Rsa encrypted via php giving symbols in vb.net - php

im trying to crypt string in php decrypt it in vb.net
same key (xml converted to pem)
here is my php code
$source = "Baselsayeh!##312";
echo "Source: $source";
$fp=fopen("publicKey.pem","r");
$pub_key=fread($fp,8192);
fclose($fp);
openssl_get_publickey($pub_key);
$hh = $source;
openssl_public_encrypt($hh,$crypttext,$pub_key);
$crypttext = base64_encode($crypttext);
echo "String crypted: " . $crypttext;
and here is my vb.net code
Function Decrypt(ByVal strCipherText As String, _
ByVal strPrivateKey As String) As String
Dim rsa As New RSACryptoServiceProvider()
Dim bytPlainText() As Byte
Dim bytCipherText() As Byte
Dim uEncode As New UnicodeEncoding()
rsa.FromXmlString(strPrivateKey)
bytCipherText = Convert.FromBase64String(strCipherText)
bytPlainText = rsa.Decrypt(bytCipherText, False)
Decrypt = uEncode.GetString(bytPlainText)
rsa.Clear()
End Function
any encrypted string giving 慂敳獬祡桥䀡㌣㈱
but encrypt in vb.net and decrypt in php works fine

never mind
solved it by using utf8 instaid of unicode
change
Dim uEncode As New UnicodeEncoding()
to
Dim uEncode As New UTF8Encoding()

Related

AES 256 with PKCS7 padding

The GST Council has approved the implementation of ‘e-Invoicing’ or ‘electronic invoicing’ of Business to Business (B2B) invoices to GST System if company turnover is greater that 500 crore. Ref of gst portal API :einv-apisandbox.nic.in/index.html
I have to decrypt the encrypted SEK using APP key and encode json data using decrypted SEK to post for Einvoice Generation and i found sample code for java and C# and i have converted in PHP but unfortunately failed to get desired output
In my case encrypted SEK is: oRvKfBtmgNTSuk/oXUhiLOjXi45jiWA2oKNxhhQM3UH2o/32YWGLbUjK1/dohPe3
APP key: fao1PoKaLgd11xMrWTiL2cggAfx9QMwM
Symmetric decryption (AES) (in java)
public static String decrptyBySyymetricKey(String encryptedSek, byte[] appKey)
{
Key aesKey = new SecretKeySpec(appKey, "AES"); // converts bytes(32 byte random generated) to key
try {
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); // encryption type = AES with padding PKCS5
cipher.init(Cipher.DECRYPT_MODE, aesKey); // initiate decryption type with the key
byte[] encryptedSekBytes = Base64.decodeBase64(encryptedSek); // decode the base64 encryptedSek to bytes
byte[] decryptedSekBytes = cipher.doFinal(encryptedSekBytes); // decrypt the encryptedSek with the initialized cipher containing the key(Results in bytes)
String decryptedSek = Base64.encodeBase64String(decryptedSekBytes); // convert the decryptedSek(bytes) to Base64 StriNG
return decryptedSek; // return results in base64 string
}catch(Exception e) {
return "Exception; "+e;
}
}
Symmetric encryption (AES) (in java)
public static string EncryptBySymmetricKey(string text, string sek)
{
//Encrypting SEK
try
{
byte[] dataToEncrypt = Convert.FromBase64String(text);
var keyBytes = Convert.FromBase64String(sek);
AesManaged tdes = new AesManaged();
tdes.KeySize = 256;
tdes.BlockSize = 128;
tdes.Key = keyBytes;
tdes.Mode = CipherMode.ECB;
tdes.Padding = PaddingMode.PKCS7;
pICryptoTransform encrypt__1 = tdes.CreateEncryptor();
byte[] deCipher = encrypt__1.TransformFinalBlock(dataToEncrypt, 0, dataToEncrypt.Length);
tdes.Clear();
string EK_result = Convert.ToBase64String(deCipher);
return EK_result;
}
catch (Exception ex)
{
throw ex;
}
}
Symmetric encryption (AES) (in PHP)
function encrypt($data, $key)
{
$padding = 16 - (strlen($data) % 16);
$data .= str_repeat(chr($padding), $padding);
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, hash('SHA256', $key, true), $data, MCRYPT_MODE_ECB));
}
Symmetric decryption (AES) (in PHP)
function decrypt($key, $str)
{
$str = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, hash('SHA256', $key, true), $str, MCRYPT_MODE_ECB);
$pad = ord($str[($len = strlen($str)) - 1]);
$len = strlen($str);
$pad = ord($str[$len-1]);
return base64_encode( substr($str, 0, strlen($str) - $pad));
}
The decryption of the session key (SEK) with the AppKey is possible in PHP as follows:
function decrptyBySymmetricKey($encSekB64, $appKey) {
$sek = openssl_decrypt($encSekB64, "aes-256-ecb", $appKey, 0); // the SEK
$sekB64 = base64_encode($sek); // the Base64 encoded SEK
return $sekB64;
}
The encryption of data with the SEK is possible in PHP as follows:
