0

I saw a php code to decrypt an encrypted AES-256-CBC string in PHP. But I'm using python, so I looked for a way to add a PHP script inside python.

This is how I did it as I saw from this link:

def decrypt(encrypted_data, password):
code = """<?php
  function decryptionM($data, $key) {
    $secretkey = str_pad($key, 32, '*'); 
    echo('secretkey: ');
    echo($secretkey);
    echo("\n");
    
    $iv_with_ciphertext = base64_decode(str_replace('plusencr', '+', $data));
    echo('iv_with_ciphertext: ');
    echo($iv_with_ciphertext);
    echo("\n");
    
    $iv_length = openssl_cipher_iv_length('AES-256-CBC');
    echo('iv_length: ');
    echo($iv_length);
    echo("\n");
    $iv = substr($iv_with_ciphertext, 0, $iv_length);
    echo('iv: ');
    echo($iv);
    echo("\n");
    $ciphertext = substr($iv_with_ciphertext, $iv_length);
    echo('ciphertext: ');
    echo($ciphertext);
    echo("\n");
    $text = openssl_decrypt($ciphertext, 'aes-256-cbc', $secretkey, OPENSSL_RAW_DATA, $iv);
    echo('text: ');
    echo($text);
    echo("\n");
    $asArr = explode(',', $text);
    echo('asArr: ');
    echo($asArr);
    echo("\n");
    foreach ($asArr as $val) { 
        $tmp = explode('=', $val);
        echo('tmp: ');
        echo($tmp[0]);
        echo("\n");
        $finalArray[trim($tmp[0])] = str_replace('+', '', $tmp[1 ]); 
    }
    echo('finalArray: ');
    echo($finalArray);
    echo("\n");
    return $finalArray; 
}

  echo decryptionM(""" + encrypted_data + """, """ + password + """);

?>
"""
res = php(code.encode())

return res

But the line echo decryptionM(""" + encrypted_data + """, """ + password + """); is outputting an error:

[2022-03-24 02:06:50,202: WARNING/MainProcess] b"PHP Parse error:  syntax error, unexpected '=', expecting ')' in Standard input code on line 55\n\nParse error: syntax error, unexpected '=', expecting ')' in Standard input code on line 55\n"

which I figured is caused by not having quotes surrounding the parameters which are strings when the echo decryptionM(""" + encrypted_data + """, """ + password + """); is transformed to PHP code.

decryptionM(data, key); should be decryptionM('data', 'key');

How do I do this in python or PHP?

Improve this question
5
  • 3
    This is insane. Why not either (a) just run the PHP code in PHP, or (b) port it to Python? Commented Mar 23, 2022 at 18:18
  • @Chris This is the code in the API I'm using. I'm also using Django so this seems like the fastest way to do it. Commented Mar 23, 2022 at 18:28
  • 1
    I'll quote from that page, with some extra emphasis: "Here is a code snippet to assist with implementation". Not to copy wholesale into a string in another programming language. If you're using Django forget about option (a) and go with option (b). Python can definitely do Base64 and AES. Commented Mar 23, 2022 at 18:31
  • @Chris the pycrypto install was not working before, and it's repo is now archived and unmaintained. Commented Mar 23, 2022 at 18:48
  • 2
    That was just an example. Maybe not the best one, but its homepage lists alternatives: cryptography.io, pycryptodome.org. I promise you, spending 5 minutes to find a library and a bit of time to port this code is worth doing over cramming PHP code into Python. Commented Mar 23, 2022 at 18:59
Related questions
0
Django: How do I prepend
0
Variables in Django
3
Python: how to use variables as a string?
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.