1

I am working on creating an PHP String decrypter for a program that is written in VB.Net. I have done some research on .NET to PHP Encryption and Decryption and I can't seem to find a definitive solution.

I am new to PHP and my strong suit is not in Cryptography. It seems like their is a lot of different encryption classes.(mcrypt, Openssl and Sodium)

Here is the Code that I was given for the VB.Net Application.

Public Shared Function DecryptString(ByVal cipherTextStringWithSaltAndIv As String, ByVal passPhrase As String) As String

    Dim cipherTextBytesWithSaltAndIv = Convert.FromBase64String(cipherTextStringWithSaltAndIv)
    Dim saltStringBytes = cipherTextBytesWithSaltAndIv.Take(Keysize / 8).ToArray()
    Dim ivStringBytes = cipherTextBytesWithSaltAndIv.Skip(Keysize / 8).Take(Keysize / 8).ToArray()
    Dim cipherTextBytes = cipherTextBytesWithSaltAndIv.Skip((Keysize / 8) * 2).Take(cipherTextBytesWithSaltAndIv.Length - ((Keysize / 8) * 2)).ToArray()

    Dim key As New Rfc2898DeriveBytes(passPhrase, saltStringBytes, 1000)
    Dim keyBytes = key.GetBytes(Keysize / 8)

    Using symmetricKey As New RijndaelManaged()
        symmetricKey.BlockSize = 256
        symmetricKey.Mode = CipherMode.CBC
        symmetricKey.Padding = PaddingMode.ISO10126

        Using decryptor = symmetricKey.CreateDecryptor(keyBytes, ivStringBytes)
            Using memoryStream As New MemoryStream(cipherTextBytes)
                Using cryptoStream As New CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read)
                    Dim plainTextBytes As Byte() = New Byte(cipherTextBytes.Length - 1) {}
                    Dim decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length)

                    memoryStream.Close()
                    cryptoStream.Close()

                    Return Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount)
                End Using
            End Using
        End Using
    End Using
End Function

This is the function that I am unable to replicate in PHP.

So what I am looking for specifically.

  1. Which Class/Extension? should I be using to receive an encrypted string and decrypt it to get the same results as this VB.Net function.
  2. If you have any examples of how to solve this issue or any links to articles that would help me understand this issue further I would be very grateful.

Thanks.

Jimi
  • 29,621
  • 8
  • 43
  • 61
nullfrog
  • 13
  • 2
  • 1
    ".NET to PHP Encryption and Decryption"...this is not really a meaningful phrase. The languages used at either end to control the process should really not be particularly relevant. The important thing is to use the same encryption scheme on both sides to read/write the data. As long as the libraries used to implement the encryption are correct and compliant, then you can choose which you want to use, and then go for it. The choice of scheme is up to you and your business requirements / constraints. – ADyson Apr 17 '18 at 14:08
  • You can use `mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $string_to_decrypt, MCRYPT_MODE_CBC, $iv);`. There are examples here: http://php.net/manual/en/function.mcrypt-decrypt.php – Chase Rocker Apr 17 '18 at 18:52
  • Split your data in three parts - salt, iv and ciphertex. Use [`hash_pbkdf2`](http://php.net/manual/en/function.hash-pbkdf2.php) with your passphrase, salt, and 1000 iterations for the key. For the decryption you'll have to use [`mcrypt_decrypt`](http://php.net/manual/en/function.mcrypt-decrypt.php) as mentioned in the comment above, because `openssl_decrypt` doesn't support 256 bit blocks. Good luck! – t.m.adam Apr 17 '18 at 19:02

1 Answers1

0

You can use (as you already said) Sodium!

Sodium for .NET

Also you should check out how does the Public-key authenticated encryption works. This is what you need. This system provides mutual authentication. However, a typical use case is to secure communications between a server, whose public key is known in advance, and clients connecting anonymously.

The code is written in C# but is it not a big deal to translate it. Die lib itself works without problems in vb.net

EDIT: I translated the example for you:

Private Sub GetStarted()
    Const MESSAGE As String = "hello bob"
    Dim vbnet As Sodium.KeyPair = Sodium.PublicKeyBox.GenerateKeyPair()
    Dim php As Sodium.KeyPair = Sodium.PublicKeyBox.GenerateKeyPair()
    Dim nonce As Byte() = Sodium.PublicKeyBox.GenerateNonce()
    'vbnet encrypts A message for php
    Dim encrypted As Byte() = Sodium.PublicKeyBox.Create(MESSAGE, nonce, vbnet.PrivateKey, php.PublicKey)
    'php decrypt the message
    Dim decrypted As Byte() = Sodium.PublicKeyBox.Open(encrypted, nonce, php.PrivateKey, vbnet.PublicKey)
    'make the bytes readable
    Dim msg As String = System.Convert.ToBase64String(decrypted)
    decrypted = Convert.FromBase64String(msg)
    msg = System.Text.Encoding.UTF8.GetString(decrypted)
    MsgBox(msg)
End Sub

For php you should check the PHP String Encryption Example with Libsodium in this answer.

Jimi
  • 29,621
  • 8
  • 43
  • 61
Marco Sadowski
  • 436
  • 9
  • 19