i'm having some trouble decrypting a string that was encrypted using openssl. I don't have access to change the encryption code, but i do have read access:
Encrypt code (unable to modify)
<?php
$key = hex2bin("24a5d2b96b9aee2fb515c94fb36da508");
$encryptTxt = openssl_encrypt(
"txt to encrypt",
'AES-128-ECB',
$key
);
?>
link
Here is how I have attempted to decrypt:
decrypt.php
$ciphertext = $_GET['un'];
$cipher = "aes-128-ecb";
$key = hex2bin("24a5d2b96b9aee2fb515c94fb36da508");
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key);
echo "text= " . $original_plaintext;
The decrypted text is not returned on the decrypt page
SOLVED: I updated decrypt.php to the following and it returned the decrypted text
$ciphertext = $_GET['un'];
$ciphertext = hex2bin($ciphertext);
$ciphertext = base64_encode($ciphertext);
$cipher = "aes-128-ecb";
$key = hex2bin("24a5d2b96b9aee2fb515c94fb36da508");
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key);
echo "text= " . $original_plaintext;
Related
I have this PHP Code for encryption and decryption. This is using OpenSSL
<?php
//$key should have been previously generated in a cryptographically safe way, like
openssl_random_pseudo_bytes
$plaintext = "message to be encrypted";
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
//store $cipher, $iv, and $tag for decryption later
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
echo $original_plaintext."\n";
}
?>
When you run this on your browser and refresh the page the encryption changes. So I want to know how do I use a check like if statement to see if the user input plain text matches the encrypted text.
I have to decrypt aes-128-gcm encrypted data I get from an external party. Since openssl_decrypt never returned any data, I tried to encrypt the elsewhere decrypted data myself, to see if that works and in fact I receive the same encrypted data I try to decrypt. Therefore I know, all my parameters are correct. So I played around with my PHP code and come to the strange conclusion, that decrypting the data only works for me, after I encrypt the plaintext?!?
Does anybody have any idea what's going on here?
thanks,
Harry
<?php
$method='aes-128-gcm';
$key = hex2bin('0748BEF58E04D5917ED0B9B558628265');
//echo "iv_length: ". openssl_cipher_iv_length($method)."<br>";
$iv = hex2bin('534D5367700114E600102D29');
$tag = NULL;
$enc = hex2bin('09E89C959CD513057787832142E6796E1F6DE55CBA8E5CEC6E16AA635B3B102DDB22D85841923DDC2EE3052027945DFD00D025A0A5D0EB385E0033DD28037D80B47522B3DB310B01871474686B609D2DA15864785895DF2BE887');
$plain = hex2bin('0F00102D280C07E4081F01103B1000FF8880020C09060006190900FF090D323232313230323031323735360904103B1000090507E4081F0106004C48DF06000000CB06000089CF06000E61E7060000020A060000000009000900');
$decrypted = openssl_decrypt($enc, $method, $key, OPENSSL_RAW_DATA, $iv, $tag);
$encrypted = openssl_encrypt($plain, $method, $key, OPENSSL_RAW_DATA, $iv, $tag);
$decrypted2 = openssl_decrypt($enc, $method, $key, OPENSSL_RAW_DATA, $iv, $tag);
echo "plain: ".bin2hex($plain)."<br>";
echo "enc: ".bin2hex($encrypted)."<br>";
echo "dec: ".bin2hex($decrypted)."<br>";
echo "dec2: ".bin2hex($decrypted2)."\n";
while ($msg = openssl_error_string())
echo $msg . "<br>\n";
?>
OUTPUT:
plain:
0f00102d280c07e4081f01103b1000ff8880020c09060006190900ff090d323232313230323031323735360904103b1000090507e4081f0106004c48df06000000cb06000089cf06000e61e7060000020a060000000009000900
enc:
09e89c959cd513057787832142e6796e1f6de55cba8e5cec6e16aa635b3b102ddb22d85841923ddc2ee3052027945dfd00d025a0a5d0eb385e0033dd28037d80b47522b3db310b01871474686b609d2da15864785895df2be887
dec:
dec2:
0f00102d280c07e4081f01103b1000ff8880020c09060006190900ff090d323232313230323031323735360904103b1000090507e4081f0106004c48df06000000cb06000089cf06000e61e7060000020a060000000009000900
Welcome to Stackoverflow. You are using the AES algorithm in mode GCM and that means that the ciphertext is secured against modification with an "authentication tag" or short "tag". This tag is generated when encrypting a plaintext with AES-GCM and needs to be available when decrypting the ciphertext.
