1

I've been asked at work to implement a request for a simple web service with the following instructions:

AES encryption:
Type: ECB
Size: 128bits
Padding Mode: PKCS7
key: 9b6018215942b2e1da3797d3394779bf

In the docs (just a given example) they say that for the string:

2874838-49

The encryption process must generate:

BEE361962A1802A7BA2AD328DAE8B291

I've been searching a lot for something like this, but none of the solutions (like here, here here, etc...) given helped me achieving the example result given.

This was the last thing I tried now:

function aes128Encrypt($data, $key) {
  $padding = 32 - (strlen($data) % 32);
  $data .= str_repeat(chr($padding), $padding);
  return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_ECB));
}
$data = "2874838-49";
$key = "9b6018215942b2e1da3797d3394779bf";    
echo aes128Encrypt($data, $key); // UdP7dXSTp6b5I986PLL8Gs3qH3rMj0SpQ0te4pP7M44=
Hula Hula
  • 553
  • 8
  • 20
  • Be aware that ECB mode is insecure for many uses. You might want to check that ECB mode is really required, as opposed to CBC, GCM, CTR or some other mode. – rossum Aug 01 '18 at 11:57
  • @rossum I know, but it's required, not up to me tbh. – Hula Hula Aug 01 '18 at 12:26
  • 1
    Why... do you include the key here. I hope you spoofed the key with a false one... and for testing I'd sugest you drop the `base64_encode` part and possibly replace it with `bin2hex` – Tschallacka Aug 01 '18 at 12:37
  • @Tschallacka, actualy it's the real one, but what are you going/can do with that? without knowing the service that I'm talking about... But on the other subject you were right, I replaced `base64_encode` with `bin2hex` and it worked. You are welcome to anwser this below and I will accept it when/if you do – Hula Hula Aug 01 '18 at 12:44
  • @HulaHula are you sure `BEE361962A1802A7BA2AD328DAE8B291` is a correct output? – Tejashwi Kalp Taru Aug 01 '18 at 12:55
  • @TejashwiKalpTaru yep, just tested, it's a valid response from the service. Thank you, post the answer please – Hula Hula Aug 01 '18 at 12:57
  • @HulaHula I'd suggest strongly that you contact SO that they purge the key from the database and replace it with asterisks or a dummy key. If your service provider performs an audit and finds it here that might spell trouble in the future. – Tschallacka Aug 01 '18 at 12:59
  • 1
    @Tschallacka, don't worry that's nothing to do with service provider or something like that, it's just a simple web service, but I need it to return a valid response (just a 'true') based on the example I gave – Hula Hula Aug 01 '18 at 13:24

1 Answers1

1

The encoding algorithm returns a stream of bytes back to you of encoded data.

The sample you have doens't provide a base64 encoded variant of the data but a hexadecimal representation.

In your case, just swap out the base64_encode for bin2hex and the answer should match up.

function aes128Encrypt($data, $key) {
  $padding = 32 - (strlen($data) % 32);
  $data .= str_repeat(chr($padding), $padding);
  return bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_ECB));
}
$data = "2874838-49";
$key = "keyshouldbeplacedhere";    
echo aes128Encrypt($data, $key);
Tschallacka
  • 27,901
  • 14
  • 88
  • 133