2

I'm doing some encrypt in a API, and I have some problem with AES encrypt using CryptoJS and openssl_decrypt in PHP.

JS

        var key = "B-LOGIN",
            iv = "c5b8cfc6992807e2c78a8cda6193bca1",
            json = JSON.stringify({email : "example@example.com", password: "123456", "domainUrl" : "http://www.example.com/"}),
            enc = CryptoJS.AES.encrypt(
                JSON.stringify({email : "example@example.com", password: "123456", "domainUrl" : "http://www.example.com/"}), 
                CryptoJS.enc.Utf8.parse(key), 
                { iv: CryptoJS.enc.Utf8.parse(iv.substring(0, 16)) }
            );

console.log( enc.ciphertext.toString() ); // b53284ed65e1810b7250e2760d10f3be2b31e188f356dd36da5e906c59bea877b2cd322cfb1228035c4a06920e2504657beaa2440c94f5ff7dd6485be7b7bbd82d5e91f22d64c98322a47b0413d4b724b0e2cbf2314472b6f72b4e19a5e44052

PHP

For decrypt in php I have the following code, and It gaves me a false in $rawText. 

$iv = "c5b8cfc6992807e2";
$str = "b53284ed65e1810b7250e2760d10f3be2b31e188f356dd36da5e906c59bea877b2cd322cfb1228035c4a06920e2504657beaa2440c94f5ff7dd6485be7b7bbd82d5e91f22d64c98322a47b0413d4b724b0e2cbf2314472b6f72b4e19a5e44052";
$rawText = openssl_decrypt( $str,'aes-128-cbc' , 'B-LOGIN', 0, (strlen($iv) > 16 ? substr($iv, 0 ,16) : $iv) ); // close

I think CryptoJS it gives the response in Hex format.

Thanks in advance.

Ismael Moral
  • 722
  • 1
  • 9
  • 35
  • 1
    I thing you are little confusded with `key` and `passphrase ` concepts. Passphrase can be a string but the key must be binary (or converted in a hexadecimal string) so the key cannot be `B-LOGIN`. take a look at an old answer from me here: https://stackoverflow.com/a/43438494/2951051 – MTK Dec 11 '18 at 12:37
  • 1
    PHP's openssl doesn't accept hex-encoded data, only base64-encoded or raw bytes. Also, if the key is shorter than the key size specified in the algorithm (aes-128-cbc), it is padded with zero bytes. I don't know how crypto-js handles keys, but anyway it would be best to use a proper key instead of a password. – t.m.adam Dec 11 '18 at 12:52

0 Answers0