没有IV的Crypt_AES phpseclib等效C＃

Question

I need to integrate an xml service to our application and the web service is using phpseclib AES Encryption and Decryption. So, I need to understand the flow of phpseclib. We are working on .NET C# environment and we can not analyse that php code. Please find the sample php code for the implementation and advice me how to convert it to C#.

set_include_path('vendor/pear'); 
require_once '/Crypt/AES.php';
require_once '/SOAP/Client.php'; 

$password = 'ewad3x45efc542b3897e23esgy4s6xnm';
$data = '  
<WorkRequest version="3.0"> 
 <work>WORK NOW!</work>
</WorkRequest> '; 

$crypt = new Crypt_AES();      
$crypt->setKey($password);  
$data = gzencode($data);
$data = $crypt->encrypt($data);

As you can see, there is no IV or such things. Only setKey and encrypt methods are used in example code.

Answer 1

phpseclib uses CBC mode by default. That mode requires an IV. As some of the other comments have noted, the version of phpseclib that you're using uses an IV of all null bytes when none is present.

$crypt->setKey($password); 

The fact that the variable name is $password does make me wonder if some sort of PBKDF is being used in your C# implementation. It's hard to tell because you don't have your C# code posted.

I am already getting "Padding is invalid and cannot be removed." error when I try to decrypt an encrypted string

phpseclib uses PKCS8 padding by default. ie. if the plaintext is a multiple of the block length it'll append 16x 0x16 bytes. If it's two bytes shy of a multiple of the block length it'll append 2x 0x02 bytes.

Maybe your C# implementation is using a different type of padding. If so you can implement your own by first disabling PKCS8 padding by doing $crypt->disablePadding(); and then applying your own custom padding before you perform the encryption.