2

I follow this guide AES encryption on Java side - decryption on PHP side and selecting a single key but the accepted answer is not really working. I even hardcoded the KEY and IV values in java so that i am sure that i have the same values in PHP.

private static final byte[] keyValue =
        new byte[] { 'T', 'h', 'e', 'B', 'e', 's', 't',
                'S', 'e', 'c', 'r','e', 't', 'K', 'e', 'y' };

private static final byte[] ivValue =
        new byte[] { '0', '1', '2', '3', '4', '5', '6',
                '7', '8', '9', '0','1', '2', '3', '4', '5' };

JAVA (key) generation:

String ALGO = "AES/CBC/ZeroBytePadding";
Key key = new SecretKeySpec(keyValue, ALGO);

JAVA (iv) generation:

IvParameterSpec ivSpec = new IvParameterSpec(ivValue);

Then i use it to Encrypt / Decrypt in JAVA like this:

  //ENCRYPTION
  String encrypted = encrypt("Hello World!",key,ivSpec);

  //DECRYPTION
  String decrypted = decrypt(encrypted,key,ivSpec);

public static String encrypt(String Data, Key key, IvParameterSpec ivSpec) throws Exception {

    Cipher c = Cipher.getInstance(ALGO);
    c.init(Cipher.ENCRYPT_MODE, key, ivSpec);       
    byte[] encVal = c.doFinal(Data.getBytes());     
    String encryptedValue = Base64.encodeToString(encVal, Base64.NO_WRAP);
    return encryptedValue;
}


public static String decrypt(String encryptedData, Key key, IvParameterSpec ivSpec) throws Exception {

    Cipher c = Cipher.getInstance(ALGO);
    c.init(Cipher.DECRYPT_MODE, key, ivSpec);   
    byte[] decordedValue = Base64.decode(encryptedData,Base64.NO_WRAP);
    byte[] decValue = c.doFinal(decordedValue);
    String decryptedValue = new String(decValue);
    return decryptedValue;
}

NOW, in PHP i get the encrypted value thru POST and i hardcoded the KEY and IV value:

$encrypted = $_POST["encrypted"];
$key = "TheBestSecretKey";
$iv = "0123456789012345";

$decrypted = decryptMessage($encrypted,$key,$iv);

function decryptMessage($encrypted,$key,$iv)
{
   $ivNum = (int)$iv;
   $ivIn = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), $ivNum);
   $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $encrypted, MCRYPT_MODE_CBC, $ivIn);
}

Encrypted Message: TXCv3f+r+h71y/NzCk08Hw==

Expected Result of (decrypted) variable: "Hellow World!"

Current Result of (decrypted) variable: �@����6�I��Ԗmݕ����WMu

Is there any other workaround to achieve my expected result. Thank you in advance.

Improve this question
5
  • 1
    It is best not to use mcrypt, it is abandonware, has not been updated in years and does not support standard PKCS#7 (née PKCS#5) padding, only non-standard null padding that can't even be used with binary data. mcrypt had many outstanding bugs dating back to 2003. Instead consider using defuse, it is being maintained and is correct. Commented Jul 11, 2016 at 3:12
  • If you provided the encrypted data as hex (yes hex, because not all bytes are printable characters) it could be checked. (Displaying random bytes as characters doesn't work.) Suggestion: Add the encrypted data to the question. Commented Jul 11, 2016 at 3:22
  • I find $ivNum = (int)$iv; suspicious but then it has been decades since I used PHP. Commented Jul 11, 2016 at 3:25
  • @zaph, i already added the encrypted data. and thank you for the suggestion, i will consider using DEFUSE. But do you have links that works between Java-Php with the same implementation like this? Commented Jul 11, 2016 at 23:39
  • You need to use. Hex so the data can be seen, encryption is data, not strings. Base64 is useless for examining data bytes. Commented Jul 12, 2016 at 1:46

1 Answer 1

Reset to default
1

You need to provide the key, iv, input data and encrypted data in hex so they can be examined, encryption works with data, not strings.

key: 546865426573745365637265744b6579
iv: 30313233343536373839303132333435
text: 48656c6c6f7720576f726c6421

and encryption in CBC mode with zero padding you should get encrypted:

AE64AA4836D7251E03070C1647A4B531

but you don't, you get

4D70AFDDFFABFA1EF5CBF3730A4D3C1F

So it seems the encryption is bad.

See: AES CALCULATOR

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you for the effort, i will change my code and will post my development.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.