In your code you provide an empty $tag-variable to the decrypt-function and the decryption fails. When generating a "new" plaintext with openssl_encrypt your $tag-variable gets filled with a tag. Now you are decrypting again and provide this tag to the openssl_decrypt-function and the decryption works like expected.
So you need to get the value of the $tag from the third party to successfully decrypt the ciphertext back to plaintext.
Using this small change in the sourcecode the program provides the $tag:
$decrypted = openssl_decrypt($enc, $method, $key, OPENSSL_RAW_DATA, $iv, $tag);
echo "tag: ".bin2hex($tag)."<br>" . PHP_EOL;
$encrypted = openssl_encrypt($plain, $method, $key, OPENSSL_RAW_DATA, $iv, $tag);
echo "tag: ".bin2hex($tag)."<br>" . PHP_EOL;
$decrypted2 = openssl_decrypt($enc, $method, $key, OPENSSL_RAW_DATA, $iv, $tag);
result:
tag: <br>
tag: 9268f3568512fc9f15075096c1b47902<br>
Edit with solution
According to this answer of #Maarten Bodewes (https://stackoverflow.com/a/49244840/8166854) there is a chance of decypting "aes gcm"
encrypted data without a authentication tag because
AES GCM = AES CTR + AuthTag
Changing your source code as below decrypts the password as expected in the first run, I added manually the hex-data '00000002' to the iv:
plain: 0f00102d280c07e4081f01103b1000ff8880020c09060006190900ff090d323232313230323031323735360904103b1000090507e4081f0106004c48df06000000cb06000089cf06000e61e7060000020a060000000009000900<br>
enc: 09e89c959cd513057787832142e6796e1f6de55cba8e5cec6e16aa635b3b102ddb22d85841923ddc2ee3052027945dfd00d025a0a5d0eb385e0033dd28037d80b47522b3db310b01871474686b609d2da15864785895df2be887<br>
decCtr: 0f00102d280c07e4081f01103b1000ff8880020c09060006190900ff090d323232313230323031323735360904103b1000090507e4081f0106004c48df06000000cb06000089cf06000e61e7060000020a060000000009000900<br>
decGcm: 0f00102d280c07e4081f01103b1000ff8880020c09060006190900ff090d323232313230323031323735360904103b1000090507e4081f0106004c48df06000000cb06000089cf06000e61e7060000020a060000000009000900
code:
<?php
$method='aes-128-gcm';
$key = hex2bin('0748BEF58E04D5917ED0B9B558628265');
$iv = hex2bin('534D5367700114E600102D29');
$tag = NULL;
$enc = hex2bin('09E89C959CD513057787832142E6796E1F6DE55CBA8E5CEC6E16AA635B3B102DDB22D85841923DDC2EE3052027945DFD00D025A0A5D0EB385E0033DD28037D80B47522B3DB310B01871474686B609D2DA15864785895DF2BE887');
$plain = hex2bin('0F00102D280C07E4081F01103B1000FF8880020C09060006190900FF090D323232313230323031323735360904103B1000090507E4081F0106004C48DF06000000CB06000089CF06000E61E7060000020A060000000009000900');
//$decrypted = openssl_decrypt($enc, $method, $key, OPENSSL_RAW_DATA, $iv, $tag);
$methodCtr = 'aes-128-ctr';
$ivCtr = hex2bin('534D5367700114E600102D2900000002');
$decryptedCtr = openssl_decrypt($enc, $methodCtr, $key, OPENSSL_RAW_DATA, $ivCtr);
$encrypted = openssl_encrypt($plain, $method, $key, OPENSSL_RAW_DATA, $iv, $tag);
echo "tag: ".bin2hex($tag)."<br>" . PHP_EOL;
$decryptedGcm = openssl_decrypt($enc, $method, $key, OPENSSL_RAW_DATA, $iv, $tag);
echo "plain: ".bin2hex($plain)."<br>" . PHP_EOL;
echo "enc: ".bin2hex($encrypted)."<br>" . PHP_EOL;
echo "decCtr: ".bin2hex($decryptedCtr)."<br>" . PHP_EOL;
echo "decGcm: ".bin2hex($decryptedGcm)."\n" . PHP_EOL;
while ($msg = openssl_error_string())
echo $msg . "<br>\n";
?>
I want to encrypt data in livecode using mergAESEncryptWithKey pData,pKey,pIV,[pMode],[pKeySize],[pPadding]. The encrypted data is then posted to php. PhP decrypts the data using the same function, does something with the data and then encrypts the results and posts them to livecode. Livecode then decrypts the data from php
My PHP Code looks like this (This works perfect)
function encrypt($plaintext, $salt) {
$method = "AES-256-CBC";
$key = hash('sha256', $salt, true);
$iv = openssl_random_pseudo_bytes(32);
$ciphertext = openssl_encrypt($plaintext, $method, $key, $iv);
$hash = hash_hmac('sha256', $ciphertext . $iv, $key, true);
return $iv . $hash . $ciphertext;
}
function decrypt($ivHashCiphertext, $salt) {
$method = "AES-256-CBC";
$iv = substr($ivHashCiphertext, 0, 32);
$hash = substr($ivHashCiphertext, 32, 48);
$ciphertext = substr($ivHashCiphertext, 64);
$key = hash('sha256', $salt, true);
//if (!hash_equals(hash_hmac('sha256', $ciphertext . $iv, $key, true), $hash)) return null;
return openssl_decrypt($ciphertext, $method, $key, $iv);
}
echo $encrypted."</br>";
echo "----------------------------The message is:<br/>";
echo decrypt($encrypted, 'hashsalt');
For most of you who just don't know but still want to post good for nothing comments, I figured it out. #Sammitch and #Mark asking a question don't mean someone is stupid.
