1

I am trying to convert a AES Encryption function from JavaScript CryptoJS into PHP script for scrapping a website login with PHP.

/**
data.v1 is 8 bit dynamic string like '7B34F0C6' from the server 
and data.v2 is 16 bit dynamic string like '7lGmxLNfmQ85vfl3' from the server 
*/
    var password = $('input#password').val();
    var passwordMd5 = CryptoJS.MD5(password);
    var passwordKey = CryptoJS.SHA256(CryptoJS.SHA256(passwordMd5 + data.v1) + data.v2);
    var encryptedPassword = CryptoJS.AES.encrypt(passwordMd5, passwordKey, {mode: CryptoJS.mode.ECB,padding: CryptoJS.pad.NoPadding});
    encryptedPassword = CryptoJS.enc.Base64.parse(encryptedPassword.toString()).toString(CryptoJS.enc.Hex);

I need to get this encryptedPassword with PHP.

I've looked a library mentioned on this question Encrypt with PHP, Decrypt with Javascript (cryptojs) but there is a difference with mode ECB and CBC. could you help me explain this code and what is the equivalent with PHP or which library i should use to convert this javacript code to PHP ?

Community
  • 1
  • 1
Andre Hehanusa
  • 11
  • 2
  • PHP provides everything you need to do this either through mcrypt or openssl. – Artjom B. Sep 14 '16 at 05:12
  • **Never use [ECB mode](http://crypto.stackexchange.com/q/14487/13022)**. It's deterministic and therefore not semantically secure. You should at the very least use a randomized mode like [CBC](http://crypto.stackexchange.com/q/22260/13022) or [CTR](http://crypto.stackexchange.com/a/2378/13022). It is better to authenticate your ciphertexts so that attacks like a [padding oracle attack](http://crypto.stackexchange.com/q/18185/13022) are not possible. This can be done with authenticated modes like GCM or EAX, or with an [encrypt-then-MAC](http://crypto.stackexchange.com/q/202/13022) scheme. – Artjom B. Sep 14 '16 at 17:09
  • @ArtjomB. the JS version is not my script. I want to scrape a website login and execute it with PHP so I need to convert this JS to PHP. – Andre Hehanusa Sep 15 '16 at 02:05

0 Answers0