1

(Please note that the function I reference from the provided answer didn't work so I want to modify it to make it work or please provide a suitable solution to AES encryption in VueJS and decryption in PHP (or Laravel))

I have a password will be sent to Laravel API so I managed to encrypt and base64 it then send it to Laravel API. Here's the original encryption

enter image description here

And here's the encryption and encoding

 var encryptedPassword = CryptoJS.AES.encrypt("123456", "Secret Passphrase");
 const replacerFunc = () => {
 const visited = new WeakSet();
 return (key, value) => {
   if (typeof value === "object" && value !== null) {
     if (visited.has(value)) {
      return;
     }
     visited.add(value);
   }
   return value;
 };
};
let jsonString = JSON.stringify(encryptedPassword, replacerFunc());
let bs46encoded = btoa(unescape(encodeURIComponent(JSON.stringify(jsonString, replacerFunc()))))

I get this result

IntcIiRzdXBlclwiOntcIiRzdXBlclwiOnt9fSxcImNpcGhlcnRleHRcIjp7XCJ3b3Jkc1wiOlsxODQ4NTYxMTAzLDE1MjkyNDgyMTUsLTEwODg3MTk1MDEsLTEyNjAyOTYzNjJdLFwic2lnQnl0ZXNcIjoxNn0sXCJrZXlcIjp7XCIkc3VwZXJcIjp7fSxcIndvcmRzXCI6Wy0yODA5NjkxMjcsNzAzNjYxOTM0LDE1Mjg5OTYxNDEsLTEwOTU5OTQ2MDYsLTY4OTMyOTM1NiwtNDQ1MDc3MjE3LC0yMDM4MDY1MTUxLC0xNzI0MjIzMzE4LC0xNTk1Nzk5MDI5LDgxOTY1NjMwMSwtMTQzNTIxMDg2NCwxODkwMDcyNTc5XSxcInNpZ0J5dGVzXCI6MzJ9LFwiaXZcIjp7XCJ3b3Jkc1wiOlstMTU5NTc5OTAyOSw4MTk2NTYzMDEsLTE0MzUyMTA4NjQsMTg5MDA3MjU3OV0sXCJzaWdCeXRlc1wiOjE2fSxcImFsZ29yaXRobVwiOntcImtleVNpemVcIjo4LFwiJHN1cGVyXCI6e1wiY2ZnXCI6e1wibW9kZVwiOntcIiRzdXBlclwiOnt9LFwiRW5jcnlwdG9yXCI6e30sXCJEZWNyeXB0b3JcIjp7fX0sXCJwYWRkaW5nXCI6e30sXCIkc3VwZXJcIjp7fX0sXCJibG9ja1NpemVcIjo0LFwiJHN1cGVyXCI6e1wia2V5U2l6ZVwiOjQsXCJpdlNpemVcIjo0LFwiX0VOQ19YRk9STV9NT0RFXCI6MSxcIl9ERUNfWEZPUk1fTU9ERVwiOjIsXCIkc3VwZXJcIjp7XCJfbWluQnVmZmVyU2l6ZVwiOjB9fX19LFwiYmxvY2tTaXplXCI6NCxcImZvcm1hdHRlclwiOnt9LFwic2FsdFwiOntcIndvcmRzXCI6WzE5NDk1NjcxNjIsMjExODc0MjAyOF0sXCJzaWdCeXRlc1wiOjh9fSI=

In laravel

$objString = base64_decode($ecodedString);

And I get

"{\"$super\":{\"$super\":{}},\"ciphertext\":{\"words\":[-1208966431,415513002,-380428285,-1848403568],\"sigBytes\":16},\
"key\":{\"$super\":{},\"words\":[1997420112,-1528658502,-601329304,170123410,85401029,1271916135,-1899682466,856024313,-1926693888,505524620,1922976396,79922502],\"sigBytes\":32},
\"iv\":{\"words\":[-1926693888,505524620,1922976396,79922502],\"sigBytes\":16},\"algorithm\":{\"keySize\":8,\"$super\":{\"cfg\":{\"mode\":{\"$super\":{},\"Encryptor\":{},\"Decryptor\":{}},\"padding\":{},\"$super\":{}},\"blockSize\":4,\"$super\":{\"keySize\":4,\"ivSize\":4,\"_ENC_XFORM_MODE\":1,\"_DEC_XFORM_MODE\":2,\"$super\":{\"_minBufferSize\":0}}}},\"blockSize\":4,\"formatter\":{},
\"salt\":{\"words\":[3335652791,3193595722],\"sigBytes\":8}}"

Then

$this->cryptoJsAesDecrypt("Secret Passphrase", $objString);

public function cryptoJsAesDecrypt($passphrase, $jsonString){
    $jsondata = json_decode($jsonString, true);
    Log::alert("jsondata");
    Log::alert($jsondata);
    $salt = hex2bin($jsondata["salt"]);
    $ct = base64_decode($jsondata["ct"]);
    $iv  = hex2bin($jsondata["iv"]);
    $concatedPassphrase = $passphrase.$salt;
    $md5 = array();
    $md5[0] = md5($concatedPassphrase, true);
    $result = $md5[0];
    for ($i = 1; $i < 3; $i++) {
        $md5[$i] = md5($md5[$i - 1].$concatedPassphrase, true);
        $result .= $md5[$i];
    }
    $key = substr($result, 0, 32);
    $data = openssl_decrypt($ct, 'aes-256-cbc', $key, true, $iv);
    Log::alert("data");
    Log::alert($data);
    return $data;
}

$jsondata returns

{"$super":{"$super":{}},"ciphertext":{"words":[-1208966431,415513002,-380428285,-1848403568],"sigBytes":16},
"key":{"$super":{},"words":[1997420112,-1528658502,-601329304,170123410,85401029,1271916135,-1899682466,856024313,-1926693888,505524620,1922976396,79922502],"sigBytes":32},
"iv":{"words":[-1926693888,505524620,1922976396,79922502],"sigBytes":16},"algorithm":{"keySize":8,"$super":{"cfg":{"mode":{"$super":{},"Encryptor":{},"Decryptor":{}},"padding":{},"$super":{}},"blockSize":4,"$super":{"keySize":4,"ivSize":4,"_ENC_XFORM_MODE":1,"_DEC_XFORM_MODE":2,"$super":{"_minBufferSize":0}}}},"blockSize":4,"formatter":{},
"salt":{"words":[3335652791,3193595722],"sigBytes":8}}

But can't get other variables correctly to decrypt this encryption and find the original plain text. How can I edit this function to make it work?

I try to clone this answer Encryption in JavaScript and decryption with PHP

PHP User
  • 2,350
  • 6
  • 46
  • 87
  • 1
    Why do you serialize the `CipherParams` object into a JSON string, i.e. why don't you just use `encrypted.toString()` which contains the ciphertext in OpenSSL format? The `CipherParams` object also contains the unencrypted key, i.e. this data must not be sent (at least not via an unsecured wire). – Topaco Feb 28 '21 at 16:45

0 Answers0