function encryptBySymmetricKey($dataB64, $sekB64){
$data = base64_decode($dataB64); // the data to encrypt
$sek = base64_decode($sekB64); // the SEK
$encDataB64 = openssl_encrypt($data, "aes-256-ecb", $sek, 0); // the Base64 encoded ciphertext
return $encDataB64;
}
Both functions can be tested with the following data:
$appKey = 'fao1PoKaLgd11xMrWTiL2cggAfx9QMwM'; // the 32 bytes AppKey
$encSekB64 = 'oRvKfBtmgNTSuk/oXUhiLOjXi45jiWA2oKNxhhQM3UH2o/32YWGLbUjK1/dohPe3'; // the Base64 encoded encrypted SEK
$dataB64 = 'VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZw=='; // the base64 encoded data
$sekB64 = decrptyBySymmetricKey($encSekB64, $appKey); // the Base64 encoded SEK
$encDataB64 = encryptBySymmetricKey($dataB64, $sekB64); // the Base64 encoded ciphertext
echo $sekB64 . "\n"; // zVoede7m2nnvMHcWYIfKhrvsilSFEZYiltJmxVQQnAQ=
echo $encDataB64; // JS+hxYf64FMHThrhoIejqk3VjGwFw+GTYzUyVKc6GEOLKERVuvaNY91zPdo829r0
The Java method decryptBySymmetricKey returns with
byte[] appKey = "fao1PoKaLgd11xMrWTiL2cggAfx9QMwM".getBytes(StandardCharsets.UTF_8);
String encSekB64 = "oRvKfBtmgNTSuk/oXUhiLOjXi45jiWA2oKNxhhQM3UH2o/32YWGLbUjK1/dohPe3";
String sekB64 = decryptBySymmetricKey(encSekB64, appKey);
the same value for the Base64 encoded SEK (zVoede7m2nnvMHcWYIfKhrvsilSFEZYiltJmxVQQnAQ=).
Likewise, the C# method EncryptBySymmetricKey (erroneously labeled in the question as Java function) returns with
string dataB64 = "VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZw==";
string sekB64 = "zVoede7m2nnvMHcWYIfKhrvsilSFEZYiltJmxVQQnAQ=";
string encDataB64 = EncryptBySymmetricKey(dataB64, sekB64);
the same value for the Base64 encoded ciphertext (JS+hxYf64FMHThrhoIejqk3VjGwFw+GTYzUyVKc6GEOLKERVuvaNY91zPdo829r0).
Note:
The deprecated mcrypt is not used. Instead openssl is applied.
Besides the security aspect, openssl has the advantage over mcrypt, that PKCS7 padding is implicitly used, analogous to the C#/Java code. mcrypt applies Zero padding, so a user defined padding was necessary, which is obsolete with openssl.
The key is not derived from the passed key via SHA256, but applied directly, analogous to the C#/Java code.
You also might need to try with postman tool. I achieve the same and able to connect the NIC system but as per the document they have provided it's not possible to achieve the same encryption using OpenSSL or other encryption tool.
Now I moved on to GSP based API connectivity solution you might check this stuff from
https://github.com/sujianalytics/gst-e-invoicing-sap
It's open source but not relevant for your issue, might need to upgrade little bit as per your requirement.

Convert VB.NET AES encoding to PHP using openssl_decrypt

Currently I'm working on integration of external service wrote in VB.NET.
This service send me a string with some information encrypted with below function (this is a cut and past from the external service developer that send me the code)
Public Function Decode(ByVal S As String, ByVal chiave As String, ByVal iv As String) As String
Dim rjm As RijndaelManaged = New RijndaelManaged
rjm.KeySize = 128
rjm.BlockSize = 128
rjm.Key = System.Text.ASCIIEncoding.ASCII.GetBytes(chiave)
rjm.IV = System.Text.ASCIIEncoding.ASCII.GetBytes(iv)
Try
Dim input() As Byte = System.Convert.FromBase64String(S)
Dim output() As Byte = rjm.CreateDecryptor.TransformFinalBlock(input, 0, input.Length)
Return System.Text.Encoding.UTF8.GetString(output)
Catch ex As System.Exception
Return S
End Try
End Function
if I decode the string with below mcrypt function everything work as expected:
$mcrypt_cipher = MCRYPT_RIJNDAEL_128;
$mcrypt_mode = MCRYPT_MODE_CBC;
$iv= '1234567891011121';
$key = '1234567891011121';
$message= base64_decode($message);
$message = rtrim(mcrypt_decrypt($mcrypt_cipher, $key, $message, $mcrypt_mode, $iv), "\0");;
But i'm unable to obtain same result with openssl_decrypt. the function always fail with false as result, below the code:
$result = openssl_decrypt(
base64_decode($message),
'AES-128-CBC',
$key,
OPENSSL_RAW_DATA,
$iv
);
I'm pretty sure that the problem is related to some padding that i missing.. but I don't understand where the problem is exactly.
UPDATE1 -
I correct the code, both $iv and $key are strings i forgot the ' both are of 16Bytes = 128Bits

Rijndael in PHP

I am trying to encrypt a string with a key and iv with Rijndael in PHP.
