I am trying to encrypt a string with a key and iv with Rijndael in PHP.
I have wrote this in VB .Net and the result is the expected one:
'This is the byte Array of "1234567890ABCDEF1234567890ABCDEF". I am using this for IV
Private _key1 As Byte() = New Byte(15) {CByte(18), CByte(52), CByte(86), CByte(120), CByte(144), CByte(171), _
CByte(205), CByte(239), CByte(18), CByte(52), CByte(86), CByte(120), _
CByte(144), CByte(171), CByte(205), CByte(239)}
Public Sub Init()
Dim sKey As String = "D6850B89370BD603BD48CEAD43488639DE3ABE73D2CF7C54B0CF72D2FB06E162"
Dim resBytes As Byte() = Me.EncryData("a", sKey)
File.WriteAllBytes("C:/myFile.txt", resBytes)
End Sub
Public Function EncryData(sPath As String, sKey As String) As Byte()
Return Me.AESEncrypt(plainText, Me.Data_Hex_Asc(sKey))
End Function
Public Function Data_Hex_Asc(ByRef Data As String) As Byte()
Dim str1 As String = ""
Dim list As New List(Of Byte)()
While Data.Length > 0
Dim num As Integer = CInt(Convert.ToChar(Convert.ToUInt32(Data.Substring(0, 2), 16)))
Dim str2 As String = Convert.ToChar(Convert.ToUInt32(Data.Substring(0, 2), 16)).ToString()
list.Add(CByte(Convert.ToUInt32(Data.Substring(0, 2), 16)))
str1 += str2
Data = Data.Substring(2, Data.Length - 2)
End While
Return list.ToArray()
End Function
Public Function AESEncrypt(plainText As String, aByte As Byte()) As Byte()
Dim symmetricAlgorithm As SymmetricAlgorithm = DirectCast(Rijndael.Create(), SymmetricAlgorithm)
Dim bytes As Byte() = Encoding.UTF8.GetBytes(plainText)
symmetricAlgorithm.Key = aByte
symmetricAlgorithm.IV = Me._key1
Dim memoryStream As New MemoryStream()
Dim cryptoStream As New CryptoStream(DirectCast(memoryStream, Stream), symmetricAlgorithm.CreateEncryptor(), CryptoStreamMode.Write)
cryptoStream.Write(bytes, 0, bytes.Length)
cryptoStream.FlushFinalBlock()
Dim numArray As Byte() = memoryStream.ToArray()
cryptoStream.Close()
memoryStream.Close()
Return numArray
End Function
Now the PHP version of that:
$AES_KEY = "D6850B89370BD603BD48CEAD43488639DE3ABE73D2CF7C54B0CF72D2FB06E162";
$key = pack('H*', $AES_KEY);
$plaintext = "a"; ;
$iv = pack('H*', "1234567890ABCDEF1234567890ABCDEF");
$enc_text = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $plaintext, MCRYPT_MODE_CBC, $iv);
The result from PHP code is different from the VB's.
Any suggestions for different php approach?
VB .net implementation of Rijndael uses as default padding: PKCS7 and mode: CBC
Results: vb .net: PFΑ&\O?„\LϋAμCt php:_yJ_½%sAj«SUhA
16 chars length, both of them.
Related
i have to translate a string into openssl encrypt AES-256.
The agency gave me a code snippet how they translate the code in VB.net
Dim iv As Byte() = {&HDB, &H84, &H95, &HBD, &HDA, &HD5, &HD3, &HF8, &HCE, &H81, &H9C, &HA5, &HB3, &H8B, &H24, &H54} (16 Character)
the password is already a hex-code "4093f94891...."
i want to use the following function
openssl_encrypt($string, $encrypt_method, $key, $option, $iv);
$string = "my string"
$encrypt_method = "AES-256-CBC"
$key = "4093f94891...."
$option = 0
$iv = ???
How do i translate the iv as byte() ?
Dim iv As Byte() = {&HDB, &H84, &H95, &HBD, &HDA, &HD5, &HD3, &HF8,
&HCE, &H81, &H9C, &HA5, &HB3, &H8B, &H24, &H54} (16 Character) in
PHP ?
I have to decrypt data in PHP that was encrypted IN VB.
When I decrypt numbers I have no problem, but when I decrypt text I only get the first 8 characters and then random.
This is the key "a1R#f7D$"
This is what I am trying to decrypt:
LwEe+sQCn63m9kjtqiy67ul5R1Ng7SZPVO4YYxQvZtUZBwNTb+Ey0qCNsrczI4jN
And I get this:
{Preinsc]hn��m�ȕ�!��^߇� $! �E&;�e^#S�)6Ui�4�
I tried with MCRYPT_RIJNDAEL_256 and ecb but none worked to me.
function decrypt($data ){
$encryption_key = "a1R#f7D$";
$data = urldecode($data);
$key = md5(utf8_encode($encryption_key), true);
//Take first 8 bytes of $key and append them to the end of $key.
