0

I'm using php AES openssl encrypt/decrypt methods answered here but sending encrypted data as URL param and decrypting it is not working.

  • secret is the same in both php files
  • crypto data is the same (AFAIK) in both files

Encryption/decryption example that works:

$crypted = cryptoJsAesEncrypt($secret, "test");
$decrypted = cryptoJsAesDecrypt($secret, $crypted);
var_dump($decrypted); // returns "test"

URL encoding functions used in example below

function base64_url_encode($input) {
    return strtr(base64_encode($input), '+/=', '-_,');
}

function base64_url_decode($input) {
    return base64_decode(strtr($input, '-_,', '+/='));
}

php_from.php (url params crypted here):

// params to encrypt
$params = array(
  'key' => 'value'
);

// encrypt data
$crypto = cryptoJsAesEncrypt($secret, json_encode($params));

// var_dump($crypto); -> {"ct":"vt5RZUmrZkCk2RCiC4euiM0onSHgXa6rwSJQ33ygeXdJmEN2X8bcUMn\/ldXR8y5K","iv":"eac142cb44f6a585e801a25ae353b45e","s":"176ac0f4a9519361"}

// base64 encode crypto data for sending as URL param
$crypto = base64_url_encode($crypto);

// here is the code for calling php_to.php (using curl) and sending crypto parameter

// url path
$url = "http://path_to_php_to.php";

// apend url with param
$url = $url . "?crypto=" . $crypto;

// open connection
$ch = curl_init();

// set the url, number of POST vars, POST data
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, count($params));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

// execute post
$result = (curl_exec($ch));

// close connection
curl_close($ch);

php_to.php (URL params decrypted here):

// get crypted data param
$crypto = isset($_GET['crypto']) ? $_GET['crypto'] : NULL;

// base64 url decode crypto param
$crypto = base64_url_decode($crypto);

// var_dump($crypto); -> {"ct":"vt5RZUmrZkCk2RCiC4euiM0onSHgXa6rwSJQ33ygeXdJmEN2X8bcUMn\/ldXR8y5K","iv":"eac142cb44f6a585e801a25ae353b45e","s":"176ac0f4a9519361"}

// ** dumped crypto param is the same as the one sent **

// decrypt data
$crypto = cryptoJsAesDecrypt($secret, $crypto);

// var_dump($crypto); -> returns null
Community
  • 1
  • 1
NavCore
  • 1,115
  • 3
  • 10
  • 25
  • Might be a URL too long? – Matteo Tassinari Mar 01 '17 at 19:59
  • But decoded $_GET['crypto'] returns the same value as the sent one. If the param was too long it will not be available or value will not be the same. – NavCore Mar 01 '17 at 20:05
  • 1
    in php_to.php is $secret available ? – bxN5 Mar 01 '17 at 20:30
  • Yes, it is available and it is the same as in php_from.php. – NavCore Mar 01 '17 at 20:31
  • I finally manage to solve this. It is my bad, because I didn't included my config file properly and my $secret variable was undefined so in the php_from.php was wrong password. Another thing that I needed to fix then is decrypted code format. $crypto = cryptoJsAesDecrypt($secret, $crypto); returns a string variable and I needed an array, so here is an ugly way to do that: $crypto = json_decode(json_encode(json_decode(cryptoJsAesDecrypt($crypto, $secret))), true); Thanks everyone! – NavCore Mar 01 '17 at 23:33

0 Answers0