I have wrote this in VB .Net and the result is the expected one:
'This is the byte Array of "1234567890ABCDEF1234567890ABCDEF". I am using this for IV
Private _key1 As Byte() = New Byte(15) {CByte(18), CByte(52), CByte(86), CByte(120), CByte(144), CByte(171), _
CByte(205), CByte(239), CByte(18), CByte(52), CByte(86), CByte(120), _
CByte(144), CByte(171), CByte(205), CByte(239)}
Public Sub Init()
Dim sKey As String = "D6850B89370BD603BD48CEAD43488639DE3ABE73D2CF7C54B0CF72D2FB06E162"
Dim resBytes As Byte() = Me.EncryData("a", sKey)
File.WriteAllBytes("C:/myFile.txt", resBytes)
End Sub
Public Function EncryData(sPath As String, sKey As String) As Byte()
Return Me.AESEncrypt(plainText, Me.Data_Hex_Asc(sKey))
End Function
Public Function Data_Hex_Asc(ByRef Data As String) As Byte()
Dim str1 As String = ""
Dim list As New List(Of Byte)()
While Data.Length > 0
Dim num As Integer = CInt(Convert.ToChar(Convert.ToUInt32(Data.Substring(0, 2), 16)))
Dim str2 As String = Convert.ToChar(Convert.ToUInt32(Data.Substring(0, 2), 16)).ToString()
list.Add(CByte(Convert.ToUInt32(Data.Substring(0, 2), 16)))
str1 += str2
Data = Data.Substring(2, Data.Length - 2)
End While
Return list.ToArray()
End Function
Public Function AESEncrypt(plainText As String, aByte As Byte()) As Byte()
Dim symmetricAlgorithm As SymmetricAlgorithm = DirectCast(Rijndael.Create(), SymmetricAlgorithm)
Dim bytes As Byte() = Encoding.UTF8.GetBytes(plainText)
symmetricAlgorithm.Key = aByte
symmetricAlgorithm.IV = Me._key1
Dim memoryStream As New MemoryStream()
Dim cryptoStream As New CryptoStream(DirectCast(memoryStream, Stream), symmetricAlgorithm.CreateEncryptor(), CryptoStreamMode.Write)
cryptoStream.Write(bytes, 0, bytes.Length)
cryptoStream.FlushFinalBlock()
Dim numArray As Byte() = memoryStream.ToArray()
cryptoStream.Close()
memoryStream.Close()
Return numArray
End Function
Now the PHP version of that:
$AES_KEY = "D6850B89370BD603BD48CEAD43488639DE3ABE73D2CF7C54B0CF72D2FB06E162";
$key = pack('H*', $AES_KEY);
$plaintext = "a"; ;
$iv = pack('H*', "1234567890ABCDEF1234567890ABCDEF");
$enc_text = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $plaintext, MCRYPT_MODE_CBC, $iv);
The result from PHP code is different from the VB's.
Any suggestions for different php approach?
VB .net implementation of Rijndael uses as default padding: PKCS7 and mode: CBC
Results: vb .net: PFΑ&\O?„\LϋAμCt php:_yJ_½%sAj«SUhA
16 chars length, both of them.

Encrypt in VB.NET and Decrypt in PHP

I am trying to write a function in PHP and in VB.NET that uses Triple DES to pass in BOTH directions encrypted data. The problem, is that when I try to decrypt a string encrypted in VB.NET using PHP, I get an error message saying that the block size of the IV must match.
The class I wrote in VB.NET, is as follows and is fully functional as it will encrypt and decrypt its own blocks flawlessly.
Imports System
Imports System.Text
Imports System.IO
Imports System.Security.Cryptography
Public Class Cipher
Dim method As TripleDESCryptoServiceProvider
Dim key As Byte()
Public Property Password() As String
Get
Return System.Text.Encoding.Unicode.GetString(Key)
End Get
Set(value As String)
key = System.Text.Encoding.Unicode.GetBytes(value)
End Set
End Property
Public Function Encrypt(data As String) As String
Dim ms As New System.IO.MemoryStream
' Create the encoder to write to the stream.
Dim dataBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(data)
Dim encStream As New CryptoStream(ms, method.CreateEncryptor(), System.Security.Cryptography.CryptoStreamMode.Write)
' Use the crypto stream to write the byte array to the stream.
encStream.Write(dataBytes, 0, dataBytes.Length)
encStream.FlushFinalBlock()
' IV and Ciphered string are each Base64'd and seperated by a comma, then the whole result is Base64'd
Return Convert.ToBase64String(System.Text.Encoding.Unicode.GetBytes(Convert.ToBase64String(method.IV) & "," & Convert.ToBase64String(ms.ToArray)))
End Function
Public Function Decrypt(data As String) As String
' Convert the encrypted text string to a byte array.
Dim partDecoded As String = System.Text.Encoding.Unicode.GetString(Convert.FromBase64String(data))
Dim dataBytes() As Byte
If InStr(partDecoded, ",") > 0 Then
Dim parts() As String = Split(partDecoded, ",")
' Get IV from first part
method.IV = Convert.FromBase64String(parts(0))
' Get ciphered data from second part
dataBytes = Convert.FromBase64String(parts(1))
' Create the stream.
Dim ms As New System.IO.MemoryStream
' Create the decoder to write to the stream.
Dim decStream As New CryptoStream(ms, method.CreateDecryptor(), System.Security.Cryptography.CryptoStreamMode.Write)
' Use the crypto stream to write the byte array to the stream.
decStream.Write(dataBytes, 0, dataBytes.Length)
decStream.FlushFinalBlock()
' Convert the plaintext stream to a string.