$key .= substr($key, 0, 8);
$data = base64_decode($data);
$data = mcrypt_decrypt('tripledes', $key, $data, 'ecb');
$block = mcrypt_get_block_size('tripledes', 'ecb');
$len = strlen($data);
$pad = ord($data[$len-1]);
return substr($data, 0, strlen($data) - $pad);
}
This is the function that encrypted this:
Public Shared Function tryingTripleDes (ByVal value As String, ByVal key As String) As String
Dim des As New Security.Cryptography.TripleDESCryptoServiceProvider
des.IV des.IV = New Byte(7) {}
Dim pdb As New Security.Cryptography.PasswordDeriveBytes(key, New Byte(-1) {})
des.Key = pdb.CryptDeriveKey("RC2", "MD5", 128, New Byte(7) {})
Dim ms As New IO.MemoryStream((value.Length * 2) - 1)
Dim encStream As New Security.Cryptography.CryptoStream(ms, des.CreateEncryptor(), Security.Cryptography.CryptoStreamMode.Write)
Dim plainBytes As Byte() = Text.Encoding.UTF8.GetBytes(value)
encStream.Write(plainBytes, 0, plainBytes.Length)
encStream.FlushFinalBlock()
Dim encryptedBytes(CInt(ms.Length - 1)) As Byte
ms.Position = 0
ms.Read(encryptedBytes, 0, CInt(ms.Length))
encStream.Close()
Return Convert.ToBase64String(encryptedBytes)
End Function
This would typically happen if the ciphertext is CBC encrypted with an all zero byte IV. Other modes may also work, but CBC is by far the most likely. Your key and cipher are correct, otherwise you will only get garbage in return - certainly not legible text.
Note that MCRYPT_RIJNDAEL_256 is not even AES, so trying that is kind of useless, you should use MCRYPT_RIJNDAEL_128 with a correctly sized key to get AES.
I won't go into the security of CBC with a zero byte IV and deprecated cipher like 3DES. It's not a good idea, especially not for transport security.
Currently I'm working on integration of external service wrote in VB.NET.
This service send me a string with some information encrypted with below function (this is a cut and past from the external service developer that send me the code)
Public Function Decode(ByVal S As String, ByVal chiave As String, ByVal iv As String) As String
Dim rjm As RijndaelManaged = New RijndaelManaged
rjm.KeySize = 128
rjm.BlockSize = 128
rjm.Key = System.Text.ASCIIEncoding.ASCII.GetBytes(chiave)
rjm.IV = System.Text.ASCIIEncoding.ASCII.GetBytes(iv)
Try
Dim input() As Byte = System.Convert.FromBase64String(S)
Dim output() As Byte = rjm.CreateDecryptor.TransformFinalBlock(input, 0, input.Length)
Return System.Text.Encoding.UTF8.GetString(output)
Catch ex As System.Exception
Return S
End Try
End Function
if I decode the string with below mcrypt function everything work as expected:
$mcrypt_cipher = MCRYPT_RIJNDAEL_128;
$mcrypt_mode = MCRYPT_MODE_CBC;
$iv= '1234567891011121';
$key = '1234567891011121';
$message= base64_decode($message);
$message = rtrim(mcrypt_decrypt($mcrypt_cipher, $key, $message, $mcrypt_mode, $iv), "\0");;
But i'm unable to obtain same result with openssl_decrypt. the function always fail with false as result, below the code:
$result = openssl_decrypt(
base64_decode($message),
'AES-128-CBC',
$key,
OPENSSL_RAW_DATA,
$iv
);
I'm pretty sure that the problem is related to some padding that i missing.. but I don't understand where the problem is exactly.
UPDATE1 -
I correct the code, both $iv and $key are strings i forgot the ' both are of 16Bytes = 128Bits
I am trying to write a function in PHP and in VB.NET that uses Triple DES to pass in BOTH directions encrypted data. The problem, is that when I try to decrypt a string encrypted in VB.NET using PHP, I get an error message saying that the block size of the IV must match.
The class I wrote in VB.NET, is as follows and is fully functional as it will encrypt and decrypt its own blocks flawlessly.
Imports System
Imports System.Text
Imports System.IO
Imports System.Security.Cryptography
Public Class Cipher
Dim method As TripleDESCryptoServiceProvider
Dim key As Byte()
Public Property Password() As String
Get
Return System.Text.Encoding.Unicode.GetString(Key)
End Get
Set(value As String)
key = System.Text.Encoding.Unicode.GetBytes(value)
End Set
End Property
Public Function Encrypt(data As String) As String
Dim ms As New System.IO.MemoryStream
' Create the encoder to write to the stream.
