CODEWITHSUNDEEP
phpcoldfusionaesencryption
hans maeier
hans maeier

Reputation: 45

Decrypt AES from Coldfusion to PHP

I encrypted a string in ColdFusion using:

<cfset strEnc=ToBase64(Encrypt("some text","123", "AES","Base64"))>

I can decrypt the string in ColdFusion using:

<cfset strDec=ToString(Decrypt(ToBinary(strEnc), "123", "AES","Base64"))>

But I am unable to decrypt strEnc in PHP. I have found some decrypt functions in PHP. But they require an iv parameter. Can anyone help me?

Upvotes: 0

Views: 1315

Answers (3)

hans maeier
hans maeier

Reputation: 45

$key = base64_decode($key);

$data = base64_decode($data);

echo mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_ECB);

Upvotes: 1

Matt Gifford
Matt Gifford

Reputation: 1268

The native methods offered by each language will vary in terms of expected arguments, parameters and encryptions methods.

To be able to encrypt in one language and decrypt in another, you would need to use a 'global' security tool - one that works cross-language.

I would recommend you have a look at ESAPI (Enterprise Security API) https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API, which is an open-source security library created by OWASP (the Open Web Application Security Project) https://www.owasp.org

There is a ColdFusion-specific implementation of the ESAPI library (https://github.com/damonmiller/cfesapi) and a PHP library (http://code.google.com/p/owasp-esapi-php/)

As both are built on the same core security practices, the implementation of the various methods would work on whatever platform / language you wish to use them on.

ESAPI is essentially built using a series of interfaces which allow you to select and use various parts of the security library to suit your needs.

Have a look at the Encryptor, which provides methods for hashing and encrypting data. It can also sign and seal to add additional data integrity checks if you wanted to go that far. (it all depends how in-depth you wanted to go).

ESAPI essentially allows developers to set details such as hash and salt keys, encryption keys and other details in a security configuration file (a simple text file) which the library will read from. As this is the case, your PHP implementation could easily have the same security details as your ColdFusion implementation, meaning they would share the same encryption / hash / salt etc details, and as such would encrypt and decrypt the same data to the same values.

I haven't added any code samples to this comment, but if this sounds like something that would help you and would fulfil your requirements, check out the links to the ESAPI libraries mentioned above. It's fairly easy to pick up and learn, and will do what you need easily.

Upvotes: 3

Hardik
Hardik

Reputation: 536

Take a look at base64_decode() and aes_decrypt

Upvotes: 1

Related Questions