Return System.Text.Encoding.Unicode.GetString(ms.ToArray)
Else
Return False
End If
End Function
Public Sub New()
method = New TripleDESCryptoServiceProvider
method.Mode = CipherMode.CFB
method.GenerateIV()
End Sub
End Class
Example usage of the above class
Dim c As New Cipher
c.Password = "12345"
Dim encrypted As String = c.Encrypt("hello")
Debug.Print(encrypted)
Dim decrypted As String = c.Decrypt(encrypted)
Debug.Print(decrypted)
Now I also have the following PHP code which ALSO works (by itself)
class Cipher {
private $iv;
private $securekey;
function __construct($key) {
$this->securekey = $key;
}
function encrypt($string) {
$this->iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_3DES, MCRYPT_MODE_CFB),MCRYPT_DEV_RANDOM);
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_3DES, $this->securekey, $string, MCRYPT_MODE_CFB, $this->iv));
return base64_encode(base64_encode($this->iv) . ',' . $encrypted);
}
function decrypt($string) {
$decrypt = base64_decode($string);
if(strpos($decrypt,',') > 0) {
$decrypt = explode(',', $decrypt);
$this->iv = base64_decode($decrypt[0]);
return trim(mcrypt_decrypt(MCRYPT_3DES, $this->securekey, base64_decode($decrypt[1]), MCRYPT_MODE_CFB, $this->iv));
} else {
return false;
}
}
}
PHP Example Usage
$c = new Cipher("12345");
$encrypted = $c->encrypt("hello");
echo 'Encrypted: ' . $encrypted . '<br />';
$decrypted = $c->decrypt($encrypted);
echo 'Decrypted: ' . $decrypted . '<br />';
$vb = "MwBOAEoAOQBjAEgAcQAyAC8ASABzAD0ALABmAEUAOQBaAHYAVwBzAFUAYQB3AFYARwBGAHUANABLAGUAVgB3AFcAaABRAD0APQA=";
echo 'VB.NET Dec: ' . $c->decrypt($vb);
What I have included above in the PHP usage, is the Base64 string made with VB.NET that decodes PERFECTLY in VB.NET as the variable $vb.
This is driving me absolutely batty, as the code is correct, and functional -- in both cases -- so what am I missing and can you point out / fix the problem. I do not wish to use Rijndael, or explore other cipher methods, as this one is well established that works across multiple devices natively (iOS, Android, Windows, Linux, etc.).
Since no one was able to provide a fully functional BI-DIRECTIONAL solution, I have taken the liberty to provide one for the community on this article.
The problem, is that PHP does not conform to the standards by forcing the strings to be padded in order to match. Presently, there is no known way to reliably pass the IV if randomly generated between .NET and PHP (if you do discover how, or this changes, please feel free to revise this).
Following is the COMPLETE solution for encrypting data using Triple DES in a manner that is compatible with .NET and PHP which allows for bi-directional Triple DES encrypted communication. This method is also compatible with Java, Delphi, Objective-C, and many other languages, however such code is not going to be supplied here as that is not a solution to the posted question.
VB.NET Triple DES Class
Imports System
Imports System.Text
Imports System.IO
Imports System.Security.Cryptography
Public Class TripleDES
Private bPassword As Byte()
Private sPassword As String
Public Sub New(Optional ByVal Password As String = "password")
' On Class Begin
Me.Password = Password
End Sub
Public ReadOnly Property PasswordHash As String
Get
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
Return UTF8.GetString(bPassword)
End Get
End Property
Public Property Password() As String
Get
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
Return sPassword
End Get
Set(value As String)
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
Dim HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
bPassword = HashProvider.ComputeHash(UTF8.GetBytes(value))
sPassword = value
End Set
End Property
#Region "Encrypt"
' Encrypt using Password from Property Set (pre-hashed)
Public Function Encrypt(ByVal Message As String) As String
Dim Results() As Byte
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
Using HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey() As Byte = bPassword
Using TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider() With {.Key = TDESKey, .Mode = CipherMode.ECB, .Padding = PaddingMode.PKCS7}
Dim DataToEncrypt() As Byte = UTF8.GetBytes(Message)
Try
Dim Encryptor As ICryptoTransform = TDESAlgorithm.CreateEncryptor
Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length)
Finally
TDESAlgorithm.Clear()
HashProvider.Clear()
End Try
End Using
End Using
Return Convert.ToBase64String(Results)
End Function
' Encrypt using Password as byte array
Private Function Encrypt(ByVal Message As String, ByVal Password() As Byte) As String
Dim Results() As Byte
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
Using HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey() As Byte = HashProvider.ComputeHash(UTF8.GetBytes(UTF8.GetString(Password)))
Using TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider() With {.Key = TDESKey, .Mode = CipherMode.ECB, .Padding = PaddingMode.PKCS7}