Dim dataBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(data)
Dim encStream As New CryptoStream(ms, method.CreateEncryptor(), System.Security.Cryptography.CryptoStreamMode.Write)
' Use the crypto stream to write the byte array to the stream.
encStream.Write(dataBytes, 0, dataBytes.Length)
encStream.FlushFinalBlock()
' IV and Ciphered string are each Base64'd and seperated by a comma, then the whole result is Base64'd
Return Convert.ToBase64String(System.Text.Encoding.Unicode.GetBytes(Convert.ToBase64String(method.IV) & "," & Convert.ToBase64String(ms.ToArray)))
End Function
Public Function Decrypt(data As String) As String
' Convert the encrypted text string to a byte array.
Dim partDecoded As String = System.Text.Encoding.Unicode.GetString(Convert.FromBase64String(data))
Dim dataBytes() As Byte
If InStr(partDecoded, ",") > 0 Then
Dim parts() As String = Split(partDecoded, ",")
' Get IV from first part
method.IV = Convert.FromBase64String(parts(0))
' Get ciphered data from second part
dataBytes = Convert.FromBase64String(parts(1))
' Create the stream.
Dim ms As New System.IO.MemoryStream
' Create the decoder to write to the stream.
Dim decStream As New CryptoStream(ms, method.CreateDecryptor(), System.Security.Cryptography.CryptoStreamMode.Write)
' Use the crypto stream to write the byte array to the stream.
decStream.Write(dataBytes, 0, dataBytes.Length)
decStream.FlushFinalBlock()
' Convert the plaintext stream to a string.
Return System.Text.Encoding.Unicode.GetString(ms.ToArray)
Else
Return False
End If
End Function
Public Sub New()
method = New TripleDESCryptoServiceProvider
method.Mode = CipherMode.CFB
method.GenerateIV()
End Sub
End Class
Example usage of the above class
Dim c As New Cipher
c.Password = "12345"
Dim encrypted As String = c.Encrypt("hello")
Debug.Print(encrypted)
Dim decrypted As String = c.Decrypt(encrypted)
Debug.Print(decrypted)
Now I also have the following PHP code which ALSO works (by itself)
class Cipher {
private $iv;
private $securekey;
function __construct($key) {
$this->securekey = $key;
}
function encrypt($string) {
$this->iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_3DES, MCRYPT_MODE_CFB),MCRYPT_DEV_RANDOM);
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_3DES, $this->securekey, $string, MCRYPT_MODE_CFB, $this->iv));
return base64_encode(base64_encode($this->iv) . ',' . $encrypted);
}
function decrypt($string) {
$decrypt = base64_decode($string);
if(strpos($decrypt,',') > 0) {
$decrypt = explode(',', $decrypt);
$this->iv = base64_decode($decrypt[0]);
return trim(mcrypt_decrypt(MCRYPT_3DES, $this->securekey, base64_decode($decrypt[1]), MCRYPT_MODE_CFB, $this->iv));
} else {
return false;
}
}
}
PHP Example Usage
$c = new Cipher("12345");
$encrypted = $c->encrypt("hello");
echo 'Encrypted: ' . $encrypted . '<br />';
$decrypted = $c->decrypt($encrypted);
echo 'Decrypted: ' . $decrypted . '<br />';
$vb = "MwBOAEoAOQBjAEgAcQAyAC8ASABzAD0ALABmAEUAOQBaAHYAVwBzAFUAYQB3AFYARwBGAHUANABLAGUAVgB3AFcAaABRAD0APQA=";
echo 'VB.NET Dec: ' . $c->decrypt($vb);
What I have included above in the PHP usage, is the Base64 string made with VB.NET that decodes PERFECTLY in VB.NET as the variable $vb.
This is driving me absolutely batty, as the code is correct, and functional -- in both cases -- so what am I missing and can you point out / fix the problem. I do not wish to use Rijndael, or explore other cipher methods, as this one is well established that works across multiple devices natively (iOS, Android, Windows, Linux, etc.).
Since no one was able to provide a fully functional BI-DIRECTIONAL solution, I have taken the liberty to provide one for the community on this article.
The problem, is that PHP does not conform to the standards by forcing the strings to be padded in order to match. Presently, there is no known way to reliably pass the IV if randomly generated between .NET and PHP (if you do discover how, or this changes, please feel free to revise this).
