1

I have to do encrypt data on server running php script send them to another server running Java using AES algorithm. I chose to use phpseclib and the javax.crypto package respectively for the php and the Java side. Unfortunately a have padding exception. Here is my code:

On php side:

$aes = new Crypt_AES('MODE_ECB');
$key = "secretkeyfor1234secretke";
$aes->setKey($key);
$plaintext = 'Good evening this is just a test';
$cryptedmessage =  base64_encode($aes->encrypt($plaintext));

On java side: clefAES contain the key and data contain the ciphered text. I send the key using RSA encryption (not reported here).

data = EFjTatx2VkAZR3ScS0UadQr8M6zEkIz/kAX0Cl+XH2FNNHVbeJsEd2b+zWlEkvR6;//( it is base64 encoded )
Cipher aescipher = Cipher.getInstance("AES/ECB/NoPadding", "SunJCE");
Key keySpec = new SecretKeySpec(clefAES, "AES");                   
byte[] encryptedTextByte = decoder.decodeBuffer(data);
aescipher.init(Cipher.DECRYPT_MODE, keySpec);
byte[] decryptedByte = aescipher.doFinal(encryptedTextByte);
String decryptedText = new String(decryptedByte);

this is the result gave by decryptedText :

Good evening thicx��#3mg�? i�#�Ԁ���O�q

If someone know why I am getting this result and how to solve this it would be really helpful. Also is phpseclib compatible with javax.crypto package for aes encryption? Is it the best way to do what I want to achieve?

Improve this question
2
  • 1
    Your Java code doesn't compile. When fixed, it doesn't produce that output from that data. EFjTatx2VkAZR3ScS0UadQr8M6zEkIz/kAX0Cl+XH2FNNHVbeJsEd2b+zWlEkvR6 is not base64-encoded AES/ECB/NoPadding-encrypted. The base64-encoded cipher text I get from Java code is GYQGpH6fRpHBP0ACElbcp9i8pjKf4G7wiPLDL7TM1Ec=. Commented Apr 9, 2015 at 3:51
  • Thank for your fast answer. I check it and send you the feedback Commented Apr 9, 2015 at 8:10

1 Answer 1

Reset to default
1

Here's the output I get from your PHP code:

GYQGpH6fRpHBP0ACElbcp1nvcS0ojcqzvnqclHxvB+BtgM4KEH+K7Q2F6rhEx0hM

This is in contrast with what you're passing to your Java code.

Also, your PHP code isn't doing ECB mode. It's doing CBC mode. This is because new Crypt_AES('MODE_ECB'); isn't the code you need to be using. Rather this is the code you need to be using to do ECB mode:

new Crypt_AES(CRYPT_MODE_ECB);

Additionally, phpseclib is doing padding by default. To disable it you need to do this:

$aes->disablePadding();

After all that is said and done I get this as the output:

GYQGpH6fRpHBP0ACElbcp9i8pjKf4G7wiPLDL7TM1Ec=
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

You are right. It was a mistake. You are awesome neubert, it works. I found somewhere that CBC is most secure than ECB. Can you tell me the right way to do a CBC encryption ?
With phpseclib just do CRYPT_MODE_CBC or just don't pass any parameters to Crypt_AES at all (phpseclib uses CBC by default so if the parameter you pass to it is invalid it'll use CBC). Aside from that using it is no different than using ECB.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.