Ok I need some help with PHP. I have an encryption class in c# and I need to create a similar one in PHP that will encrypt and decrypt the same way (they need to talk to each other).
I know there are several similar questions on SO and I think I have read most if not all of them. I have tried to apply them to my code and I'm just not getting the correct result, PHP always encrypts to a different value than the c# version. I've read up on it and tried different things as mentioned, but encryption is not one of my strong points and I'm just not getting it. Can anyone help? Here is the c# code:
// Encrypt a string into a string using a password
public static string Encrypt(string clearText, string Password)
{
// First we need to turn the input string into a byte array.
byte[] clearBytes = Encoding.Unicode.GetBytes(clearText);
// Then, we need to turn the password into Key and IV
// We are using salt to make it harder to guess our key using a dictionary attack -
// trying to guess a password by enumerating all possible words.
PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,
new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
// Now get the key/IV and do the encryption using the function that accepts byte arrays.
// Using PasswordDeriveBytes object we are first getting 32 bytes for the Key
// (the default Rijndael key length is 256bit = 32bytes) and then 16 bytes for the IV.
// IV should always be the block size, which is by default 16 bytes (128 bit) for Rijndael.
byte[] encryptedData = Encrypt(clearBytes, pdb.GetBytes(32), pdb.GetBytes(16));
// Now we need to turn the resulting byte array into a string.
// A common mistake would be to use an Encoding class for that. It does not work
// because not all byte values can be represented by characters.
// We are going to be using Base64 encoding that is designed exactly for what we are
// trying to do.
return Convert.ToBase64String(encryptedData);
}
// Encrypt a byte array into a byte array using a key and an IV
static byte[] Encrypt(byte[] clearData, byte[] Key, byte[] IV)
{
MessageBox.Show(Encoding.Unicode.GetString(clearData) + "\n" + Convert.ToBase64String(Key) + "\n" +
Convert.ToBase64String(IV));
// Create a MemoryStream that is going to accept the encrypted bytes
MemoryStream ms = new MemoryStream();
// Create a symmetric algorithm.
// We are going to use Rijndael because it is strong and available on all platforms.
Rijndael alg = Rijndael.Create();
// Now set the key and the IV.
// We need the IV (Initialization Vector) because the algorithm is operating in its default
// mode called CBC (Cipher Block Chaining). The IV is XORed with the first block (8 byte)
// of the data before it is encrypted, and then each encrypted block is XORed with the
// following block of plaintext. This is done to make encryption more secure.
// There is also a mode called ECB which does not need an IV, but it is much less secure.
alg.Key = Key;
alg.IV = IV;
// Create a CryptoStream through which we are going to be pumping our data.
// CryptoStreamMode.Write means that we are going to be writing data to the stream
// and the output will be written in the MemoryStream we have provided.
CryptoStream cs = new CryptoStream(ms, alg.CreateEncryptor(), CryptoStreamMode.Write);
// Write the data and make it do the encryption
cs.Write(clearData, 0, clearData.Length);
// Close the crypto stream (or do FlushFinalBlock).
// This will tell it that we have done our encryption and there is no more data coming in,
// and it is now a good time to apply the padding and finalize the encryption process.
cs.Close();
// Now get the encrypted data from the MemoryStream.
// Some people make a mistake of using GetBuffer() here, which is not the right way.
byte[] encryptedData = ms.ToArray();
return encryptedData;
}
// Decrypt a string into a string using a password
// Uses Decrypt(byte[], byte[], byte[])
public static string Decrypt(string cipherText, string Password)
{
string strDecryptedKey = String.Empty;
if ((cipherText == null) || (cipherText.Length == 0))
{
return strDecryptedKey;
}
try
{
// First we need to turn the input string into a byte array.
// We presume that Base64 encoding was used
byte[] cipherBytes = Convert.FromBase64String(cipherText);
// Then, we need to turn the password into Key and IV
// We are using salt to make it harder to guess our key using a dictionary attack -
// trying to guess a password by enumerating all possible words.
PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,
new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
// Now get the key/IV and do the decryption using the function that accepts byte arrays.
// Using PasswordDeriveBytes object we are first getting 32 bytes for the Key
// (the default Rijndael key length is 256bit = 32bytes) and then 16 bytes for the IV.