Following is the COMPLETE solution for encrypting data using Triple DES in a manner that is compatible with .NET and PHP which allows for bi-directional Triple DES encrypted communication. This method is also compatible with Java, Delphi, Objective-C, and many other languages, however such code is not going to be supplied here as that is not a solution to the posted question.
VB.NET Triple DES Class
Imports System
Imports System.Text
Imports System.IO
Imports System.Security.Cryptography
Public Class TripleDES
Private bPassword As Byte()
Private sPassword As String
Public Sub New(Optional ByVal Password As String = "password")
' On Class Begin
Me.Password = Password
End Sub
Public ReadOnly Property PasswordHash As String
Get
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
Return UTF8.GetString(bPassword)
End Get
End Property
Public Property Password() As String
Get
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
Return sPassword
End Get
Set(value As String)
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
Dim HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
bPassword = HashProvider.ComputeHash(UTF8.GetBytes(value))
sPassword = value
End Set
End Property
#Region "Encrypt"
' Encrypt using Password from Property Set (pre-hashed)
Public Function Encrypt(ByVal Message As String) As String
Dim Results() As Byte
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
Using HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey() As Byte = bPassword
Using TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider() With {.Key = TDESKey, .Mode = CipherMode.ECB, .Padding = PaddingMode.PKCS7}
Dim DataToEncrypt() As Byte = UTF8.GetBytes(Message)
Try
Dim Encryptor As ICryptoTransform = TDESAlgorithm.CreateEncryptor
Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length)
Finally
TDESAlgorithm.Clear()
HashProvider.Clear()
End Try
End Using
End Using
Return Convert.ToBase64String(Results)
End Function
' Encrypt using Password as byte array
Private Function Encrypt(ByVal Message As String, ByVal Password() As Byte) As String
Dim Results() As Byte
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
Using HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey() As Byte = HashProvider.ComputeHash(UTF8.GetBytes(UTF8.GetString(Password)))
Using TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider() With {.Key = TDESKey, .Mode = CipherMode.ECB, .Padding = PaddingMode.PKCS7}
Dim DataToEncrypt() As Byte = UTF8.GetBytes(Message)
Try
Dim Encryptor As ICryptoTransform = TDESAlgorithm.CreateEncryptor
Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length)
Finally
TDESAlgorithm.Clear()
HashProvider.Clear()
End Try
End Using
End Using
Return Convert.ToBase64String(Results)
End Function
' Encrypt using Password as string
Public Function Encrypt(ByVal Message As String, ByVal Password As String) As String
Dim Results() As Byte
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
' Step 1. We hash the Passphrase using MD5
' We use the MD5 hash generator as the result is a 128 bit byte array
' which is a valid length for the Triple DES encoder we use below
Using HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey() As Byte = HashProvider.ComputeHash(UTF8.GetBytes(Password))
' Step 2. Create a new TripleDESCryptoServiceProvider object
' Step 3. Setup the encoder
Using TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider() With {.Key = TDESKey, .Mode = CipherMode.ECB, .Padding = PaddingMode.PKCS7}
' Step 4. Convert the input string to a byte[]
Dim DataToEncrypt() As Byte = UTF8.GetBytes(Message)
' Step 5. Attempt to encrypt the string
Try
Dim Encryptor As ICryptoTransform = TDESAlgorithm.CreateEncryptor
Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length)
Finally
' Clear the Triple Des and Hashprovider services of any sensitive information
TDESAlgorithm.Clear()
HashProvider.Clear()
End Try
End Using
End Using
' Step 6. Return the encrypted string as a base64 encoded string
Return Convert.ToBase64String(Results)
End Function
#End Region
#Region "Decrypt"
' Decrypt using Password from Property (pre-hashed)
Public Function Decrypt(ByVal Message As String) As String
Dim Results() As Byte
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
Using HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey() As Byte = Me.bPassword
Using TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider() With {.Key = TDESKey, .Mode = CipherMode.ECB, .Padding = PaddingMode.PKCS7}
Dim DataToDecrypt() As Byte = Convert.FromBase64String(Message)
Try
Dim Decryptor As ICryptoTransform = TDESAlgorithm.CreateDecryptor
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length)
Finally
TDESAlgorithm.Clear()
HashProvider.Clear()
End Try
End Using
End Using
Return UTF8.GetString(Results)
End Function
' Decrypt using Password as Byte array
