3

This is my code : 

 function decrypt($code)
{

    $key = '3552ef55ecdf04324..'; // 64 bytes length
    $iv = 'd20818af907b59c3b15d258dd3969770'; // 32 bytes length
    $key = hash("sha256", $key,true); // 32 bytes length
    $iv = md5($iv,true); // 16 bytes length

    echo strlen(base64_decode($code)); // 80 bytes
   //return openssl_decrypt(base64_decode($code), 'aes-256-cbc', $key, 0 ,$iv); // return false
    $output = openssl_decrypt(base64_decode($code), 'aes-256-cbc', $key, 0 ,$iv);
    return openssl_error_string(); 

}

I encrypt using swift/android and i decrypt using php.

The openssl_error_string() method return "error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length".

Note that the key and iv in encryption swift/android are the same. I cant find the problem here. Anyone? Thanks.

Improve this question
6
  • Are you specifying PKCS#7 (née PKCS#5) padding? Is the encrypted data a multiple of the block length (16-bytes for AES)? I always recommend not combining steps, that makes debugging more difficult. Hex dump the encrypted data (base64_decode($code)), it may not be what you think it is. Commented May 10, 2016 at 20:49
  • Im specifying PKCS#7 padding. The encrypted data is a multiple of the block length (80 bytes). Here is the Hexdump : <pre>0000 ab bc ea d5 22 1a 56 dd eb ad 30 17 96 c8 84 6d &quot;.V 0.m 0010 16 c8 c3 1f e6 6f f1 71 1b 63 f3 71 85 18 b0 b8 ..oq .cq. 0020 d1 9b fa 3e df a0 a3 c3 45 d2 62 76 dc cc 94 53 &gt; EbvS 0030 85 ac 88 77 11 60 d6 12 b4 52 db d2 2d e9 bd 3b w.. R-; 0040 f6 a1 46 5a ec 54 55 54 04 8f 00 60 09 cf af c2 FZTUT ...</pre> @zaph Commented May 10, 2016 at 21:26
  • The encrypted data ($code) is : q7zq1SIaVt3rrTAXlsiEbRbIwx/mb/FxG2PzcYUYsLjRm/o+36Cjw0XSYnbczJRThayIdxFg1hK0UtvSLem9O/ahRlrsVFVUBI8AYAnPr8I= The plaintext must be : a18ac4e6fbd3fc024a07a21dafbac37d828ca8a04a0e34f368f1ec54e0d4fffb @zaph Commented May 10, 2016 at 21:35
  • Please add additional information to the question, not to comments. Also comments have essentially zero formatting capabilities. You can edit your own questions. Commented May 10, 2016 at 22:24
  • The $code in the comment is not valid Base64 encoding based on its length, 109 characters, there is an invisible character in it. The plain text is 64 characters and would be padded with 16 0x10 bytes so that would make 80 bytes. Commented May 10, 2016 at 22:32

1 Answer 1

Reset to default
2

I solve the problem. The fact is that i am URLEncoding params on Android side, and then URLDecoding them with my PHP script.

Unfortunately, the URL decoding of a '+' is a whitespace in Android but in ios it is correct ('+').

So on PHP side i substituted the whitespace character with '+' before Decoding. And i remove the base64_decode function.

Updated code:

  function decrypt($code)
{

$key = '3552ef55ecdf04324d0fe72343...';
$iv  = 'd20818af907b59c3b15d258dd3969770';

$key = hash("sha256", $key, true);
$iv  = md5($iv, true);
if (preg_match('/\s/', trim($code))) {
    $code = str_replace(' ', '+', trim($code));
}

$output = openssl_decrypt($code, 'aes-256-cbc', $key, 0, $iv);
return $output;

}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.