – Vijay Jan 16 '16 at 20:09
  • You can not split the iv and encrypted data prior to Base64 decoding, first Base64 decode and then split them, as I said, don't do this in the decrypt call, that makes debugging really hard. Combining steps just makes things harder to understand. – zaph Jan 16 '16 at 20:12
  • Also do not Base64 decode the result of the decryption, the plaintext was not Base64 encoded. – zaph Jan 16 '16 at 20:16
  • zaph i don't get you. Can you add example please for encrypt? – Vijay Jan 16 '16 at 20:18
  • I added an example, it may have php errors, I have not used php in 20 years. – zaph Jan 16 '16 at 20:37
  • zaph .. Thanks! Your example worked but i can't edit decrypt string because it will be in 3rd party.I am sending ecrypted value via JSON. Can you just edit encryption string? that would much more help for me. – Vijay Jan 16 '16 at 20:48
  • I don't understand editing either decrypt string or encryption string, please provide an example of what you mean.(http://meta.stackoverflow.com/questions/5234/how-does-accepting-an-answer-work) for more detail. – zaph Jan 16 '16 at 21:02
  • I edited question. please see above. I mean how can i encrypt text so i won't get special character when decrypt by editing only $encrypt string. I can't edit $decrypted string. – Vijay Jan 16 '16 at 21:21
  • You can not edit `$encrypted` and stile able to decrypt it, But `$ciphertext_base64` does not have any special characters, that is the reason for base64 encoding. – zaph Jan 16 '16 at 21:33
  • But when decrypt why it is output extra character like »_w>ø9â„6Åkž. This »_w>ø9â„6ÅkžPlain Text Will Be here <<<<>> should be just>>>><< Plain Text Will Be here. – Vijay Jan 16 '16 at 21:46
  • Zaph! please see how CB decrypt here https://support.clickbank.com/entries/22803622-Instant-Notification-Service. I want to encrypt for it using PHP and post data like that. – Vijay Jan 16 '16 at 22:01
  • I want to encrypt plain text to work for that decrypt string script but i am seeing special extra character when decrypt by using that clickbank script. So i want to write clean encrypt script which accept by that clickbank decrypt script and output clean plain text. :)... So what i mean is i want the plain text encrypted for clickbank decrpytion script which not working with above script. – Vijay Jan 16 '16 at 22:18
  • In the sample from the link `$message` and `$iv` are not concatenated as in you encryption code but separate base64 encoded items in a JSON object. `$encrypted = $iv . $encrypted;` is incorrect for interoperability. – zaph Jan 16 '16 at 22:55
  • Can you please tell what is correct code for encryption? Can you add example please? – Vijay Jan 16 '16 at 23:05
  • If you can add correct interoperability, that would be huge help for me. – Vijay Jan 17 '16 at 00:14