Public Function Decrypt(ByVal Message As String, ByVal Password() As Byte) As String
Dim Results() As Byte
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
Using HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey() As Byte = HashProvider.ComputeHash(UTF8.GetBytes(UTF8.GetString(Password)))
Using TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider() With {.Key = TDESKey, .Mode = CipherMode.ECB, .Padding = PaddingMode.PKCS7}
Dim DataToDecrypt() As Byte = Convert.FromBase64String(Message)
Try
Dim Decryptor As ICryptoTransform = TDESAlgorithm.CreateDecryptor
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length)
Finally
TDESAlgorithm.Clear()
HashProvider.Clear()
End Try
End Using
End Using
Return UTF8.GetString(Results)
End Function
' Decrypt using Password as string
Public Function Decrypt(ByVal Message As String, ByVal Password As String) As String
Dim Results() As Byte
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
' Step 1. We hash the pass phrase using MD5
' We use the MD5 hash generator as the result is a 128-bit byte array
' which is a valid length for the Triple DES encoder we use below
Using HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey() As Byte = HashProvider.ComputeHash(UTF8.GetBytes(Password))
' Step 2. Create a new TripleDESCryptoServiceProvider object
' Step 3. Setup the decoder
Using TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider() With {.Key = TDESKey, .Mode = CipherMode.ECB, .Padding = PaddingMode.PKCS7}
' Step 4. Convert the input string to a byte[]
Dim DataToDecrypt() As Byte = Convert.FromBase64String(Message)
' Step 5. Attempt to decrypt the string
Try
Dim Decryptor As ICryptoTransform = TDESAlgorithm.CreateDecryptor
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length)
Finally
' Clear the Triple Des and Hash provider services of any sensitive information
TDESAlgorithm.Clear()
HashProvider.Clear()
End Try
End Using
End Using
' Step 6. Return the decrypted string in UTF8 format
Return UTF8.GetString(Results)
End Function
#End Region
End Class
VB.NET Triple DES Class Usage
Dim tdes As New TripleDES("12345")
Dim vbEncrypted = tdes.Encrypt("Encrypted using VB.NET")
Dim phpEncrypted = "5Ittyr0+jiI7QQmPrvSVnMc9MEWQCjAN"
Debug.Print("PHP Encrypted: " & phpEncrypted)
Debug.Print("VB Encrypted: " & vbEncrypted)
Debug.Print("PHP Encrypted (decrypted result): " & tdes.Decrypt(phpEncrypted))
Debug.Print("VB Encrypted (decrypted result): " & tdes.Decrypt(vbEncrypted))
PHP Triple DES Class
class TripleDES {
private $bPassword;
private $sPassword;
function __construct($Password) {
$this->bPassword = md5(utf8_encode($Password),TRUE);
$this->bPassword .= substr($this->bPassword,0,8);
$this->sPassword - $Password;
}
function Password($Password = "") {
if($Password == "") {
return $this->sPassword;
} else {
$this->bPassword = md5(utf8_encode($Password),TRUE);
$this->bPassword .= substr($this->bPassword,0,8);
$this->sPassword - $Password;
}
}
function PasswordHash() {
return $this->bPassword;
}
function Encrypt($Message, $Password = "") {
if($Password <> "") { $this->Password($Password); }
$size=mcrypt_get_block_size('tripledes','ecb');
$padding=$size-((strlen($Message)) % $size);
$Message .= str_repeat(chr($padding),$padding);
$encrypt = mcrypt_encrypt('tripledes',$this->bPassword,$Message,'ecb');
return base64_encode($encrypt);
}
function Decrypt($message, $Password = "") {
if($Password <> "") { $this->Password($Password); }
return trim(mcrypt_decrypt('tripledes', $this->bPassword, base64_decode($message), 'ecb'), ord(2));
}
}
PHP Triple DES Class Usage
$tdes = new TripleDES("12345");
$phpEncrypted = $tdes->encrypt("Encrypted using PHP");
$vbEncrypted = "5Ittyr0+jiI7QQmPrvSVnP3s2CeoTJmF"; // Encrypted using VB.NET
echo "PHP Encrypted: " . $phpEncrypted . '<br />';
echo "VB Encrypted: " . $vbEncrypted . '<br />';
echo "PHP Encrypted (decrypted result): " . $tdes->Decrypt($phpEncrypted) . '<br />';
echo "VB Encrypted (decrypted result): " . $tdes->Decrypt($vbEncrypted) . '<br />';
I did what I could to make both classes usability level identical as the languages would allow naturally. Since PHP does not allow overloading functions, I had to use the password as an optional parameter, which is a string value. The VB.NET solution has an additional override that allows you to pass the byte value of the password string on encrypt/decrypt functions. The example code provided to show the usage for each, shows the most simplistic form of instantiating the object which both classes allow for setting the password on object creation.
For anyone else out there that was bashing their brains trying to find a WORKING bi-directional solution for Triple DES (and did not want to be forced into the box that everyone seems to be pointing to -- Rijndael), then this solution is for you, and you can stop banging your head against the wall.
