JSON decrypt in JavaScript encrypt in PHP

Question

I am encrypting with PHP a JSON file like this:

0: {ID: 0, NAME: "London", REGION: "ENGLAND", …}
1: {ID: 1, NAME: "Rome", REGION: "ITALY", …}

And I am using this library crypt in PHP decrypt in JS AES

function cryptoJsAesEncrypt($passphrase, $value){
$salt = openssl_random_pseudo_bytes(8);
$salted = '';
$dx = '';
while (strlen($salted) < 48) {
    $dx = md5($dx.$passphrase.$salt, true);
    $salted .= $dx;
}
$key = substr($salted, 0, 32);
$iv  = substr($salted, 32,16);
$encrypted_data = openssl_encrypt(json_encode($value), 'aes-256-cbc', $key, true, $iv);
$data = array("ct" => base64_encode($encrypted_data), "iv" => bin2hex($iv), "s" => bin2hex($salt));
return json_encode($data);
}

I can easily encrypt in PHP and write to server (writing a JSON file) with a 128bit key like

$key = "TjWnZq4t7w!z%C*F";
$ForecastArray_crypt= cryptoJsAesEncrypt($key, $ForecastArray);
file_put_contents('ukforecastlist_example_crypt.json', $ForecastArray_crypt);

The problem is that when I try to decrypt in JavaScript with the call

var ukforecastlist_decrypt = JSON.parse(CryptoJS.AES.decrypt(myjson.ct, "TjWnZq4t7w!z%C*F", {format: CryptoJSAesJson}).toString(CryptoJS.enc.Utf8));

The console returns:

Uncaught SyntaxError: Unexpected token V in JSON at position 0
at JSON.parse (<anonymous>)
at Object.parse (core_uk.js:33)
at Object._parse (aes.js:30)
at Object.decrypt (aes.js:31)
at Object.decrypt (aes.js:25)
at <anonymous>:1:54

Where V is indeed the first letter of myjson.ct.

What am I doing wrong? I did get the JSON with jQuery and parsed and stored it in myjson variable.

What happens if you call the decrypt function without JSON.parse? Does that work, or result in an error? — user1114, Feb 12 '19 at 23:33
without JSON.parse I seem to get the same error `Uncaught SyntaxError: Unexpected token K in JSON at position 4 at JSON.parse () at Object.parse (core_uk.js:33) at Object._parse (aes.js:30) at Object.decrypt (aes.js:31) at Object.decrypt (aes.js:25) at :1:44 ` but because tonight the "ct" changed to 8480KJN... it is flagging red the first K in position 4...weird — Mat Bravo, Feb 13 '19 at 18:46
the short call `CryptoJS.AES.decrypt(ukforecastlist_crypt.ct, "TjWnZq4t7w!z%C*F")` runs without errors but the JSON comes out with a series of nonsense numbers — Mat Bravo, Feb 13 '19 at 18:52
MD5 has been compromised and is no longer a useful cryptographic hash. Make every effort to avoid using it. — tadman, Feb 13 '19 at 19:51
I am not particularly affectionate to MD5, that 's the only library I could find which I could also understand. If you know a better method (for a beginner like I am) to encrypt a JSON in PHP and decrypt it in JS ...please I 'd be really grateful. So far, that was the only one I could properly implement — Mat Bravo, Feb 14 '19 at 22:04

score 0 · Answer 1 · answered Mar 04 '19 at 22:20

Solved. I am now using this simple PHP class:

https://github.com/henrya/projects/blob/master/JsEncode/jsencode.class.php

I can encode in PHP with:

$json_data = json_encode($myArray);

$d = new jsEncode();

$myArray_enc = $d->encodeString($json_data,$key);

And decode in JS with:

var myArray_decoded = JSON.parse(jsEncode.encode(myArray_enc,key));

JSON decrypt in JavaScript encrypt in PHP

1 Answers1