CODEWITHSUNDEEP
phpencryptionphp-openssllibsodium
mybackhurtstoomuch12
mybackhurtstoomuch12

Reputation: 19

PHP Sodium Encryption/Decryption Fails Despite Consistent Configuration and Keys

I'm experiencing an issue with PHP Sodium encryption and decryption. Despite ensuring that the keys, configuration, and environments are consistent, decryption consistently fails.

PHP Version 8.2 Sodium + OpenSSL enabled on fpm config, left commented out on cli php.ini

These are my 2 scripts to encrypt and decrypt:

Encryption:


<?php
$config = parse_ini_file('/home/mysite/config.ini', true);
$encryptionKey = base64_decode($config['encryption_sodium']['encryption_key']);

function secured_encrypt($data, $key)
{
    if (strlen($key) !== SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_KEYBYTES) {
        throw new Exception('Invalid key length: ' . strlen($key) . ' bytes');
    }

    $nonce = random_bytes(SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES);
    $encrypted = sodium_crypto_aead_xchacha20poly1305_ietf_encrypt($data, '', $nonce, $key);
    $output = base64_encode($nonce . $encrypted);

    error_log("Encryption Key (hex): " . bin2hex($key));
    error_log("Nonce (hex): " . bin2hex($nonce));
    error_log("Encrypted Data (hex): " . bin2hex($encrypted));
    error_log("Base64 Encoded: " . $output);

    return $output;
}

$data = "Sensitive data to encrypt";
$encryptedData = secured_encrypt($data, $encryptionKey);
echo "Base64 Encoded: " . $encryptedData . PHP_EOL;
?>

Decryption Script:

<?php
$config = parse_ini_file('/home/mysite/config.ini', true);
$encryptionKey = base64_decode($config['encryption_sodium']['encryption_key']);

function secured_decrypt($encrypted, $key)
{
    if (strlen($key) !== SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_KEYBYTES) {
        throw new Exception('Invalid key length: ' . strlen($key) . ' bytes');
    }

    $decoded = base64_decode($encrypted);
    if ($decoded === false) {
        throw new Exception('Base64 decode failed');
    }

    $nonce_length = SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES;
    $nonce = substr($decoded, 0, $nonce_length);
    $ciphertext = substr($decoded, $nonce_length);

    error_log("Decryption Key (hex): " . bin2hex($key));
    error_log("Nonce (hex): " . bin2hex($nonce));
    error_log("Ciphertext (hex): " . bin2hex($ciphertext));

    $decrypted = sodium_crypto_aead_xchacha20poly1305_ietf_decrypt($ciphertext, '', $nonce, $key);
    if ($decrypted === false) {
        error_log("Decryption failed. Nonce (hex): " . bin2hex($nonce));
        error_log("Ciphertext (hex): " . bin2hex($ciphertext));
        error_log("Key (hex): " . bin2hex($key));
        throw new Exception('Decryption failed. Check logs for details.');
    }

    return $decrypted;
}

try {
    $encryptedData = '96f7TzDaKvYMqCiiM9JsSrkImFDg1f88Iyb+abD6ag4Wwe0SYIGMAnxRYuF/dMZbPTw0kMNluJ9OyrNALwHak=';
    error_log("Encrypted Data: " . $encryptedData);
    $decryptedData = secured_decrypt($encryptedData, $encryptionKey);
    echo "Decrypted Data: " . $decryptedData . PHP_EOL;
} catch (Exception $e) {
    error_log($e->getMessage());
    echo 'An error occurred: ' . $e->getMessage();
}
?>

The code encrypts and decrypts successfully on my local machine, and the environments are using the same php version and same extensions.

However, if I encrypt on this server, and try to decrypt using the outputted value on my local machine, it also fails to decrypt.

These are the outputs:

Encryption:

Original Data: Sensitive data to encrypt
Encryption Key (hex): cfb142f01779e3e6565518cd4955a03ce5474cd98e469447841ea0a71d28b10d
Nonce (hex): f7a7ebed9a063d4b0832da2022dc231b42e422613320995f
Encrypted Data (hex): f3c972f94a9c5e3a9838a5af7bd1268818c027c5162e1f74c65b3d3c3490c365b89f74cab3402f01da9
Base64 Encoded: 96f7TzDaKvYMqCiiM9JsSrkImFDg1f88Iyb+abD6ag4Wwe0SYIGMAnxRYuF/dMZbPTw0kMNluJ9OyrNALwHak=

Decryption:

Encrypted Data: 96f7TzDaKvYMqCiiM9JsSrkImFDg1f88Iyb+abD6ag4Wwe0SYIGMAnxRYuF/dMZbPTw0kMNluJ9OyrNALwHak=
Decryption Key (hex): cfb142f01779e3e6565518cd4955a03ce5474cd98e469447841ea0a71d28b10d
Nonce (hex): f7a7ebed9a063d4b0832da2022dc231b42e422613320995f
Ciphertext (hex): f3c972f94a9c5e3a9838a5af7bd1268818c027c5162e1f74c65b3d3c3490c365b89f74cab3402f01da9
Decryption failed. Check logs for details.

I am really unsure as to how to approach debugging, this is the 2nd encryption method I have tried. I was previously trying to use OpenSSL but kept running into bad decrypt errors.

Any help is massively appreciated. Thanks a lot!

Upvotes: 0

Views: 111

Answers (0)

Related Questions