Dim DataToEncrypt() As Byte = UTF8.GetBytes(Message)
Try
Dim Encryptor As ICryptoTransform = TDESAlgorithm.CreateEncryptor
Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length)
Finally
TDESAlgorithm.Clear()
HashProvider.Clear()
End Try
End Using
End Using
Return Convert.ToBase64String(Results)
End Function
' Encrypt using Password as string
Public Function Encrypt(ByVal Message As String, ByVal Password As String) As String
Dim Results() As Byte
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
' Step 1. We hash the Passphrase using MD5
' We use the MD5 hash generator as the result is a 128 bit byte array
' which is a valid length for the Triple DES encoder we use below
Using HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey() As Byte = HashProvider.ComputeHash(UTF8.GetBytes(Password))
' Step 2. Create a new TripleDESCryptoServiceProvider object
' Step 3. Setup the encoder
Using TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider() With {.Key = TDESKey, .Mode = CipherMode.ECB, .Padding = PaddingMode.PKCS7}
' Step 4. Convert the input string to a byte[]
Dim DataToEncrypt() As Byte = UTF8.GetBytes(Message)
' Step 5. Attempt to encrypt the string
Try
Dim Encryptor As ICryptoTransform = TDESAlgorithm.CreateEncryptor
Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length)
Finally
' Clear the Triple Des and Hashprovider services of any sensitive information
TDESAlgorithm.Clear()
HashProvider.Clear()
End Try
End Using
End Using
' Step 6. Return the encrypted string as a base64 encoded string
Return Convert.ToBase64String(Results)
End Function
#End Region
#Region "Decrypt"
' Decrypt using Password from Property (pre-hashed)
Public Function Decrypt(ByVal Message As String) As String
Dim Results() As Byte
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
Using HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey() As Byte = Me.bPassword
Using TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider() With {.Key = TDESKey, .Mode = CipherMode.ECB, .Padding = PaddingMode.PKCS7}
Dim DataToDecrypt() As Byte = Convert.FromBase64String(Message)
Try
Dim Decryptor As ICryptoTransform = TDESAlgorithm.CreateDecryptor
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length)
Finally
TDESAlgorithm.Clear()
HashProvider.Clear()
End Try
End Using
End Using
Return UTF8.GetString(Results)
End Function
' Decrypt using Password as Byte array
Public Function Decrypt(ByVal Message As String, ByVal Password() As Byte) As String
Dim Results() As Byte
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
Using HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey() As Byte = HashProvider.ComputeHash(UTF8.GetBytes(UTF8.GetString(Password)))
Using TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider() With {.Key = TDESKey, .Mode = CipherMode.ECB, .Padding = PaddingMode.PKCS7}
Dim DataToDecrypt() As Byte = Convert.FromBase64String(Message)
Try
Dim Decryptor As ICryptoTransform = TDESAlgorithm.CreateDecryptor
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length)
Finally
TDESAlgorithm.Clear()
HashProvider.Clear()
End Try
End Using
End Using
Return UTF8.GetString(Results)
End Function
' Decrypt using Password as string
Public Function Decrypt(ByVal Message As String, ByVal Password As String) As String
Dim Results() As Byte
Dim UTF8 As System.Text.UTF8Encoding = New System.Text.UTF8Encoding
' Step 1. We hash the pass phrase using MD5
' We use the MD5 hash generator as the result is a 128-bit byte array
' which is a valid length for the Triple DES encoder we use below
Using HashProvider As MD5CryptoServiceProvider = New MD5CryptoServiceProvider()
Dim TDESKey() As Byte = HashProvider.ComputeHash(UTF8.GetBytes(Password))
' Step 2. Create a new TripleDESCryptoServiceProvider object
' Step 3. Setup the decoder
Using TDESAlgorithm As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider() With {.Key = TDESKey, .Mode = CipherMode.ECB, .Padding = PaddingMode.PKCS7}
' Step 4. Convert the input string to a byte[]
Dim DataToDecrypt() As Byte = Convert.FromBase64String(Message)
' Step 5. Attempt to decrypt the string
Try
Dim Decryptor As ICryptoTransform = TDESAlgorithm.CreateDecryptor
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length)
Finally
' Clear the Triple Des and Hash provider services of any sensitive information
TDESAlgorithm.Clear()
HashProvider.Clear()
End Try
End Using
End Using
' Step 6. Return the decrypted string in UTF8 format
Return UTF8.GetString(Results)
End Function
#End Region
End Class
VB.NET Triple DES Class Usage
Dim tdes As New TripleDES("12345")
Dim vbEncrypted = tdes.Encrypt("Encrypted using VB.NET")
Dim phpEncrypted = "5Ittyr0+jiI7QQmPrvSVnMc9MEWQCjAN"
Debug.Print("PHP Encrypted: " & phpEncrypted)
Debug.Print("VB Encrypted: " & vbEncrypted)
Debug.Print("PHP Encrypted (decrypted result): " & tdes.Decrypt(phpEncrypted))
Debug.Print("VB Encrypted (decrypted result): " & tdes.Decrypt(vbEncrypted))