/*
* Encrypt or decrypt data using
* AES-256-CBC
*/
function encrypt_decrypt($mode,$data,$key,$salt){
//define the cipher method
$ciphering = "AES-256-CBC";
// Use OpenSSl Encryption method. This works on PHP 7.2 and above
$iv_length = openssl_cipher_iv_length($ciphering);
$options = 0;
if($mode=="encrypt"){
// Use openssl_encrypt() function to encrypt the data
$Data = openssl_encrypt($data, $ciphering, $key, $options, $salt);
}else{
// Use openssl_decrypt() function to decrypt the data
$Data = openssl_decrypt($data, $ciphering, $key,$options, $salt);
}
return $Data;
}
Oooh and this is for livecode
//encrypt
encrypt tString using "aes-256-cbc" with key theKey and IV saltHash at 256 bit
//decrypt
decrypt base64Decode(varEnc) using "aes-256-cbc" with key theKey and IV saltHash at 256 bit
I'm having problem with decrypting
I have
$key="Gwu078980";
$cipher="aes-128-gcm";
$iv=md5($cipher);
$text="yaw0";
$tag="";
echo $encrypted=openssl_encrypt($text, $cipher, $key, 0, $iv, $tag);
echo $de_ciphertext=openssl_decrypt($encrypted, $cipher, $key, 0, $iv, $tag);
Output
ELRmWQ==
yaw0
So the raw text is yaw0 and the encrypted is ELRmWQ== and the decrypted is yaw0 so perfect.
But when I manually copy the encrypted text and use it as
$encrypted ="ELRmWQ==";
And I run the decryption
the decryption returns null.
Thanks in advance for anyone to help me out.
Your openssl_encrypt message modifies $tag by reference since you're using aes-128-gcm.
That parameter is required for openssl_decrypt aswell (when using AEAD - Authenticated Encryption and Decryption) and is probably an empty string in your case when you omit the openssl_encrypt call.
See Example 1 in the docs:
The comment about storing $cipher, $iv, and $tag is the important part:
<?php
//$key should have been previously generated in a cryptographically safe way, like openssl_random_pseudo_bytes
$plaintext = "message to be encrypted";
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
{
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
//store $cipher, $iv, and $tag for decryption later
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
echo $original_plaintext."\n";
}
?>
The following script works fine. The zip is encrypted, txt file created, and immediately decrypted successfully, and the new zip is created successfully.
However, if I run the decrypt portion only subsequently, it fails to decrypt the txt file. It returns an empty $original_plaintext variable and the final zip has size 0. The $key and $iv are not changed for the second run. Security is not the issue - I just need a scrambled text file and then need to be able to decrypt it later.
$key = "sometext";
$iv = "someothertext";
$cipher = "aes-128-gcm";
$tag = NULL;
$fileRoot = "sql_2018_11_10";
if (in_array($cipher, openssl_get_cipher_methods())) {
// Encrypt
$plaintext = file_get_contents("tmp/$fileRoot.zip");
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
file_put_contents("tmp/enc_$fileRoot.txt", $ciphertext);
// Decrypt
$ciphertext = file_get_contents("tmp/enc_$fileRoot.txt");
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
file_put_contents("tmp/uenc_$fileRoot.zip", $original_plaintext);
}