Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AES encryption in php and then decryption with Javascript (cryptojs)

I'm searching for a way to make a 2 way encryption of a simple text (5 to 6 numbers and/or characters). The catch is that i want to make the encryption in php and then decrypt it via Javascript. For php i've tested using mcrypt_encode and have gotten it to work, hence when i try to decrypt it with javascript (i'm using the Crypto-js library - http://code.google.com/p/crypto-js/ ) i get no results. Here is the php code i'm using:

$key = "oijhd981727783hy18274";
$text = "1233";
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_256, '', MCRYPT_MODE_CBC, '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_CBC,$iv);
echo base64_encode($crypttext);

and then here is the Javascript code i'm using:

var encrypted = CryptoJS.enc.Base64.parse("LiJU5oYHXRSNsrjMtCr5o2ev7yDFGZId85gh9MEXPeg=");
var key = 'oijhd981727783hy18274';
var decrypted = CryptoJS.AES.decrypt(encrypted, key);
document.write( decrypted.toString(CryptoJS.enc.Utf8) );

As i'm just testing, i copy/paste the output from the php straight into the JS and see if it would return any results, however that doesnt happen. As i'm new to the encryption/decryption part i might be missing something. Any suggestions will be greatly appreciated.

On a side note, as i read a lot of suggestions here about using other types of communication to transfer the data, that would not be possible in this case, as i need to pass this string to a third party software, which will bring it over on a secure area, where i have access to edit only the javascript, this is why i'm trying to encrypt the text in php and place it inside the website's source, from where the third party software will read it as it is encrypted and will transfer it to the secure section, where i will need to decrypt it back via Javascript (i dont have access to php there).

like image 654
Lyubomir Lyubenov Avatar asked Aug 03 '12 14:08

Lyubomir Lyubenov


2 Answers

So, after some more digging i came to the following online encryptor/decryptor which led me to the gibberish-aes at GitHub repository.

Inside one of the comments on the first link i found that this JS library has a php equivalent, which seems to be working reasonably well and is fairly easy to deploy: https://github.com/ivantcholakov/gibberish-aes-php

So thanks to Lars for the answer he provided, i would encourage him to open the repository, i'm sure he'll make someone's life a little bit easier :)

like image 155
Lyubomir Lyubenov Avatar answered Sep 26 '22 02:09

Lyubomir Lyubenov


From the CryptoJS documentation:

For the key, when you pass a string, it's treated as a passphrase and used to derive an actual key and IV. Or you can pass a WordArray that represents the actual key. If you pass the actual key, you must also pass the actual IV.

So in your line

var decrypted = CryptoJS.AES.decrypt(encrypted, key);

"oijhd981727783hy18274" is treated as a passphrase to create a key and not as the actual key.

Passing an IV works like this:

var key = CryptoJS.enc.Hex.parse('000102030405060708090a0b0c0d0e0f');
var iv  = CryptoJS.enc.Hex.parse('101112131415161718191a1b1c1d1e1f');

var encrypted = CryptoJS.AES.encrypt("Message", key, { iv: iv });
like image 25
tdkBacke Avatar answered Sep 23 '22 02:09

tdkBacke