PHP Triple DES Class
class TripleDES {
private $bPassword;
private $sPassword;
function __construct($Password) {
$this->bPassword = md5(utf8_encode($Password),TRUE);
$this->bPassword .= substr($this->bPassword,0,8);
$this->sPassword - $Password;
}
function Password($Password = "") {
if($Password == "") {
return $this->sPassword;
} else {
$this->bPassword = md5(utf8_encode($Password),TRUE);
$this->bPassword .= substr($this->bPassword,0,8);
$this->sPassword - $Password;
}
}
function PasswordHash() {
return $this->bPassword;
}
function Encrypt($Message, $Password = "") {
if($Password <> "") { $this->Password($Password); }
$size=mcrypt_get_block_size('tripledes','ecb');
$padding=$size-((strlen($Message)) % $size);
$Message .= str_repeat(chr($padding),$padding);
$encrypt = mcrypt_encrypt('tripledes',$this->bPassword,$Message,'ecb');
return base64_encode($encrypt);
}
function Decrypt($message, $Password = "") {
if($Password <> "") { $this->Password($Password); }
return trim(mcrypt_decrypt('tripledes', $this->bPassword, base64_decode($message), 'ecb'), ord(2));
}
}
PHP Triple DES Class Usage
$tdes = new TripleDES("12345");
$phpEncrypted = $tdes->encrypt("Encrypted using PHP");
$vbEncrypted = "5Ittyr0+jiI7QQmPrvSVnP3s2CeoTJmF"; // Encrypted using VB.NET
echo "PHP Encrypted: " . $phpEncrypted . '<br />';
echo "VB Encrypted: " . $vbEncrypted . '<br />';
echo "PHP Encrypted (decrypted result): " . $tdes->Decrypt($phpEncrypted) . '<br />';
echo "VB Encrypted (decrypted result): " . $tdes->Decrypt($vbEncrypted) . '<br />';
I did what I could to make both classes usability level identical as the languages would allow naturally. Since PHP does not allow overloading functions, I had to use the password as an optional parameter, which is a string value. The VB.NET solution has an additional override that allows you to pass the byte value of the password string on encrypt/decrypt functions. The example code provided to show the usage for each, shows the most simplistic form of instantiating the object which both classes allow for setting the password on object creation.
For anyone else out there that was bashing their brains trying to find a WORKING bi-directional solution for Triple DES (and did not want to be forced into the box that everyone seems to be pointing to -- Rijndael), then this solution is for you, and you can stop banging your head against the wall.
Added a C# translation of the VB.NET TripleDES class
C# Class ( Added [2017-01-11] )
using System;
using System.Security.Cryptography;
public class TripleDES {
private byte[] bPassword;
private string sPassword;
public TripleDES( string Password = "password" ) {
// On Class Begin
this.Password = Password;
}
public string PasswordHash {
get {
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
return UTF8.GetString( bPassword );
}
}
public string Password {
get {
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
return sPassword;
}
set {
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
bPassword = HashProvider.ComputeHash( UTF8.GetBytes( value ) );
sPassword = value;
}
}
#region "Encrypt"
// Encrypt using Password from Property Set (pre-hashed)
public string Encrypt( string Message ) {
byte[] Results = null;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
using ( MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider() ) {
byte[] TDESKey = bPassword;
using ( TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider { Key = TDESKey, Mode = CipherMode.ECB, Padding = PaddingMode.PKCS7 } ) {
byte[] DataToEncrypt = UTF8.GetBytes( Message );
try {
ICryptoTransform Encryptor = TDESAlgorithm.CreateEncryptor();
Results = Encryptor.TransformFinalBlock( DataToEncrypt, 0, DataToEncrypt.Length );
} finally {
TDESAlgorithm.Clear();
HashProvider.Clear();
}
}
}
return Convert.ToBase64String( Results );
}
// Encrypt using Password as byte array
private string Encrypt( string Message, byte[] Password ) {
byte[] Results = null;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
using ( MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider() ) {
byte[] TDESKey = HashProvider.ComputeHash( UTF8.GetBytes( UTF8.GetString( Password ) ) );
using ( TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider { Key = TDESKey, Mode = CipherMode.ECB, Padding = PaddingMode.PKCS7 } ) {
byte[] DataToEncrypt = UTF8.GetBytes( Message );
try {
ICryptoTransform Encryptor = TDESAlgorithm.CreateEncryptor();
Results = Encryptor.TransformFinalBlock( DataToEncrypt, 0, DataToEncrypt.Length );
} finally {
TDESAlgorithm.Clear();
HashProvider.Clear();
}
}
}
return Convert.ToBase64String( Results );
}
// Encrypt using Password as string
public string Encrypt( string Message, string Password ) {
byte[] Results = null;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
// Step 1. We hash the Passphrase using MD5
// We use the MD5 hash generator as the result is a 128 bit byte array
