Base64 encryption in android

Question

Below is the PHP code for encryption and decryption. I want to do similar in my android application

    <?php
function my_simple_crypt( $string, $action = 'e' ) {
   // you may change these values to your own
   $secret_key = '8D9479FA674EF929B7AEEC8CD7593';
   $secret_iv = '6CA78EDF24D9B258E9297A4EE251A';

   $output = false;
   $encrypt_method = "AES-256-CBC";
   $key = hash( 'sha256', $secret_key );
   $iv = substr( hash( 'sha256', $secret_iv ), 0, 16 );

   if( $action == 'e' ) {
       $output = base64_encode( openssl_encrypt( $string, $encrypt_method, $key, 0, $iv ) );
   }
   else if( $action == 'd' ){
       $output = openssl_decrypt( base64_decode( $string ), $encrypt_method, $key, 0, $iv );
   }

   return $output;
}

echo my_simple_crypt("token=RAJSHEKAR_9d979115-4a59-486d-b12a-ff0f2c36344e&loginName=rajshekar&clinicUserId=788");


?>

I have done the hash generation.

  public String computeHash(String input)
            throws NoSuchAlgorithmException, UnsupportedEncodingException
    {
        MessageDigest digest = MessageDigest.getInstance("SHA-256");
        byte[] hash = digest.digest(
                input.getBytes(StandardCharsets.UTF_8));
        StringBuffer hexString = new StringBuffer();
        for (int i = 0; i < hash.length; i++) {
            String hex = Integer.toHexString(0xff & hash[i]);
            if(hex.length() == 1) hexString.append('0');
            hexString.append(hex);
        }
        System.out.println("hexString::"+hexString.toString());
        return hexString.toString();
    }

Below is the code for encryption, but I'm not getting the correct encrypted output.

 public static String encrypt(String key, String iv, String data) {
        try {
            IvParameterSpec initVector = new IvParameterSpec(iv.getBytes("UTF-8"));
            SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");

            Cipher cipher = Cipher.getInstance(WebviewActivity.CIPHER_NAME);
            cipher.init(Cipher.ENCRYPT_MODE, skeySpec, initVector);

            byte[] encryptedData = cipher.doFinal((data.getBytes()));

            String base64_EncryptedData = Base64.encodeToString(encryptedData,Base64.DEFAULT);

            return base64_EncryptedData;

        } catch (Exception ex) {
            ex.printStackTrace();
        }

        return null;
    }

I want to encrypt in such a way that the data can be decrypted on php side.

Answer 1

If you consult the PHP docs for openssl_encrypt you'll note that, with no options set, the function will return the result of encryption as a hex string and not as raw binary data.

In your Java code, you are base64 encoding the actual binary result of encryption (as you should). In your PHP code you are base64 encoding the hex string result of encryption, which you shouldn't. You need to use OPENSSL_RAW_DATA .

Also note that your code has a number of security issues. Using a fixed IV is one of the bigger ones, don't do this. I wouldn't recommend using the code you have in a production environment.