使用phpseclib加密的数据无法使用openssl解密

Question

I am using phpseclib to encode the contents of a json file using a random key as follows:

$plainkey = openssl_random_pseudo_bytes(32); 
$iv = openssl_random_pseudo_bytes(16);

$payload_plain = file_get_contents("file.json");

$cipher = new Crypt_AES(CRYPT_AES_MODE_CBC);
$cipher->setKeyLength(256);
$cipher->setKey($plainkey);
$cipher->setIV($iv);

$enc_payload = $cipher->encrypt($payload_plain);

At this point, $enc_payload contains the ciphertext, and calling $cipher->decode on it returns the plaintext, as expected. So far so good.

The problem arises when i write this encrypted data to a file and then try to decrypt it using openssl , using a command such as the one below:

openssl enc -d -aes-256-cbc -iv 17741abad138acc10ab340aaa7c4b790 -K d96ab4a30d73313d4c525844fce61d9f925e119cf178761b27ad0deab92a32bf -in encrypted.txt -out plain.txt

whereby the values for -iv and -K have been obtained by using bin2hex on the random byte values obtained in the script above.

Running that command gives me an error and plain.txt contains a half correct / half scrambled version of the original json string. Error:

bad decrypt
13124:error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length:.\crypto\evp\evp_enc.c:323:

What am i missing? I am thinking maybe the part where i use bin2hex on the key / iv is incorrect, but I have tried using the byte strings directly without any success. How is this done normally? Or am i missing anything obvious?

Thanks

Answer 1

It worked fine for me. My code (adapted from yours):

<?php
include('Crypt/AES.php');

$plainkey = pack('H*', 'd96ab4a30d73313d4c525844fce61d9f925e119cf178761b27ad0deab92a32bf'); 
$iv = pack('H*', '17741abad138acc10ab340aaa7c4b790');

$payload_plain = file_get_contents('plaintext.txt');

$cipher = new Crypt_AES(CRYPT_AES_MODE_CBC);
$cipher->setKeyLength(256);
$cipher->setKey($plainkey);
$cipher->setIV($iv);

$enc_payload = $cipher->encrypt($payload_plain);

file_put_contents('ciphertext.txt', $enc_payload);

I decrypted with this:

openssl enc -d -aes-256-cbc -iv 17741abad138acc10ab340aaa7c4b790 -K d96ab4a30d73313d4c525844fce61d9f925e119cf178761b27ad0deab92a32bf -nosalt -p -in encrypted.txt -out plaintext.txt

The difference is that I have -p and -nosalt . -p just prints the keys out but maybe -nosalt is what you need.

Or maybe the problem is simpler than even this. In the code snippet you posted you're not echo'ing or saving the key / iv anywhere. Maybe you're not outputting the right values.

I got the OpenSSL parameters from http://phpseclib.sourceforge.net/interop.html#aes,p1openssl,p2phpseclib