Added a C# translation of the VB.NET TripleDES class
C# Class ( Added [2017-01-11] )
using System;
using System.Security.Cryptography;
public class TripleDES {
private byte[] bPassword;
private string sPassword;
public TripleDES( string Password = "password" ) {
// On Class Begin
this.Password = Password;
}
public string PasswordHash {
get {
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
return UTF8.GetString( bPassword );
}
}
public string Password {
get {
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
return sPassword;
}
set {
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
bPassword = HashProvider.ComputeHash( UTF8.GetBytes( value ) );
sPassword = value;
}
}
#region "Encrypt"
// Encrypt using Password from Property Set (pre-hashed)
public string Encrypt( string Message ) {
byte[] Results = null;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
using ( MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider() ) {
byte[] TDESKey = bPassword;
using ( TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider { Key = TDESKey, Mode = CipherMode.ECB, Padding = PaddingMode.PKCS7 } ) {
byte[] DataToEncrypt = UTF8.GetBytes( Message );
try {
ICryptoTransform Encryptor = TDESAlgorithm.CreateEncryptor();
Results = Encryptor.TransformFinalBlock( DataToEncrypt, 0, DataToEncrypt.Length );
} finally {
TDESAlgorithm.Clear();
HashProvider.Clear();
}
}
}
return Convert.ToBase64String( Results );
}
// Encrypt using Password as byte array
private string Encrypt( string Message, byte[] Password ) {
byte[] Results = null;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
using ( MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider() ) {
byte[] TDESKey = HashProvider.ComputeHash( UTF8.GetBytes( UTF8.GetString( Password ) ) );
using ( TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider { Key = TDESKey, Mode = CipherMode.ECB, Padding = PaddingMode.PKCS7 } ) {
byte[] DataToEncrypt = UTF8.GetBytes( Message );
try {
ICryptoTransform Encryptor = TDESAlgorithm.CreateEncryptor();
Results = Encryptor.TransformFinalBlock( DataToEncrypt, 0, DataToEncrypt.Length );
} finally {
TDESAlgorithm.Clear();
HashProvider.Clear();
}
}
}
return Convert.ToBase64String( Results );
}
// Encrypt using Password as string
public string Encrypt( string Message, string Password ) {
byte[] Results = null;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
// Step 1. We hash the Passphrase using MD5
// We use the MD5 hash generator as the result is a 128 bit byte array
// which is a valid length for the Triple DES encoder we use below
using ( MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider() ) {
byte[] TDESKey = HashProvider.ComputeHash( UTF8.GetBytes( Password ) );
// Step 2. Create a new TripleDESCryptoServiceProvider object
// Step 3. Setup the encoder
using ( TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider { Key = TDESKey, Mode = CipherMode.ECB, Padding = PaddingMode.PKCS7 } ) {
// Step 4. Convert the input string to a byte[]
byte[] DataToEncrypt = UTF8.GetBytes( Message );
// Step 5. Attempt to encrypt the string
try {
ICryptoTransform Encryptor = TDESAlgorithm.CreateEncryptor();
Results = Encryptor.TransformFinalBlock( DataToEncrypt, 0, DataToEncrypt.Length );
} finally {
// Clear the Triple Des and Hashprovider services of any sensitive information
TDESAlgorithm.Clear();
HashProvider.Clear();
}
}
}
// Step 6. Return the encrypted string as a base64 encoded string
return Convert.ToBase64String( Results );
}
#endregion
#region "Decrypt"
// Decrypt using Password from Property (pre-hashed)
public string Decrypt( string Message ) {
byte[] Results = null;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
using ( MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider() ) {
byte[] TDESKey = this.bPassword;
using ( TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider { Key = TDESKey, Mode = CipherMode.ECB, Padding = PaddingMode.PKCS7 } ) {
byte[] DataToDecrypt = Convert.FromBase64String( Message );
try {
ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();
Results = Decryptor.TransformFinalBlock( DataToDecrypt, 0, DataToDecrypt.Length );
} finally {
TDESAlgorithm.Clear();
HashProvider.Clear();
}
}
}
return UTF8.GetString( Results );
}