// which is a valid length for the Triple DES encoder we use below
using ( MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider() ) {
byte[] TDESKey = HashProvider.ComputeHash( UTF8.GetBytes( Password ) );
// Step 2. Create a new TripleDESCryptoServiceProvider object
// Step 3. Setup the encoder
using ( TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider { Key = TDESKey, Mode = CipherMode.ECB, Padding = PaddingMode.PKCS7 } ) {
// Step 4. Convert the input string to a byte[]
byte[] DataToEncrypt = UTF8.GetBytes( Message );
// Step 5. Attempt to encrypt the string
try {
ICryptoTransform Encryptor = TDESAlgorithm.CreateEncryptor();
Results = Encryptor.TransformFinalBlock( DataToEncrypt, 0, DataToEncrypt.Length );
} finally {
// Clear the Triple Des and Hashprovider services of any sensitive information
TDESAlgorithm.Clear();
HashProvider.Clear();
}
}
}
// Step 6. Return the encrypted string as a base64 encoded string
return Convert.ToBase64String( Results );
}
#endregion
#region "Decrypt"
// Decrypt using Password from Property (pre-hashed)
public string Decrypt( string Message ) {
byte[] Results = null;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
using ( MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider() ) {
byte[] TDESKey = this.bPassword;
using ( TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider { Key = TDESKey, Mode = CipherMode.ECB, Padding = PaddingMode.PKCS7 } ) {
byte[] DataToDecrypt = Convert.FromBase64String( Message );
try {
ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();
Results = Decryptor.TransformFinalBlock( DataToDecrypt, 0, DataToDecrypt.Length );
} finally {
TDESAlgorithm.Clear();
HashProvider.Clear();
}
}
}
return UTF8.GetString( Results );
}
// Decrypt using Password as Byte array
public string Decrypt( string Message, byte[] Password ) {
byte[] Results = null;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
using ( MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider() ) {
byte[] TDESKey = HashProvider.ComputeHash( UTF8.GetBytes( UTF8.GetString( Password ) ) );
using ( TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider { Key = TDESKey, Mode = CipherMode.ECB, Padding = PaddingMode.PKCS7 } ) {
byte[] DataToDecrypt = Convert.FromBase64String( Message );
try {
ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();
Results = Decryptor.TransformFinalBlock( DataToDecrypt, 0, DataToDecrypt.Length );
} finally {
TDESAlgorithm.Clear();
HashProvider.Clear();
}
}
}
return UTF8.GetString( Results );
}
// Decrypt using Password as string
public string Decrypt( string Message, string Password ) {
byte[] Results = null;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
// Step 1. We hash the pass phrase using MD5
// We use the MD5 hash generator as the result is a 128-bit byte array
// which is a valid length for the Triple DES encoder we use below
using ( MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider() ) {
byte[] TDESKey = HashProvider.ComputeHash( UTF8.GetBytes( Password ) );
// Step 2. Create a new TripleDESCryptoServiceProvider object
// Step 3. Setup the decoder
using ( TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider { Key = TDESKey, Mode = CipherMode.ECB, Padding = PaddingMode.PKCS7 } ) {
// Step 4. Convert the input string to a byte[]
byte[] DataToDecrypt = Convert.FromBase64String( Message );
// Step 5. Attempt to decrypt the string
try {
ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();
Results = Decryptor.TransformFinalBlock( DataToDecrypt, 0, DataToDecrypt.Length );
} finally {
// Clear the Triple Des and Hash provider services of any sensitive information
TDESAlgorithm.Clear();
HashProvider.Clear();
}
}
}
// Step 6. Return the decrypted string in UTF8 format
return UTF8.GetString( Results );
}
#endregion
}
For PHP 7+ mccrypt wont work, so here the solution for encrypt and decrypt using the library phpseclib:
$des = new \phpseclib\Crypt\TripleDES(\phpseclib\Crypt\TripleDES::MODE_ECB);
$key = YOURKEY;
$p = md5(utf8_encode($key),TRUE);
$p .= substr($p,0,8);
$p - $key;
$des->setKey($p);
$phpEncrypted = $des->encrypt("Encrypted using PHP");
$vbEncrypted = "5Ittyr0+jiI7QQmPrvSVnP3s2CeoTJmF"; // Encrypted using VB.NET
echo "PHP Encrypted: " . $phpEncrypted . '<br />';
echo "VB Encrypted: " . $vbEncrypted . '<br />';
echo "PHP Encrypted (decrypted result): " . $des->decrypt(base64_decode($phpEncrypted)) . '<br />';
echo "VB Encrypted (decrypted result): " . $des->decrypt(base64_decode($vbEncrypted)) . '<br />';

.Net and PHP Rijndael encryption not matching

At first i thought it was the padding since mcrypt uses zero padding but i changed the php to use PKCS7 and get the same exact results
Can anyone help? I think it has something to do with the padding in the php
Test output from .Net:
Key: d88f92e4fa27f6d45b49446c7fc76976
Text: Testing123
Encrypted: /DMkj7BL9Eu2LMxKhdGT+A==
Encrypted after base64 decode: ?3$??K?K?,?J???
