0

I want to access an API with PHP. The specifications are:

  • Twofish algorithm
  • ECB cipher mode
  • PKCS7 block padding mode

I have tried a lot of different PHP functions and libraries, but none seems to work.

Here is my code:

function encrypt($data, $key)
{
  // Pad for PKCS7
  $blockSize = mcrypt_get_block_size(MCRYPT_TWOFISH, MCRYPT_MODE_ECB);
  $len = strlen($data);
  $pad = $blockSize - ($len % $blockSize);
  $data .= str_repeat(chr($pad), $pad);

  $encryptedData = mcrypt_encrypt( MCRYPT_TWOFISH, $key, $data, MCRYPT_MODE_ECB);

  return $encryptedData;
}

Do you see a problem with this code?

malisokan
  • 5,362
  • 2
  • 20
  • 19
  • 2
    No. What is it doing that it shouldn't? What isn't it doing that it should? And now for the standard: 1. Mcrypt is deprecated and unmaintained, use OpenSSL. 2. ECB is the opposite of secure. – Sammitch Sep 17 '18 at 22:57
  • Sadly OpenSSL does not support the Twofish algorithm. Yeah I know that these encryption methods are not secure. However I don't care, because I can not change the API and the encrypted data is tunneled through SSL. – malisokan Sep 19 '18 at 20:20

1 Answers1

0

mcrypt_encrypt does not support PKCS7 padding. It has also been deprecated for a significant period of time.

If the API you want to talk to is using Twofish and ECB mode then you probably don't want to use that API at all - if they're happy to whack an incredibly insecure encryption scheme together for the front-facing API then the rest of their codebase is probably pretty shammy too.

Luke Joshua Park
  • 9,527
  • 5
  • 27
  • 44
  • Yeah I know that these encryption methods are not secure or at least not the yellow of the egg. However I don't care, because I can not change the API and the encrypted data is tunneled through SSL. – malisokan Sep 19 '18 at 20:28
  • IIRC all you really need to do to shoehorn in PKCS7 is NULL-pad the input data to be a multiple of the block size, and make allowances for the padding after decryption. – Sammitch Sep 19 '18 at 23:10