// Decrypt using Password as Byte array
public string Decrypt( string Message, byte[] Password ) {
byte[] Results = null;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
using ( MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider() ) {
byte[] TDESKey = HashProvider.ComputeHash( UTF8.GetBytes( UTF8.GetString( Password ) ) );
using ( TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider { Key = TDESKey, Mode = CipherMode.ECB, Padding = PaddingMode.PKCS7 } ) {
byte[] DataToDecrypt = Convert.FromBase64String( Message );
try {
ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();
Results = Decryptor.TransformFinalBlock( DataToDecrypt, 0, DataToDecrypt.Length );
} finally {
TDESAlgorithm.Clear();
HashProvider.Clear();
}
}
}
return UTF8.GetString( Results );
}
// Decrypt using Password as string
public string Decrypt( string Message, string Password ) {
byte[] Results = null;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
// Step 1. We hash the pass phrase using MD5
// We use the MD5 hash generator as the result is a 128-bit byte array
// which is a valid length for the Triple DES encoder we use below
using ( MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider() ) {
byte[] TDESKey = HashProvider.ComputeHash( UTF8.GetBytes( Password ) );
// Step 2. Create a new TripleDESCryptoServiceProvider object
// Step 3. Setup the decoder
using ( TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider { Key = TDESKey, Mode = CipherMode.ECB, Padding = PaddingMode.PKCS7 } ) {
// Step 4. Convert the input string to a byte[]
byte[] DataToDecrypt = Convert.FromBase64String( Message );
// Step 5. Attempt to decrypt the string
try {
ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();
Results = Decryptor.TransformFinalBlock( DataToDecrypt, 0, DataToDecrypt.Length );
} finally {
// Clear the Triple Des and Hash provider services of any sensitive information
TDESAlgorithm.Clear();
HashProvider.Clear();
}
}
}
// Step 6. Return the decrypted string in UTF8 format
return UTF8.GetString( Results );
}
#endregion
}
For PHP 7+ mccrypt wont work, so here the solution for encrypt and decrypt using the library phpseclib:
$des = new \phpseclib\Crypt\TripleDES(\phpseclib\Crypt\TripleDES::MODE_ECB);
$key = YOURKEY;
$p = md5(utf8_encode($key),TRUE);
$p .= substr($p,0,8);
$p - $key;
$des->setKey($p);
$phpEncrypted = $des->encrypt("Encrypted using PHP");
$vbEncrypted = "5Ittyr0+jiI7QQmPrvSVnP3s2CeoTJmF"; // Encrypted using VB.NET
echo "PHP Encrypted: " . $phpEncrypted . '<br />';
echo "VB Encrypted: " . $vbEncrypted . '<br />';
echo "PHP Encrypted (decrypted result): " . $des->decrypt(base64_decode($phpEncrypted)) . '<br />';
echo "VB Encrypted (decrypted result): " . $des->decrypt(base64_decode($vbEncrypted)) . '<br />';
At first i thought it was the padding since mcrypt uses zero padding but i changed the php to use PKCS7 and get the same exact results
Can anyone help? I think it has something to do with the padding in the php
Test output from .Net:
Key: d88f92e4fa27f6d45b49446c7fc76976
Text: Testing123
Encrypted: /DMkj7BL9Eu2LMxKhdGT+A==
Encrypted after base64 decode: ?3$??K?K?,?J???
Decrypted: Testing123
Test output from PHP:
Key: d88f92e4fa27f6d45b49446c7fc76976
Text: Testing123
Encrypted: K+ke5FNI5T6F6B/XvDF494+S8538Ze83cFz6v1FE89U=
Encrypted after base64 decode: +éäSHå>…è×¼1x÷’óüeï7p\ú¿QDóÕ
Decrypted: Testing123����������������������
PHP:
class rijndael{
var $mcrypt_cipher = MCRYPT_RIJNDAEL_256;
var $mcrypt_mode = MCRYPT_MODE_CBC;
function decrypt($pass, $encrypted)
{
$encrypted = base64_decode($encrypted);
$key = $this->getkey($pass);
$iv = $this->getiv($pass);
$decrypted = mcrypt_decrypt($this->mcrypt_cipher, $key, $encrypted, $this->mcrypt_mode, $iv);
$block = mcrypt_get_block_size($this->mcrypt_cipher, $this->mcrypt_mode);
$pad = ord($decrypted[($len = strlen($decrypted)) - 1]);
return substr($decrypted, 0, strlen($decrypted) - $pad);
}
function encrypt($pass, $decrypted)
{
$key = $this->getkey($pass);
$iv = $this->getiv($pass);
$block = mcrypt_get_block_size($this->mcrypt_cipher, $this->mcrypt_mode);
$pad = $block - (strlen($str) % $block);
$str .= str_repeat(chr($pad), $pad);
$encrypted = mcrypt_encrypt($this->mcrypt_cipher, $key, $decrypted, $this->mcrypt_mode, $iv);
