Php Decrypt a String from C# .NET RIJNDAEL 256

Question

Fixed it.

$data = base64_decode(str_replace(' ', '+', $_GET['data']));

for whatever reason, Php was converting the +'s from the GET variablesinto spaces

--

I am trying to decrypt a string that is being decrypted in C#.NET.

The results of the code vary, There were several occasions where the final string had some parts decrypted, and the rest of it was random characters.

Most of the time the "decrypted" string is just all random characters, I also tried some Php functions to remove PKCS7 padding but none of them fixed the problem.

I've looked at several similar questions on the site but none of them were of help.

C#

// called as Response.Redirect(url + encryptParams(param));

private string encryptData(string data)
{
    Rijndael aes = Rijndael.Create();
    aes.KeySize = 256;
    aes.BlockSize = 256;
    aes.Mode = CipherMode.CBC;
    aes.Padding = PaddingMode.PKCS7;
    aes.Key = Convert.FromBase64String("b0dJN2c6cklVUX1qUGlFfGMweXRKbH5fSEMuXjAgfQo=");

    ICryptoTransform crypto = aes.CreateEncryptor(aes.Key, aes.IV);
    byte[] txt = ASCIIEncoding.UTF8.GetBytes(data);          
    byte[] cipherText = crypto.TransformFinalBlock(txt, 0, txt.Length);

    return "&data=" + Convert.ToBase64String(cipherText) + "&iv=" + Convert.ToBase64String(aes.IV);
}

Php:

   $data = base64_decode($_GET['data']);
   $iv = base64_decode($_GET['iv']);

   echo "<br /><b>IV</b>: " . $_GET['iv'] .
       "<br /><b>Encrypted String</b>: <br /><textarea>".$_GET['data']."</textarea>" .
       "<br /><b>key size:</b> " . mcrypt_get_key_size ( MCRYPT_RIJNDAEL_256,  MCRYPT_MODE_CBC) .
       "<br /><b>block size:</b> " . mcrypt_get_block_size ( MCRYPT_RIJNDAEL_256,  MCRYPT_MODE_CBC) .
       "<br /><b>cipher:</b> " . mcrypt_get_cipher_name ( MCRYPT_RIJNDAEL_256 ) .
       "<br /><b>iv size:</b> " .  mcrypt_get_iv_size  ( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC) . "<br />"; 

   echo "Result: " . 
      mcrypt_decrypt
      (
          MCRYPT_RIJNDAEL_256,
          base64_decode("b0dJN2c6cklVUX1qUGlFfGMweXRKbH5fSEMuXjAgfQo="),
          $data,
          MCRYPT_MODE_CBC,
          $iv
       );

Php output:

IV: WzsMlG39tfCGuX2EQM3vq8CoqGA xC0nW jICls8Cno=
key: b0dJN2c6cklVUX1qUGlFfGMweXRKbH5fSEMuXjAgfQo=

Encrypted String: oLxa21fxfQGg0EJ5rwMjEzMblvcaTq0AInDAsD88wAkNeLqOdon0ukLjz49Hpp36KPTKcTGkj1f7EPYPAAbuADnr3Ff0zpptZkx2d22VRbHrMgj QLF9vDxQRT3er3UAXsAfKKTyW8qeSIgrzACFLX3yoro/bzWic rt7ED7y0jZ7a1Hci3GMz/4KhwaftarbV QQWStJlSOqdxAdmtRRe84Vi3085S6um51bNrh5QzGRH PcpucfqaTb3junfO9g67j2JUQaM/Tj1EGnv6oX3wATR/LuWyhnhrCH86u10I=

key size: 32
block size: 32
cipher: Rijndael-256
iv size: 32
Result: /ci��^/�c�g��s��c�(��

Original String (JSON): {"user":"jsmith","firstName":"John","lastName":"Smith","phone":"12223334444.5555","email":"john.smith@domain.com","address":"123 Some Street","address2":"apt 456","city":"Some City","state":"LA","zip":"55555"}

i dont know if this is related but make sure the `$_GET['data'/'iv']` is `utf-8` . `header('Content-Type: text/html; charset=utf-8');` — Lawrence Cherone, May 25 '11 at 21:31
have you seen this question? http://stackoverflow.com/questions/3431950/rijndael-256-encrypt-decrypt-between-c-and-php — DarkSquirrel42, May 25 '11 at 22:03
This is pretty common, PHP automatically urldecode()s all Values in $_GET, $_POST and $_COOKIE (and $_REQUEST D'uh ^^). Instead of trying to get the raw data I used the str_replace, too. — Stephan B, May 26 '11 at 14:39
@Stephan B. it's weird I've been using Php for a few years now and the auto urlencode never seemed to negatively affected me until now. Since I'm new to .NET I was thinking it was something on that end. Also the base64'd url didn't always have spaces so sometimes it would work. I also had to str_replace the IV. — ActionOwl, May 26 '11 at 20:11
Please add your fix with `str_replace` as answer and mark it as accepted. — ZoolWay, May 27 '11 at 11:59
I know your problem is "fixed", but there may still be an edge case that fails. You should use `urlencode` instead of `str_replace`. You might be ignoring some bad characters with `str_replace`. — Zach Rattner, May 29 '11 at 21:54

score 2 · Accepted Answer · edited May 12 '14 at 14:27

2

Fixed it by using the following code.

$data = base64_decode(str_replace(' ', '+', $_GET['data']));

For whatever reason, PHP was converting the +'s from the GET variablesinto spaces.

edited May 12 '14 at 14:27

Perry

11,172
2
27
37

answered Jun 08 '11 at 19:31

ActionOwl

1,473
2
15
20

Php Decrypt a String from C# .NET RIJNDAEL 256

1 Answers1

Linked