2

I'm encrypting the data in ECB 256 AES using a key in the javascript and decrypting at php using the username and key. It is encrypting but i'm failing to decrypt in the php.

I'm trying to do this in ionic app.

In app.js in config:

.config(['$cryptoProvider', function($cryptoProvider){
$cryptoProvider.setCryptographyKey('ABCD1234567890EF');

}])

In controller:

var encryptedUsername = $crypto.encrypt(username);
var key = 'ABCD1234567890EF';

In php:

$username = $_POST['encryptedUsername'];
$key =$_POST['key'];

function fnDecrypt($sValue, $sSecretKey)
{
return rtrim(
    mcrypt_decrypt(
        MCRYPT_RIJNDAEL_256, 
        $sSecretKey, 
        base64_decode($sValue), 
        MCRYPT_MODE_ECB
    ), "\0"
);
}

$plaintext = fnDecrypt($username, $key);
echo $plaintext;

please tell me where I'm making a mistake.

dpk12
  • 95
  • 2
  • 16
  • 1
    Note that `MCRYPT_RIJNDAEL_256` is not AES anymore. The 256 is the block size in this case and has nothing to do with the key size of AES-256. CryptoJS uses CBC mode by default and not ECB mode. – Artjom B. Jun 29 '16 at 15:19
  • I don't know that thanks @ArtjomB. can you please tell me if there is any way to work with only key and string to decrypt in php? because while encrypting i have only used string and key. – dpk12 Jun 29 '16 at 15:23
  • 1
    I've edited my answer in the linked question. Now it includes proper parsing of the ciphertext. – Artjom B. Jun 29 '16 at 15:36
  • @ArtjomB. Thanks.. I checked your answer but its giving me evpKDF as undefined. I'm also confused between $ciphertext and $password. Please tell me which one is string and which one is key? – dpk12 Jun 29 '16 at 18:01
  • 1
    `evpKDF` is defined in the first part of my answer. `$password` is supposed to be the password, which is the same thing that you set with `$cryptoProvider.setCryptographyKey`. The naming here is misleading, because this is not an actual key. That is why I named it `$password` – Artjom B. Jun 29 '16 at 18:37
  • @ArtjomB. Please check this https://github.com/middleout/angular-cryptography... I have followed this for the encryption... In this they have not used any IV or salt or padding. So I'm trying to do the decryption part in php but not getting that... please tell me how to solve this problem. As i don't what know the blocksize or padding what they have used in it – dpk12 Jun 30 '16 at 08:31
  • IV and salt are randomly generated by CryptoJS. The salt is stored in front of the ciphertext, which needs to be parsed. I've edited my answer to include that parsing, so I don't understand what the issue is. All the code is there. – Artjom B. Jun 30 '16 at 15:40
  • �5��e���p���� this is the $decryptPassword i got... @ArtjomB. input i gave it as "es" – dpk12 Jul 01 '16 at 11:00
  • Can you give an example ciphertext and the accompanying "key" that you use in Angular? – Artjom B. Jul 01 '16 at 16:28
  • @ArtjomB. The string that i'm encrypting is "es" and the key i'm using to encrypt is "ABCD1234".... the encrypted value is "U2FsdGVkX1/I+kQLVKwyexQ3zKYm0AZSyDdoRCuf+/A=" and the decrypted value I got is "�P�/���_�x7:" – dpk12 Jul 04 '16 at 06:17
  • @ArtjomB. thanks! Its working now... the problem was $salt = substr($ciphertext, 8, 16);.... it should have been this $salt = substr($ciphertext, 8, 8); Thanks alot! – dpk12 Jul 04 '16 at 13:26
  • Sorry about that. It's a common bug, because there is a 50-50 split between APIs that use length and APIs that use a "to-index (exclusive)". – Artjom B. Jul 05 '16 at 17:44

0 Answers0