return base64_encode($encrypted);
}
function getkey($passphrase)
{
$L1 = base64_encode(hash("sha256", $passphrase, true));
$L2 = $passphrase.$L1;
return hash("sha256", $L2, true);
}
function getiv($passphrase)
{
$L1 = base64_encode(md5($passphrase));
$L2 = $passphrase.$L1;
return md5($L2);
}
}
VB .Net:
Public Class RijnDael
Public Shared Function Decrypt(ByVal sData As String, ByVal sKey As String)
Dim bytData() As Byte = Encoding.UTF8.GetBytes(sData)
Return Decrypt(bytData, sKey)
End Function
Public Shared Function Decrypt(ByVal bytData As Byte(), ByVal strPass As String) As Byte()
Dim bytResult As Byte()
Using oRM As New System.Security.Cryptography.RijndaelManaged
oRM.KeySize = 256
oRM.Key = GeKey(strPass)
oRM.IV = GetIV(strPass)
oRM.Mode = CipherMode.CBC
oRM.Padding = PaddingMode.PKCS7
Using oMS As New MemoryStream(bytData)
Using oCS As New Cryptography.CryptoStream(oMS, oRM.CreateDecryptor, Security.Cryptography.CryptoStreamMode.Read)
Dim TempDecryptArr As Byte()
ReDim TempDecryptArr(bytData.Length)
Dim decryptedByteCount As Integer
decryptedByteCount = oCS.Read(TempDecryptArr, 0, bytData.Length)
'
ReDim bytResult(decryptedByteCount)
Array.Copy(TempDecryptArr, bytResult, decryptedByteCount)
'
oCS.Close()
End Using
oMS.Close()
End Using
End Using
Return bytResult
End Function
Public Shared Function Encrypt(ByVal sData As String, ByVal sKey As String)
Dim bytData() As Byte = Encoding.UTF8.GetBytes(sData)
Return Encrypt(bytData, sKey)
End Function
Public Shared Function Encrypt(ByVal bytData As Byte(), ByVal strPass As String) As Byte()
Dim bytResult As Byte()
Using oRM As New Cryptography.RijndaelManaged
oRM.KeySize = 256
oRM.Key = GeKey(strPass)
oRM.IV = GetIV(strPass)
oRM.Mode = CipherMode.CBC
oRM.Padding = PaddingMode.PKCS7
Using oMS As New MemoryStream
Using oCS As New Cryptography.CryptoStream(oMS, oRM.CreateEncryptor, Cryptography.CryptoStreamMode.Write)
oCS.Write(bytData, 0, bytData.Length)
oCS.FlushFinalBlock()
bytResult = oMS.ToArray()
oCS.Close()
End Using
oMS.Close()
End Using
End Using
Return bytResult
End Function
Private Shared Function GeKey(ByVal strPass As String) As Byte()
Dim bytResult As Byte()
'Generate a byte array of required length as the encryption key.
'A SHA256 hash of the passphrase has just the required length. It is used twice in a manner of self-salting.
Using oSHA256 As New Cryptography.SHA256Managed
Dim L1 As String = System.Convert.ToBase64String(oSHA256.ComputeHash(Encoding.UTF8.GetBytes(strPass)))
Dim L2 As String = strPass & L1
bytResult = oSHA256.ComputeHash(System.Text.Encoding.UTF8.GetBytes(L2))
oSHA256.Clear()
End Using
Return bytResult
End Function
Private Shared Function GetIV(ByVal strPass As String) As Byte()
Dim bytResult As Byte()
'Generate a byte array of required length as the iv.
'A MD5 hash of the passphrase has just the required length. It is used twice in a manner of self-salting.
Using oMD5 As New Cryptography.MD5CryptoServiceProvider
Dim L1 As String = System.Convert.ToBase64String(oMD5.ComputeHash(Encoding.UTF8.GetBytes(strPass)))
Dim L2 As String = strPass & L1
bytResult = oMD5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(L2))
oMD5.Clear()
End Using
Return bytResult
End Function
End Class
The problems in your two pieces of code are:
Use Rijndael-128 with a key and block size of 16 bytes / 128 bit in both the .NET and the PHP code. For Rijndael-256, your code generates an IV with the wrong length. And I don't know how to use AES-256 in PHP (key length of 32 bytes / 256 bits, block size of 16 bytes / 128 bit).
Use of MD5: In the PHP code, add a second parameter true to the md5() function (in two places) so the result is binary data and not a hexadecimal string.
In the encrypt() function in your PHP code, replace the variable $str with $decrypted (in two places). $str is never assigned a value and never used, so the padding has no effect.
If you fix these problems, then both programs will return the result:
Encrypted: /DMkj7BL9Eu2LMxKhdGT+A==
I haven't tried to decrypt it.
For starters the 2 bits of code will create different initialization vectors (PHP is using sha256, and .net md5). And you're not truncating the PHP output by then first null char. There are several potential char set issues in the code too.