Converting Laravel's AES 256 Encryptor to C#

Question

I need to create the same results when using Crypt::Encrypt('secret') from Laravel, in C#. I found this thread Rijndael 256 Encrypt/decrypt between c# and php? and it seemed to be what I need, but I'm having some trouble with the third argument the, initialization vector :(.

Laravel using Rijndael AES to encrypt the data. All the user has to input is a secret key, in the config folder, that is totally random and 32 characters long.

The encyrption method looks like this:

public function encrypt($value)
    {
        $iv = mcrypt_create_iv($this->getIvSize(), $this->getRandomizer());

        $value = base64_encode($this->padAndMcrypt($value, $iv));

        // Once we have the encrypted value we will go ahead base64_encode the input
        // vector and create the MAC for the encrypted value so we can verify its
        // authenticity. Then, we'll JSON encode the data in a "payload" array.
        $mac = $this->hash($iv = base64_encode($iv), $value);

        return base64_encode(json_encode(compact('iv', 'value', 'mac')));
    }

The full Encryptor.php can be found here: http://pastebin.com/yfWLPxGn

Any idea as to what I would have to input to get the same results? :)

Answer 1

Initialization vector is an input that is typically random. So, algorithm always creates a different value using the same input, key and the different IV. If you'd like to generate same result using both PHP and C# code, you need to use the same IV value.

Laravel's encrypt() does not return the encrypted value only. The value encrypt() generates a base64 encoded string which has json encoded values of iv, mac and encrypted value.

So the steps you need to apply in your C# encode() method:

1. Encode the string using the code in the link you gave.
2. base64_encode() the encrypted value. We will use this value in the further steps.
3. Create MAC (Message Authentication Code) using base64_encoded IV as the value, encrypted value as the key and sha256 as the algorithm. Take a look at this one
4. Now we have encrypted value , mac and iv .

5. Create a json string like this:

    { iv: iv value (base64 encoded), value: encrypted value (base64 encoded), mac: mac value created in 3rd step } 

6. base64 encode your this json string.

7. You're all set.

Answer 2

You would want to not apply padding and not apply any specific mode of operation. There is a pseudo-mode called ECB which basically applies the bare cipher over many blocks and applies no padding. It requires full blocks to be used.

If you don't have a full block to encrypt, you need to figure out what padding mode is used.

If that doesn't work, then you need to figure out what mode and what initialization vector is used. An initialization vector is usually prepended to a message as a unique value that varies per message, as a way to prevent some mathematical attacks on bare ciphers applied over many blocks.