2

This here is successfully send to the endpoint with encrypted data using aes-256-cbc. The http_status: 200

scenarioId = 123
useCaseId = 1
keyword = "test"
dataDump = "Test"

iv = b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
key = "RPAstudio01"

url = "http://localhost:8080/raven_event/"

header = {'Authorization' : 'Basic UlBBU3R1ZGlvOlJQQXN0dWRpb25vMQ==',
                'Content-Type' : 'application/json',
                'Accept' : 'application/json'
                }

payload = {
                    "useCaseId":useCaseId,
                    "scenarioId": scenarioId,
                    "keyword": keyword,
                    "dataDump": dataDump
                }

json_payload = json.dumps(payload)

encyrption = AESCipher.AESCipherx(key)
x = encyrption.encrypt(json_payload, iv)
print(x)
request = requests.post(url, data=json_payload, headers=header)
print(request.status_code)

This is the encryption code process.

import base64
import hashlib
from Crypto import Random
from Crypto.Cipher import AES

class AESCipherx(object):

def __init__(self, key): 
    self.bs = AES.block_size
    self.key = hashlib.sha256(key.encode()).digest()

def encrypt(self, raw, iv):
    #private_key = hashlib.sha256(private_key.encode("utf-8")).digest()
    raw = self._pad(raw)
    #iv = Random.new().read(AES.block_size)
    cipher = AES.new(self.key, AES.MODE_CBC, iv)
    #return base64.b64encode(cipher.encrypt(raw.encode()))
    print(cipher)
    x = base64.b64encode(iv + cipher.encrypt(raw.encode()))
    print(x)
    return base64.b64encode(cipher.encrypt(raw.encode()))


def _pad(self, s):
        return s + (self.bs - len(s) % self.bs) * chr(self.bs - len(s) % self.bs)

My php code for decrypting the sent data. my problem here is when I decrypt the value is all null:

<?php
function decrypt($encrypted){
    $password = "RPAstudio01";
    $method = 'aes-256-cbc';
    $key = substr(hash('sha256', $password, true), 0, 32);
    $iv = chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0) . chr(0x0);
    $decrypted = openssl_decrypt(base64_decode($encrypted), $method, $key, OPENSSL_RAW_DATA, $iv);

    return $decrypted;
}

This is the result with null values in JSON Format. Can anyone enlighten me why is this happening? Is my IV wrong on the php side? Or is it in python? Or maybe theres something with the code i'm doing wrong? Or missing something?

{
    "useCaseId": null,
    "scenarioId": null,
    "keyword": null,
    "dataDump": null
}
asdjklqwe
  • 31
  • 2
  • The right way to post code is to enclose it in the "Code Sample" view. Please refactor your question by adding the actual source instead of screen shots – It Assistors Jun 11 '20 at 05:45
  • 1
    Does this answer your question? [Encrypt data with python, decrypt in php](https://stackoverflow.com/questions/13051293/encrypt-data-with-python-decrypt-in-php) – Muhaddis Jun 11 '20 at 06:15
  • @Muhaddis this doesn't seem to be my solution :( – asdjklqwe Jun 11 '20 at 07:17
  • The cipher object in Python is _stateful_, i.e. remove the `x=...` / `print(x)` lines. The `_pad` method is missing. If I assume PKCS7 padding, decryption works on my machine. – Topaco Jun 11 '20 at 07:54
  • ohh my bad ill include the _pad method. def _pad(self, s): return s + (self.bs - len(s) % self.bs) * chr(self.bs - len(s) % self.bs) – asdjklqwe Jun 11 '20 at 08:01
  • 1
    @Muhaddis - This is not a useful link. The accepted answer uses `mcrypt`, which is meanwhile [deprecated](https://www.php.net/manual/en/function.mdecrypt-generic.php) (note the date: _Oct 2012_). – Topaco Jun 11 '20 at 08:03

0 Answers0