0

If I encrypt something with openssl_encrypt in my MAC OSX development environment, I cannot unencrypt it in my Windows devlopment environment.

  • My Mac development environment is using MAMP for OSX running PHP 7.4.2.
  • My Windows development environment is using MAMP for Windows running PHP 7.4.2.

A few notes:

  • If I encrypt with openssl_encrypt in Windows I can also decypt it in Windows.
  • If I encrypt it on Mac I cannot decrypt it in Windows, but I can decrypt it in Mac just fine.
  • The error I get in windows is error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt.

I have read this post: How to resolve the "EVP_DecryptFInal_ex: bad decrypt" during file decryption

And from this article I'm guessing that I am using incompatible versions of openssl_decrypt but I'm not sure how to remedy this or if this is even the issue.

Here is my code:

<?php
/**
 *  First, this code works on both Mac and Windows
*/ 

$cipher = "AES-128-CBC";
$key = 1234567890123456;
$iv = 1234567890123456;
$plaintext = '1234';

$encrypted = openssl_encrypt($plaintext, $cipher, $key, 0, $iv);
if(false === $encrypted)
{
    echo openssl_error_string();
    die;
}
echo "Plain text: " . $plaintext . "<br>";
echo "Encrypted text: " . $encrypted . "<br><br>";
// on Mac $encrypted = w9oKTqKTtvBuRUVbhQP/qw==
// on Win $encrypted = 19MQn7slHAAdFYR1TJSZxQ==

$decrypted = openssl_decrypt($encrypted, $cipher, $key, 0, $iv);
$result = $decrypted === $plaintext;

echo "Text was encrypted and decrypted on the same system: ";
print $result ? 'It worked<br><br>' : 'It did not work<br><br>';
// output on both Windows and Mac - It worked

/**
 *  Code below does not work
*/ 

// This is the encrypted text the Mac produces
$text_encrypted_mac = 'w9oKTqKTtvBuRUVbhQP/qw==';

$decrypted = openssl_decrypt($text_encrypted_mac, $cipher, $key, 0, $iv);
$result = $decrypted === $plaintext;

echo "Start with text encrypted on Mac: ";
print $result ? 'It worked<br>' : 'It did not work<br>';
// output on Mac - 'It worked'
// output on Windows - 'It did not work'


// this is the encrypted text I get on Windows
$text_encrypted_win = '19MQn7slHAAdFYR1TJSZxQ==';

$decrypted = openssl_decrypt($text_encrypted_win, $cipher, $key, 0, $iv);
$result = $decrypted === $plaintext;

echo "Start with text encrypted on Windows: ";
print $result ? 'It worked<br>' : 'It did not work<br>';
// output on Mac - 'It did not work'
// output on Windows - 'It worked'
glass duo
  • 404
  • 5
  • 16
  • Please post complete and valid sets of test data. `fake_key` is not a valid AES key (or did you use this key?). So post plaintext, key, IV and most important the ciphertexts under Windows and MAC. With this it can at least be narrowed down which system is encrypting incorrectly. – Topaco Jul 08 '21 at 19:37
  • Question was updated so that the key is now 16 bit. Thanks for that input. That did not change the results. I'm still having the same problem. – glass duo Jul 08 '21 at 21:01
  • @user 9014097 - It seems my Windows is using a different version of openssl than my Mac and different from your machines. Do you know anything about how I change the openssl version I'm using? – glass duo Jul 08 '21 at 22:25
  • 1
    1. The output of AES does _not_ vary between versions or implementations of OpenSSL. 2. The ciphertext `w9oKTqKTtvBuRUVbhQP/qw==` you get on Mac is _correct_. 3. Either your key/iv/plaintext are somehow different on the Windows machine, or something is horribly wrong with OpenSSL on that machine. 4. Keys and IVs are _strings_, not numbers. Throw some quotes around them, maybe the Windows version isn't juggling the types correctly. Come to think of it if you're somehow still running a 32bit version of PHP it won't like those 16-digit numbers at all. – Sammitch Jul 08 '21 at 23:59
  • @Sammitch - THANK YOU!!!! Adding quotes to my Keys and IVs did the trick. Really appreciate your help. – glass duo Jul 12 '21 at 21:15

1 Answers1

0

@Sammitch gave me the correct answer to this issue. I needed to put my Key and IV in quotes. So the correct code for the keys and IV is as follows:

$cipher = 'AES-128-CBC';
$key = '1234567890123456';
$iv = '1234567890123456';
$plaintext = '1234';
glass duo
  • 404
  • 5
  • 16