// IV should always be the block size, which is by default 16 bytes (128 bit) for Rijndael.
byte[] decryptedData = Decrypt(cipherBytes, pdb.GetBytes(32), pdb.GetBytes(16));
// Now we need to turn the resulting byte array into a string.
// A common mistake would be to use an Encoding class for that. It does not work
// because not all byte values can be represented by characters.
// We are going to be using Base64 encoding that is designed exactly for what we are
// trying to do.
strDecryptedKey = Encoding.Unicode.GetString(decryptedData);
}
catch (Exception ex)
{
throw ex;
}
return strDecryptedKey;
}
// Decrypt a byte array into a byte array using a key and an IV
static byte[] Decrypt(byte[] cipherData, byte[] Key, byte[] IV)
{
byte[] decryptedData = null;
try
{
// Create a MemoryStream that is going to accept the decrypted bytes
MemoryStream ms = new MemoryStream();
// Create a symmetric algorithm.
Rijndael alg = Rijndael.Create();
// Now set the key and the IV.
// We need the IV (Initialization Vector) because the algorithm is operating in its default
// mode called CBC (Cipher Block Chaining). The IV is XORed with the first block (8 byte)
// of the data after it is decrypted, and then each decrypted block is XORed with the previous
// cipher block. This is done to make encryption more secure.
// There is also a mode called ECB which does not need an IV, but it is much less secure.
alg.Key = Key;
alg.IV = IV;
// Create a CryptoStream through which we are going to be pumping our data.
// CryptoStreamMode.Write means that we are going to be writing data to the stream
// and the output will be written in the MemoryStream we have provided.
CryptoStream cs = new CryptoStream(ms, alg.CreateDecryptor(), CryptoStreamMode.Write);
// Write the data and make it do the decryption
cs.Write(cipherData, 0, cipherData.Length);
// Close the crypto stream (or do FlushFinalBlock).
// This will tell it that we have done our decryption and there is no more data coming in,
// and it is now a good time to remove the padding and finalize the decryption process.
cs.Close();
// Now get the decrypted data from the MemoryStream.
// Some people make a mistake of using GetBuffer() here, which is not the right way.
decryptedData = ms.ToArray();
}
catch (Exception ex)
{
throw ex;
}
return decryptedData;
}
Here is my php code (with a few passwords that I currently have hard coded removed, I will change that before production, just trying to get proof of concept working):
date_default_timezone_set('UTC');
$encText="something";
$baseVal="**my password which is about 30 something characters if that matters**";
$salt="**my salt**";
$pwHex=strToHex($baseVal);
$saltHex=strToHex($salt);
echo($baseVal."/".$salt."<br />");
echo("Hex= ".$pwHex)."<br />";
echo("saltHex= ".$saltHex."<br />");
$pwBin=pack("H*",$pwHex);
$saltBin=pack("H*",$saltHex);
$devKey=PBKDF1($pwBin,$saltBin,100,48);
echo("Dev Key: ".base64_encode($devKey)."<br />");
$cryptKey=bin2hex(substr($devKey,0,16));
$cryptIv=bin2hex(substr($devKey,16,32));
echo("Crypt Key: ".base64_encode($cryptKey)."<br />");
echo("Crypt IV: ".base64_encode($cryptIv)."<br />");
echo("size: ".mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,MCRYPT_MODE_CBC)."<br />");
$enc=mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $cryptKey, $encText, MCRYPT_MODE_CBC, $cryptIv);
$enc_64=base64_encode($enc);
echo("Cipher: ".$enc_64."\n");
$dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $cryptKey, $enc, MCRYPT_MODE_CBC,
$cryptIv);
$dec64 = base64_encode($dec);
echo($dec64);
function PBKDF1($pass,$salt,$count,$dklen) {
$t = $pass.$salt;
//echo 'S||P: '.bin2hex($t).'<br/>';
$t = sha1($t, true);
//echo 'T1:' . bin2hex($t) . '<br/>';
for($i=2; $i <= $count; $i++) {
$t = sha1($t, true);
//echo 'T'.$i.':' . bin2hex($t) . '<br/>';
}
$t = substr($t,0,$dklen-1);
return $t;
}
function strToHex($string){
$hex = '';
for ($i=0; $i<strlen($string); $i++){
$ord = ord($string[$i]);
$hexCode = dechex($ord);
$hex .= substr('0'.$hexCode, -2);
}
return strToUpper($hex);
}
Any help is greatly appreciated.