CODEWITHSUNDEEP
javascriptphpencryptioncryptography
Lucas
Lucas

Reputation: 303

Encrypt with Javascript library SJCL, decrypt with PHP

I am using this library: https://github.com/bitwiseshiftleft/sjcl

I want to encrypt a string client side, pass it through the URL, and then decrypt it in the backend.

This is the JS:

<script src="https://bitwiseshiftleft.github.io/sjcl/sjcl.js"></script>
<script>
var ciphertext = sjcl.encrypt("password", "Hello World!")
var plaintext = sjcl.decrypt("password", ciphertext)
console.log(ciphertext)
console.log(plaintext)
</script>

Results.

console.log(plaintext):

{"iv":"XA+HFebsM7WiVy0Ko8EEuA==","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"f4BX8a9fUPM=","ct":"a4LesnrsT7C6MmkxZifSw7FsDyI="}

console.log(ciphertext):

Hello World!

As you can see, encryption and decryption work as intended with JS. The problem comes when I try to decrypt it using PHP:

$password = 'password';
$input    = json_decode('{"iv":"XA+HFebsM7WiVy0Ko8EEuA==","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"f4BX8a9fUPM=","ct":"a4LesnrsT7C6MmkxZifSw7FsDyI="}', true);
$digest   = hash_pbkdf2('sha256', $password, base64_decode($input['salt']), $input['iter'], 16, true);
$cipher   = $input['cipher'] . '-' . $input['ks'] . '-' . $input['mode'];
$ct       = substr(base64_decode($input['ct']), 0, - $input['ts'] / 8);
$tag      = substr(base64_decode($input['ct']), - $input['ts'] / 8);
$iv       = base64_decode($input['iv']);
$adata    = $input['adata'];

$dt = openssl_decrypt($ct, $cipher, $digest, OPENSSL_RAW_DATA, $iv, $tag, $adata);
var_dump($dt);
while ($msg = openssl_error_string()) {
    echo $msg . "\n";
}

Result of var_dump($dt) is false, which is what happens when the openssl_decrypt fails to decrypt the string. Surely I'm missing something, anyone could help me notice what it is?

Upvotes: 2

Views: 1095

Answers (1)

MOS0711
MOS0711

Reputation: 31

I've got it running when using mode 'gcm' with a 128-bit iv.

  var key = 'password';
  var p = { mode: 'gcm', iv: sjcl.random.randomWords(4, 0) };
  var encrypted = sjcl.encrypt(key, 'Hello World', p);

This leads to output e.g.:

{"iv":"/Jyo0DNWt0CNUW6AYkpnBw==","v":1,"iter":10000,"ks":128,"ts":64,"mode":"gcm","adata":"","cipher":"aes","salt":"jFSuZEEICq8=","ct":"7+M0Wv79zKXu4SUYJPZAIIBYgw=="}

This JSON output is used as input in PHP:

$input = json_decode('<JSON output from above goes here>', true);

which can be passed to decryption like mentioned in the example code above:

$password = 'password';
$digest   = hash_pbkdf2('sha256', $password, base64_decode($input['salt']), 
$input['iter'], 0, true);
$cipher   = $input['cipher'] . '-' . $input['ks'] . '-' . $input['mode'];
$ct       = substr(base64_decode($input['ct']), 0, - $input['ts'] / 8);
$tag      = substr(base64_decode($input['ct']), - $input['ts'] / 8);
$iv       = base64_decode($input['iv']);
$adata    = $input['adata'];

$dt = openssl_decrypt($ct, $cipher, $digest, OPENSSL_RAW_DATA, $iv, $tag, $adata);
var_dump($dt);

This worked for me using PHP version 7.1.9

Upvotes: 3

Related Questions