Dealing with openssl, encryption and PHP

sajoga · September 24, 2014, 1:45pm

Hi,

I’m having problems with the openssl, mime encoding and PHP. Following the instructions on this post: http://coronalabs.com/blog/2013/06/11/tutorial-using-the-openssl-plugin/ , this is what I get:

At Corona side:

local openssl = require “plugin.openssl” local cipher = openssl.get_cipher ( “aes-256-cbc” ) local mime = require ( “mime” ) local encryptedData = mime.b64 ( cipher:encrypt ( “Your Text Here”, “Your Key Here” ) ) local decryptedData = cipher:decrypt ( mime.unb64 ( encryptedData ), “Your Key Here” ) print ( "Encrypted Text: " … encryptedData ) – VS3oMYuhWEEjr7UY8N5xAQ== print ( "Decrypted Text: " … decryptedData ) – Your Text Here local testParams = { body = “encryptedData=” … encryptedData } network.request( url … “test.php”, “POST”, networkListener, testParams)
At server side:

<?php $source = ‘Your Encrypted Text Here’; $pass = ‘Your Key here’; $method = ‘aes-256-cbc’; echo "test : " .$_POST[‘encryptedData’]; // VS3oMYuhWEEjr7UY8N5xAQ== $encrypted = base64_encode ( openssl_encrypt ( $source, $method, $pass ) ); echo "encrypted : " .$encrypted; // RjhPVG9NVkVrbHQrckR6S1hnMmd0TW1tcmRtNHc1STZYSHNxMExwT1dEND0= $decrypted = openssl_decrypt ( base64_decode ( $encrypted ), $method, $pass ); echo "decrypted : " .$decrypted; // ‘Your Encrypted Text Here’ $decrypted2 = openssl_decrypt ( base64_decode ( $_POST[‘encryptedData’] ), $method, $pass ); echo "decrypted2 : " .$decrypted2; // ‘’ ?>

As you can see, the encryption results at local and server side are completely different. This is driving me crazy. I want to send data encrypted from my app to the server to connect to a database and perform queries and so.

Do you know what I’m doing wrong?

Thanks a lot!!

jonjonsson · September 24, 2014, 2:14pm

I see you are using a lower case h in ‘here’ in your PHP code but uppercase in Lua code. That could be it.

sajoga · September 24, 2014, 4:00pm

Well, I didn’t realize about that. Thanks. Also the “Your Text Here” does not match the $source value (‘Your Encrypted Text Here’).

BUT, I changed everything (“Your Text Here”, “Your Encrypted Text Here” and “Your Key here”) to “test”. Now the values are all the same, but the problem is still there. The results of encryption at local and remote still doesn’t match:

local openssl = require "plugin.openssl" local cipher = openssl.get\_cipher ( "aes-256-cbc" ) local mime = require ( "mime" ) local encryptedData = mime.b64 ( cipher:encrypt ( "test", "test" ) ) local decryptedData = cipher:decrypt ( mime.unb64 ( encryptedData ), "test" ) print ( "Encrypted Text: " .. encryptedData ) -- 33zefe1wMVR3XvkzkVBo9Q== print ( "Decrypted Text: " .. decryptedData ) -- test local testParams = { body = "encryptedData=" .. encryptedData } network.request( url .. "test.php", "POST", networkListener, testParams)

\<?php $source = 'test'; $pass = 'test'; $method = 'aes-256-cbc'; $encrypted = base64\_encode ( openssl\_encrypt ( $source, $method, $pass ) ); echo "encrypted : " .$encrypted; // MzN6ZWZlMXdNVlIzWHZremtWQm85UT09 $decrypted = openssl\_decrypt ( base64\_decode ( $encrypted ), $method, $pass ); echo "decrypted : " .$decrypted; // 'test' $encryptedData = $\_POST['encryptedData']; echo 'source : ' .$encryptedData; // 33zefe1wMVR3XvkzkVBo9Q== $decryptedData = openssl\_decrypt ( base64\_decode ( $encryptedData ), $method, $pass ); echo "decryptedData : " .$decryptedData; // '' (empty) ?\>

Any idea?

fhenryot · October 14, 2014, 3:56pm

Pls note that in PHP, openSSL automatically performs base64 on it. So, the example above needs to be updated as such :

$encrypted = base64_encode ( openssl_encrypt ( $source, $method, $pass ) );
TO
$encrypted = ( openssl_encrypt ( $source, $method, $pass ) );

jonjonsson · September 24, 2014, 2:14pm