0

I found the following method on the Internet which I use to decrypt.

public static string DecryptString(string cipherText, string passPhrase, string initVector)
    {
        byte[] initVectorBytes = Encoding.UTF8.GetBytes(initVector);
        byte[] cipherTextBytes = Convert.FromBase64String(cipherText);
        PasswordDeriveBytes password = new PasswordDeriveBytes(passPhrase, null);
        byte[] keyBytes = password.GetBytes(keysize / 8);
        RijndaelManaged symmetricKey = new RijndaelManaged();
        symmetricKey.Mode = CipherMode.CBC;
        symmetricKey.Padding = PaddingMode.PKCS7;
        ICryptoTransform decryptor = symmetricKey.CreateDecryptor(keyBytes, initVectorBytes);
        MemoryStream memoryStream = new MemoryStream(cipherTextBytes);
        CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
        byte[] plainTextBytes = new byte[cipherTextBytes.Length];
        int decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
        memoryStream.Close();
        cryptoStream.Close();
        return Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount);
    }

So, this method gets an encrypted text, a password and an IV (in form of a 16 characters long string). For example: Password: test IV: hCIoZVI5lrtCgdNo Encrypted Message: SeQUquUrE8W3rUqvYQe6oA==

With the above mentioned method I can successfully decrypt the message (the result should be "test").

Now I tried to use openssl_decrypt() in PHP in order to also be able to decrypt encrypted messages in PHP. But this does not work. I used this:

$encrypted = "SeQUquUrE8W3rUqvYQe6oA==";
$password = "test";
$iv = "hCIoZVI5lrtCgdNo";
echo openssl_decrypt($encrypted, 'aes-256-cbc', $password, 0, $iv);

But this does not work? Can you help me? Thank you!

IlGranPiccolo
  • 1
  • I would start with research of what mechanism is used behind `openssl_decrypt`. I wouldn't be surprised if this is completely different from Rijndael – T.S. Mar 18 '20 at 17:39
  • Thank you for your answer. In one forum I read that Rijndael with a 256bit key is basically AES256. As the keysize in the encryption method is 256 I thought it's AES256. According to some other forum the deprecated mcrypt function is replaced by openssl_decrypt which should also decrypt AES256 - at least that's what I thought. But I am no expert on that kind of stuff. – IlGranPiccolo Mar 18 '20 at 17:51
  • https://stackoverflow.com/questions/748622/differences-between-rijndael-and-aes – T.S. Mar 18 '20 at 18:01
  • Ok, I see, thank you. Then the question remains: Any idea how I can transfer the C# code to PHP, so that I can decrypt messages encrypted with the C# program also in PHP – IlGranPiccolo Mar 18 '20 at 18:08
  • PasswordDeriveBytes is a key derivation function, and you've not implemented that at all in the PHP code: https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.passwordderivebytes?view=netframework-4.8 – Sammitch Mar 18 '20 at 19:30
  • I would say you're better off using the cryptographic functionality built for PHP rather than trying to roll your own, even if working off of .NET source. There are many subtleties and things that can go wrong that will leave your code open to exploitation. My mantra is always defer to experts when it comes to cryptography. – Heretic Monkey Mar 18 '20 at 19:45

0 Answers0