Decrypted: Testing123
Test output from PHP:
Key: d88f92e4fa27f6d45b49446c7fc76976
Text: Testing123
Encrypted: K+ke5FNI5T6F6B/XvDF494+S8538Ze83cFz6v1FE89U=
Encrypted after base64 decode: +éäSHå>…è×¼1x÷’óüeï7p\ú¿QDóÕ
Decrypted: Testing123����������������������
PHP:
class rijndael{
var $mcrypt_cipher = MCRYPT_RIJNDAEL_256;
var $mcrypt_mode = MCRYPT_MODE_CBC;
function decrypt($pass, $encrypted)
{
$encrypted = base64_decode($encrypted);
$key = $this->getkey($pass);
$iv = $this->getiv($pass);
$decrypted = mcrypt_decrypt($this->mcrypt_cipher, $key, $encrypted, $this->mcrypt_mode, $iv);
$block = mcrypt_get_block_size($this->mcrypt_cipher, $this->mcrypt_mode);
$pad = ord($decrypted[($len = strlen($decrypted)) - 1]);
return substr($decrypted, 0, strlen($decrypted) - $pad);
}
function encrypt($pass, $decrypted)
{
$key = $this->getkey($pass);
$iv = $this->getiv($pass);
$block = mcrypt_get_block_size($this->mcrypt_cipher, $this->mcrypt_mode);
$pad = $block - (strlen($str) % $block);
$str .= str_repeat(chr($pad), $pad);
$encrypted = mcrypt_encrypt($this->mcrypt_cipher, $key, $decrypted, $this->mcrypt_mode, $iv);
return base64_encode($encrypted);
}
function getkey($passphrase)
{
$L1 = base64_encode(hash("sha256", $passphrase, true));
$L2 = $passphrase.$L1;
return hash("sha256", $L2, true);
}
function getiv($passphrase)
{
$L1 = base64_encode(md5($passphrase));
$L2 = $passphrase.$L1;
return md5($L2);
}
}
VB .Net:
Public Class RijnDael
Public Shared Function Decrypt(ByVal sData As String, ByVal sKey As String)
Dim bytData() As Byte = Encoding.UTF8.GetBytes(sData)
Return Decrypt(bytData, sKey)
End Function
Public Shared Function Decrypt(ByVal bytData As Byte(), ByVal strPass As String) As Byte()
Dim bytResult As Byte()
Using oRM As New System.Security.Cryptography.RijndaelManaged
oRM.KeySize = 256
oRM.Key = GeKey(strPass)
oRM.IV = GetIV(strPass)
oRM.Mode = CipherMode.CBC
oRM.Padding = PaddingMode.PKCS7
Using oMS As New MemoryStream(bytData)
Using oCS As New Cryptography.CryptoStream(oMS, oRM.CreateDecryptor, Security.Cryptography.CryptoStreamMode.Read)
Dim TempDecryptArr As Byte()
ReDim TempDecryptArr(bytData.Length)
Dim decryptedByteCount As Integer
decryptedByteCount = oCS.Read(TempDecryptArr, 0, bytData.Length)
'
ReDim bytResult(decryptedByteCount)
Array.Copy(TempDecryptArr, bytResult, decryptedByteCount)
'
oCS.Close()
End Using
oMS.Close()
End Using
End Using
Return bytResult
End Function
Public Shared Function Encrypt(ByVal sData As String, ByVal sKey As String)
Dim bytData() As Byte = Encoding.UTF8.GetBytes(sData)
Return Encrypt(bytData, sKey)
End Function
Public Shared Function Encrypt(ByVal bytData As Byte(), ByVal strPass As String) As Byte()
Dim bytResult As Byte()
Using oRM As New Cryptography.RijndaelManaged
oRM.KeySize = 256
oRM.Key = GeKey(strPass)
oRM.IV = GetIV(strPass)
oRM.Mode = CipherMode.CBC
oRM.Padding = PaddingMode.PKCS7
Using oMS As New MemoryStream
Using oCS As New Cryptography.CryptoStream(oMS, oRM.CreateEncryptor, Cryptography.CryptoStreamMode.Write)
oCS.Write(bytData, 0, bytData.Length)
oCS.FlushFinalBlock()
bytResult = oMS.ToArray()
oCS.Close()
End Using
oMS.Close()
End Using
End Using
Return bytResult
End Function
Private Shared Function GeKey(ByVal strPass As String) As Byte()
Dim bytResult As Byte()
'Generate a byte array of required length as the encryption key.
'A SHA256 hash of the passphrase has just the required length. It is used twice in a manner of self-salting.
Using oSHA256 As New Cryptography.SHA256Managed
Dim L1 As String = System.Convert.ToBase64String(oSHA256.ComputeHash(Encoding.UTF8.GetBytes(strPass)))
Dim L2 As String = strPass & L1
bytResult = oSHA256.ComputeHash(System.Text.Encoding.UTF8.GetBytes(L2))
oSHA256.Clear()
End Using
Return bytResult
End Function
Private Shared Function GetIV(ByVal strPass As String) As Byte()
Dim bytResult As Byte()
'Generate a byte array of required length as the iv.
'A MD5 hash of the passphrase has just the required length. It is used twice in a manner of self-salting.
Using oMD5 As New Cryptography.MD5CryptoServiceProvider
Dim L1 As String = System.Convert.ToBase64String(oMD5.ComputeHash(Encoding.UTF8.GetBytes(strPass)))
Dim L2 As String = strPass & L1
bytResult = oMD5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(L2))
oMD5.Clear()
End Using
Return bytResult
End Function
End Class
The problems in your two pieces of code are:
Use Rijndael-128 with a key and block size of 16 bytes / 128 bit in both the .NET and the PHP code. For Rijndael-256, your code generates an IV with the wrong length. And I don't know how to use AES-256 in PHP (key length of 32 bytes / 256 bits, block size of 16 bytes / 128 bit).
Use of MD5: In the PHP code, add a second parameter true to the md5() function (in two places) so the result is binary data and not a hexadecimal string.
In the encrypt() function in your PHP code, replace the variable $str with $decrypted (in two places). $str is never assigned a value and never used, so the padding has no effect.
If you fix these problems, then both programs will return the result:
Encrypted: /DMkj7BL9Eu2LMxKhdGT+A==
I haven't tried to decrypt it.
For starters the 2 bits of code will create different initialization vectors (PHP is using sha256, and .net md5). And you're not truncating the PHP output by then first null char. There are several potential char set issues in the code too.

Categories