0

I have this issue where something is encrypted in python using aes 256 cbc encryption as shown in the python codes encrypt method .

I am trying to create a Decrypt method in php to actually decrypt whats encrypted using the python class .

Here is my attempt to convert the python decryption method to php does it look right or am I missing something in my conversion as every time i use the php version to decrypt it says hmac failed ?

anyhelp in converting the python class to php i will appreciate.

public function decrypt(){
        $encrypt_method ="AES-256-CBC";
        $secret_key =base64_decode('samekeyusedintheencryption');
        $encrypted=(string)'some encrypted text to be decrypted';
        $data=json_decode(base64_decode($encrypted),true);
        $secret_iv =base64_decode($data['iv']);
        $output = \openssl_decrypt($data['value'], 
        $encrypt_method,$secret_key,0,$secret_iv);
        return  json_encode($output);
    }


    def decrypt(self, payload):
        data = json_c.decode(base64.b64decode(payload))
        value =  base64.b64decode(data['value'])
        iv = base64.b64decode(data['iv'])
        crypt_object=AES.new(self.key,AES.MODE_CBC,iv)
        plaintext = crypt_object.decrypt(value)
        return loads(plaintext)
Improve this question

1 Answer 1

Reset to default
2

OK, I got it to work!

function decrypt($encryptedText, $secret_key){

$secret_key = base64_decode($secret_key);
$encrypt_method ="AES-256-CBC";

$data = json_decode(base64_decode($encryptedText),true);

$data['iv'] = base64_decode($data['iv']);
$data['value'] = base64_decode($data['value']);

return openssl_decrypt($data['value'], $encrypt_method, $secret_key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $data['iv']);

}

Some things I learned: If the options in the openssl function are set to '0' it expects a base64_encoded input for the cipher text. Also, if the default options is set to '0' the padding default is set to PKCS#7. This, I think, is why we were getting the bad block size error.

So, the cipher text needs to be base64_decoded and we need to set both options for the padding.

I was able to decrypt your provided cipher text and see the email addresses.

You are provided the MAC in the Data array so this would allow you to check the MAC in the PHP script. This allows you to make sure the data has not been tampered with.

I recently did an encryption project and started with the open ssl, but ended up changing to the libSodium library. I highly recommend you check it out for any further projects.

Cheers!

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

@user3548161 I was really slow to see that your python class data was a json array with your values in it. In looking at it again I noticed that your data['value'] had not been base64 decoded. Try that.
@user3548161 Just confirming you your using the code that is currently posted.
@user3548161 I was using openssl_error_string() and was getting errors related to a bad block length. Padding issues are probably a good focus.
I think its got to do with php base 64 decoding differently than python , not quite sure stackoverflow.com/questions/37147049/…
@user3548161 - Got it!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.