2

I have a php file which is as follow:

$encryption_encoded_key = 'c7e1wJFz+PBwQix80D1MbIwwOmOceZOzFGoidzDkF5g=';

function my_encrypt($data, $key) {
    $encryption_key = base64_decode($key);
    $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cfb'));

    $encrypted = openssl_encrypt($data, 'aes-256-cfb', $encryption_key, 1, $iv);

    // The $iv is just as important as the key for decrypting, so save it with encrypted data using a unique separator (::)
    return base64_encode($encrypted . '::' . $iv);
}

function my_decrypt($data, $key) {
    // Remove the base64 encoding from key
    $encryption_key = base64_decode($key);

    // To decrypt, split the encrypted data from IV - unique separator used was "::"
    list($encrypted_data, $iv) = explode('::', base64_decode($data), 2);

    return openssl_decrypt($encrypted_data, 'aes-256-cfb', $encryption_key, 1, $iv);
}

$data = 'USER_ID||NAME||EMAIL||MOBILE';
$data_encrypted = my_encrypt($data, $encryption_encoded_key);
echo $data_encrypted;
$data_decrypted = my_decrypt($data_encrypted, $encryption_encoded_key);
echo "Decrypted string: ". $data_decrypted;

This works fine, and is able to encrypt/decrypt with the encryption key, now i also have a python file:

import hashlib
import base64
from Crypto.Cipher import AES
from Crypto import Random

encryption_encoded_key = 'c7e1wJFz+PBwQix80D1MbIwwOmOceZOzFGoidzDkF5g='

def my_encrypt(data, key):
    #Remove the base64 encoding from key
    encryption_key = base64.b64decode(key)
    #Generate an initialization vector
    bs = AES.block_size
    iv = Random.new().read(bs)

    cipher = AES.new(encryption_key, AES.MODE_CFB, iv)
    #Encrypt the data using AES 256 encryption in CBC mode using our encryption key and initialization vector.
    encrypted = cipher.encrypt(data)

    #The iv is just as important as the key for decrypting, so save it with encrypted data using a unique separator (::)
    return base64.b64encode(encrypted + '::' + iv)


def my_decrypt(data, key):
    #Remove the base64 encoding from key
    encryption_key = base64.b64decode(key)

    #To decrypt, split the encrypted data from IV - unique separator used was "::"
    encrypted_data, iv = base64.b64decode(data).split('::')

    cipher = AES.new(encryption_key, AES.MODE_CFB, iv)

    return cipher.decrypt(encrypted_data)

data = 'USER_ID||NAME||EMAIL||MOBILE'

print "Actual string: %s" %(data)
data_encrypted = my_encrypt(data, encryption_encoded_key)
print data_encrypted

data_decrypted = my_decrypt(data_encrypted, encryption_encoded_key)
print "Decrypted string: %s" %(data_decrypted)

This also works fine when i try to use this from python, it is able to encrypt/decrypt input string, I want to encrypt using php file and decrypt the output in python, both should use AES 256 Encryption using CFB mode, what am i doing wrong ?

Improve this question
2
  • 1
    where is the process breaking down? can you print out your parsed key, iv, data, etc prior to running the encrypt/decrypt operation for each method? that will at least give you a starting point Commented Sep 21, 2017 at 16:52
  • Oh and one thing to watch out for - not knowing much about python or php, be on the lookout for reference types. the iv is potentially modified through each block when running through the encrypt/decrypt operations. If you were to (as a simple example) start with an iv of ...0001, after the first block, that iv might be represented as ...0002. Make sure you're appending the "original" iv in both implementations, rather than the (potentially) modified iv. Commented Sep 21, 2017 at 17:50

1 Answer 1

Reset to default
5

To use CFB mode you need to specify a segment size for it. OpenSSL has aes-256-cfb (which is 128 bit), aes-256-cfb1 (i.e. 1-bit) and aes-256-cfb8 (8 bit) (and similar modes for AES-128 and 192). So you are using 128 bit cfb in your php code.

The Python library accepts a segment_size argument to AES.new, but the default is 8, so you are using different modes in the two versions.

To get the Python code to decrypt the output of the PHP code, add a segment size of 128 to the cipher object:

cipher = AES.new(encryption_key, AES.MODE_CFB, iv, segment_size=128)

(N.B. this is using the newer PyCryptodome fork of PyCrypto. PyCrypto has a bug here and won’t work.)

Alternatively, you can get the PHP code to use CFB-8 by setting the cipher (don’t change both, obviously):

$encrypted = openssl_encrypt($data, 'aes-256-cfb8', $encryption_key, 1, $iv);
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Works perfectly now, is there any better way to approach this ? like is there any openssl wrapper in python where i can do the same instead of trying to guess encryption type, lets say the php code changes cipher from aes to cast5-cbc, so that i wont have rewrite my encryption/decryption methods ?
nice answer, I have a feeling this issue have something to do with segment_size but no idea how to change...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.