Reputation: 540
Replicating Java's AES/CBC/PKCS5Padding encryption in PHP
Have included the java and php code and outputs below. Goal is to get the java checksum value in php. As can be seen I have the same inputs in php as in java and though I have tried a lot of variations of arguments in php's openssl_encrypt function but not able to get the desired output. Help to resolve this will be much appreciated! Do note that the java code is authoritative, any changes needed would be in php only.
Java code :
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
import java.io.ByteArrayOutputStream;
public class ChecksumGen {
public static void main(final String[] args) {
String data = "INPUTDATA";
String secretKey = "0000000000000000000000000000000000000000000000000000000000000000";
byte[] iv = new byte[16];
try {
byte[] hashedData = getDigest(data);
byte[] key = hexStringToByteArray(secretKey);
byte[] checksum = encrypt(key, hashedData, iv);
showB64("key ", key);
showB64("iv ", iv);
showB64("hashedData ", hashedData);
showB64("checksum ", checksum);
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
public static byte[] getDigest(String checkSumInput) {
try {
MessageDigest localMessageDigest = MessageDigest.getInstance("SHA-256");
byte[] checkSumInputBytes = checkSumInput.getBytes("UTF-8");
localMessageDigest.update(checkSumInputBytes);
byte[] digest = localMessageDigest.digest();
return digest;
} catch (NoSuchAlgorithmException | UnsupportedEncodingException ex) {
throw new RuntimeException(ex);
}
}
public static byte[] hexStringToByteArray(String s) {
byte[] b = new byte[s.length() / 2];
for (int i = 0; i < b.length; i++) {
int index = i * 2;
int v = Integer.parseInt(s.substring(index, index + 2), 16);
b[i] = (byte) v;
}
return b;
}
public static byte[] encrypt(byte[] key,byte[] data, byte[] iv)throws Exception{
SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
IvParameterSpec ivSpec = new IvParameterSpec(iv);
Cipher acipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
acipher.init(Cipher.ENCRYPT_MODE, secretKeySpec,ivSpec);
byte[] arrayOfByte1 = acipher.doFinal(data);
return arrayOfByte1;
}
public static void showB64(String label, byte[] rawData) {
System.out.println(label + ":" + Base64.getEncoder().encodeToString(rawData));
}
}
PHP code :
<?php
$data = "INPUTDATA";
$hashedData = hash("sha256", $data, true);
$secretKey = "0000000000000000000000000000000000000000000000000000000000000000";
$ivStr = "00000000000000000000000000000000";
$key = pack('H*', $secretKey);
$iv = pack('H*', $ivStr);
$inputData = pkcs5_pad($hashedData, 16);
showB64('key', $key);
showB64('iv', $iv);
showB64('hashedData', $hashedData);
showB64('inputData', $inputData);
$checksum = encrypt($key, $inputData, $iv);
showB64('checksum', $checksum);
function encrypt($key,$data,$iv){
$cipher = 'AES-128-CBC';
$options = OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING;
$raw = openssl_encrypt(
$data,
$cipher,
$key,
$options,
$iv
);
return $raw;
}
function pkcs5_pad($text, $blocksize){
$pad = $blocksize - (strlen($text) % $blocksize);
return $text . str_repeat(chr($pad), $pad);
}
function showB64($label, $rawData) {
echo "{$label} :".base64_encode($rawData)."\n";
}
Java output :
key :AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
iv :AAAAAAAAAAAAAAAAAAAAAA==
hashedData :ZAgNCUfIbdT9EjdkCb3XDNpMFGV34rXNjcTOQ9cdZ3w=
checksum :9NS/ZKMscpa4V7i2YQQPoycxCwbL1BlK3h9O/1ujoD1iYgjE8tZx+JRGflw5WikH
PHP output :
key :AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
iv :AAAAAAAAAAAAAAAAAAAAAA==
hashedData :ZAgNCUfIbdT9EjdkCb3XDNpMFGV34rXNjcTOQ9cdZ3w=
inputData :ZAgNCUfIbdT9EjdkCb3XDNpMFGV34rXNjcTOQ9cdZ3wQEBAQEBAQEBAQEBAQEBAQ
checksum :LtdJzSl9UgEpZrpdg7X5g5CYqE3eXQvijazrvkw0XFNY2bxn8zGp1ea8DrUmw/uu
Upvotes: 2
Views: 5765
Answers (1)
Reputation: 540
Finally figured out the solution as per following link :
https://gist.github.com/odan/c1dc2798ef9cedb9fedd09cdfe6e8e76#gistcomment-2743227
MCRYPT_RIJNDAEL_128 is not the same as AES-128-CBC.
In MYCRYT_RIJNDAEL_128 the 128 actually refers to block size not key size, in AES-128-CBC the 128 refers to key size, i.e. they are both AES-256 when used with a valid 256-bit key.
In the PHP code, changing $cipher in function encrypt() to 'AES-256-CBC' from 'AES-128-CBC' helps us get the required output using openssl_encrypt.
Upvotes: 1
Related Questions
- Decrypt AES/GCM/PKCS5Padding in PHP from Java payload
- How to change Java AES ‐ CBC with PKCS5 Padding to PHP
- Unable to replicate an encryption method from Java to PHP using AES/ECB/PKCS5Padding
- AES-256-CBC encrypted with PHP and decrypt in Java
- Convert Java AES encryption to PHP
- Use PHP to get the same AES-128-CBC encryption as java does
- Android/Java AES 256 CBC with PKCS5Padding decryption in PHP
- AES/CBC/PKCS#5 Encryption Algorithm In PHP
- En-/decrypt "AES/ECB/PKCS5Padding" in Java
- AES encryption using Java and PHP