stackoom
  简体   繁体   中英

Encryption with PHP and Decryption with Coldfusion

 原文  2020-09-25 18:12:05       php/ encryption/ coldfusion

Question

We are currently encrypting values from our website with PHP before writing them to a MySQL table. We can successfully decrypt the values with PHP, however, we've developed a need to also be able to decrypt the data with Coldfusion. Unfortunately we haven't been able to get that to work. I'm looking for a solution that will do either of these two things:

  1. Successfully uses our existing encryption code/data written in PHP and being able to decrypt it successfully with Coldfusion (preferred).
  2. A modification to our existing encryption code written in PHP that can be successfully decrypted in Coldfusion.

Here is our current PHP encryption code:

private $cipher="AES-128-CBC";
  
                // Encrypt a value
  private function encrypt($value,$key){
    $ivlen = openssl_cipher_iv_length($this->cipher);
    $iv = openssl_random_pseudo_bytes($ivlen);
    $ciphertext_raw = openssl_encrypt($value, $this->cipher, $key, OPENSSL_RAW_DATA, $iv);
    $hmac = hash_hmac('sha512', $ciphertext_raw, $key, true);
    $encryptedValue = base64_encode( $iv.$hmac.$ciphertext_raw );
    return $encryptedValue;
  }

Here is our current PHP decryption code:

                // Decrypt a value
  public function decrypt($encryptedValue,$key){
    $val = base64_decode($encryptedValue);
    $ivlen = openssl_cipher_iv_length($this->cipher);
    $iv = substr($val, 0, $ivlen);
    $hmac = substr($val, $ivlen, $this->sha2len);
    $ciphertext_raw = substr($val, $ivlen+$this->sha2len);
    $decryptedValue = openssl_decrypt($ciphertext_raw, $this->cipher, $key, OPENSSL_RAW_DATA, $iv);
    return $decryptedValue;
  }

I tried a decrypt test in Coldfusion with the following code:

<cfset TestString="ltlXr0hdv8kE9v+VVJ8GmLYVfgPSZPr9QCL89QoMupFJrXNdYmFi7sp0wbx8CbzJycmzblLDB/zF5pXrmRasMoW8PGV7tfjnEsxv8LUt7xj/56tAMHRJxIRk01TdpNvJ">
<cfset KeyString="7w!z%C&F)J@NcRfUjXn2r5u8x/A?D(G-KaPdSgVkYp3s6v9y$B&E)H@MbQeThWmZ">
<cfset NewString='#Decrypt(TestString, KeyString, "AES", "Base64")#'>
<cfoutput>#NewString#</cfoutput>

That fails, however, with the error:

"Error","ajp-nio-8018-exec-7","09/25/20","11:26:48","","An error occurred while trying to encrypt or decrypt your input string: '' Can not decode string ""7w!z%C&F)J@NcRfUjXn2r5u8x/A?D(G-KaPdSgVkYp3s6v9y$B&E)H@MbQeThWmZ"".. The specific sequence of files included or processed is: C:\\inetpub\\wwwroot\\scheduled\\Decrypt_Test.cfm, line: 3 "

Note that the correct decrypted value is: Arlene

Any ideas? Any help would be appreciated. Thank you.

1 answers

solution1
 4 ACCPTED  2020-09-26 08:11:00

The PHP code uses AES-128, ie a 16 bytes large key. But the applied key ( 7w!z%C&F)J@NcRfUjXn2r5u8x/A?D(G-KaPdSgVkYp3s6v9y$B&E)H@MbQeThWmZ ) is much larger. PHP truncates too long keys according to the specified AES variant, ie for AES-128 only the first 16 bytes are considered, the rest is ignored. In the ColdFusion script the same 16 bytes key must be used.

In addition, in the PHP code IV, HMac and ciphertext are concatenated during encryption before the Base64 encoding and separated again during decryption after the Base64 decoding.
IV and ciphertext are required for decryption. The HMac is generally used for authentication, but this is not implemented here (to do so, the HMac would have to be determined for the received ciphertext and compared with the received HMac).
In the ColdFusion script no separation takes place, instead the concatenated data is decrypted directly, which fails. Ie the missing separation must be implemented, then IV and ciphertext can be used for decryption.

The following ColdFusion script illustrates the logic which has to be implemented. The script can be executed here :

<!--- Hex encode encrypted data --->
<cfset EncryptedData=binaryDecode("ltlXr0hdv8kE9v+VVJ8GmLYVfgPSZPr9QCL89QoMupFJrXNdYmFi7sp0wbx8CbzJycmzblLDB/zF5pXrmRasMoW8PGV7tfjnEsxv8LUt7xj/56tAMHRJxIRk01TdpNvJ","base64")>
<cfset EncryptedDataHex=binaryEncode(EncryptedData,"hex")>

<!--- Separate IV (first 32 chars / 16 bytes), HMac(SHA512) (next 128 chars / 64 bytes), ciphertext --->
<cfset IVHex=Mid(EncryptedDataHex,1,32)>
<cfoutput>#IVHex#</cfoutput><br>
<cfset HMacHex=Mid(EncryptedDataHex,1+32,128)> <!--- Will not be used any further, see PHP code --->
<cfoutput>#HMacHex#</cfoutput><br>
<cfset CiphertextHex=Mid(EncryptedDataHex,1+32+128,len(EncryptedDataHex)-160)>
<cfoutput>#CiphertextHex#</cfoutput><br>

<!--- Truncate key to 16 bytes --->
<cfset Key=Mid("7w!z%C&F)J@NcRfUjXn2r5u8x/A?D(G-KaPdSgVkYp3s6v9y$B&E)H@MbQeThWmZ",1,16)>

<!--- Decrypt --->
<cfset KeyB64=toBase64(Key)>
<cfset IV=binaryDecode(IVHex,"hex")>
<cfset Plaintext=Decrypt(CiphertextHex,KeyB64,"AES/CBC/PKCS5Padding","hex",IV)>
<cfoutput>#Plaintext#</cfoutput>

With the output:

96D957AF485DBFC904F6FF95549F0698 
B6157E03D264FAFD4022FCF50A0CBA9149AD735D626162EECA74C1BC7C09BCC9C9C9B36E52C307FCC5E695EB9916AC3285BC3C657BB5F8E712CC6FF0B52DEF18 
FFE7AB40307449C48464D354DDA4DBC9 
Arlene

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question encryption decryption function in php Encryption in JavaScript and decryption with PHP PHP data encryption and decryption Javascript and PHP Encryption/Decryption Flash Encryption PHP Decryption OpenSSL Encryption / Decryption php encryption and decryption using php Easy Encryption and Decryption with PHP Encryption in Java and decryption in PHP Encryption PHP, Decryption Java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM