Invoke OpenSSL command via shell_exec() in PHP

Question

When I execute:

openssl_decrypt(
    base64_decode(file_get_contents('/path/to/file')),
    'aes-256-cbc',
    $key,
    OPENSSL_RAW_DATA,
    $iv
);

OpenSSL decrypts my file perfectly. However, when I execute:

shell_exec('openssl enc -aes-256-cbc -base64 -d -A -p -K ' . $key . ' -iv ' . $iv . ' -in /path/to/file -out /path/to/dest');

The destination file is not created.

Does anyone know what could be wrong? My client wants to be able to upload large files up to 2GB, and loading that much data into a PHP variable seems like an exceedingly bad idea.

Edit:

With bin2hex i get a seemingly sane command of:

openssl enc  -aes-256-cbc -base64 -d -A -p -K 64343438343165333635663434663262633036636235656462383238356239303763373365353633 -iv abdd099c7bac8b514089d8c901c8395c -in /usr/www/vault/new/d71fd708181573c5f92c8f500ddcb399/787 -out /tmp/decrypted/57574484b684c

But with pack I get:

openssl enc  -aes-256-cbc -base64 -d -A -p -K M�>VO���[ދ��  �7^6 -iv ⬧⬧⬧⬧⬧⬧⬧ -in /usr/www/vault/new/d71fd708181573c5f92c8f500ddcb399/787 -out /tmp/decrypted57574484b684c

Yes, permissions are correct because the php openssl_decrypt command will decrypt the file perfectly with the same input parameters. — user1119648, Jun 07 '16 at 20:18
This question is not about how to execute shell commands in php, it's about openssl no decrypting files properly. — user1119648, Jun 10 '16 at 14:07

Dennis B. · Answer 1 · 2016-06-07T20:41:06.720

2

Maybe you need to encode your parameters so the shell can actually execute the command:

shell_exec('openssl enc -aes-256-cbc -base64 -d -A -p -K '
 . escapeshellarg($key) . ' -iv ' . escapeshellarg($iv)
 . ' -in /path/to/file -out /path/to/dest');

The same can be true for your file names if they contain e.g. spaces.

Edit: Actually Artjom B. is right: openssl says: -K/-iv key/iv in hex is the next argument. So you need to hex-encode it:

shell_exec('openssl enc -aes-256-cbc -base64 -d -A -p -K '
 . bin2hex($key) . ' -iv ' . bin2hex($iv)
 . ' -in /path/to/file -out /path/to/dest');

edited Jun 07 '16 at 20:41

answered Jun 07 '16 at 20:34

Dennis B.

1,567
1
13
20

Yeah, I've tried hex encoding my key and iv to hex and it still doesn't output anything. I'm going to keep looking at it. – user1119648 Jun 07 '16 at 21:37
bin2hex encodes with "highest nibble first" which is network byte order. You can try to encode it with "lowest nibble first"/little endian, which is the byte order of a normal intel based PC, using pack: ``pack("h*", $key)`` – Dennis B. Jun 07 '16 at 21:42

Invoke OpenSSL command via shell_exec() in PHP

1 Answers1