4

I want to encrypt some data in Javascript and after sending it the php server it could be decrypted.

I'm planig to use JS encryption library as SJCL : http://crypto.stanford.edu/sjcl/ . Up to now I can encrypt my data in JS and send it via ajax post. my JS code lool like this.

sjcl.encrypt('a_key','secured_message');

My question is how do I decrypt my data in php. If it is possible show me how to do it with an example code. (note: SSL is not a option for me, and now I'm planning to use the KEY as generated random number per each request)

Thanks

Improve this question
7
  • 1
    How are you planning to transfer the key? Commented Aug 16, 2012 at 6:56
  • 12
    So you're gonna send an encrypted message with the decryption key on the same channel. You do realize that your encryption is as good as sending plaintext, right? Commented Aug 16, 2012 at 7:02
  • 1
    Out of interest, is there a reason you don't just use SSL? Commented Aug 20, 2012 at 7:01
  • 1
    It took me quite a bit of pain to replicate the SJCL code into Java (still unfinished). If this isn't directly available (and it probably isn't), it will take quite a bit of knowledge and especially testing to replicate the functionality. Commented Aug 20, 2012 at 23:02
  • 2
    Please See: stackoverflow.com/questions/5452118/javascript-encryption Commented May 14, 2014 at 21:54

2 Answers 2

Reset to default
3

PHP 7.1.0 finally adds openssl support for iv and aad parameters BUT it incorrectly enforces a 12 byte iv length.

In your example, we encrypt as follows:

var sjcl = require('./sjcl');
console.log(sjcl.encrypt('a_key', 'secured_message', { mode: 'ccm', iv: sjcl.random.randomWords(3, 0) }));

To get:

{"iv":"YAKkgmNCcVawQtiB","v":1,"iter":10000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"CwEDE4PXBzY=","ct":"pJ7nmnAGXiC9AD29OADlpFdFl0d/MxQ="}

So, given:

$password = 'a_key';
$input = json_decode('{"iv":"YAKkgmNCcVawQtiB","v":1,"iter":10000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"CwEDE4PXBzY=","ct":"pJ7nmnAGXiC9AD29OADlpFdFl0d/MxQ="}', true);

We can decrypt in PHP 7.1.0 as follows:

$digest   = hash_pbkdf2('sha256', $password, base64_decode($input['salt']), $input['iter'], 0, true);
$cipher   = $input['cipher'] . '-' . $input['ks'] . '-' . $input['mode'];
$ct       = substr(base64_decode($input['ct']), 0, - $input['ts'] / 8);
$tag      = substr(base64_decode($input['ct']), - $input['ts'] / 8);
$iv       = base64_decode($input['iv']);
$adata    = $input['adata'];

$dt = openssl_decrypt($ct, $cipher, $digest, OPENSSL_RAW_DATA, $iv, $tag, $adata);
var_dump($dt);
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

php error: "openssl_decrypt() expects at most 5 parameters, 7 given /..."
0

While this does not answers your question entirely, I have to:

  1. suggest using crypto-js as most standard complaint JS encryption, hashing and KDF library (that means that provided methods is compatibile with PHP equivalents )
  2. suggest that you read at least first lines of this article where you will learn why all gain from utilizing Javascript cryptography is false sense of security
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.