Message:

Environment

• PHP7.4


• OpenSSL 3.0.0

Question

As shown below, result of openssl encrypto command is different from result of php openssl_encrypt function. Why result of two command isn't same?

$ php -r 'var_dump(openssl_encrypt("[email protected]", "bf-cbc","a88e2d710bee460c", 0,"11111111"));'
string(24) "4iZiBW4UYWswVd3fkS+OOA=="

$ echo "[email protected]" | openssl enc -bf-cbc -K "61383865326437313062656534363063" -iv "3131313131313131" -base64 -A -provider legacy (if version 1, no need to add -provider legacy)
(output) "4iZiBW4UYWsfLsRE7dKxZQ=="

in hex, KEY "a88e2d710bee460c" equal "6138 3865 3264 3731 3062 6565 3436 3063". (result of $ printf a88e2d710bee460c | xxd)

iv "11111111" equal "3131 3131 3131 3131" (result of $ printf 11111111 | xxd)

As for decrypto

$ echo "4iZiBW4UYWswVd3fkS+OOA==" | openssl enc -d -bf-cbc -K "61383865326437313062656534363063" -iv "3131313131313131" -base64 -provider legacy
(output with no newline) [email protected]

$ echo "4iZiBW4UYWsfLsRE7dKxZQ==" | openssl enc -d -bf-cbc -K "61383865326437313062656534363063" -iv "3131313131313131" -base64 -provider legacy
(output with newline) [email protected]

---

My Answer:
The difference in results between the `openssl enc` command and the `openssl_encrypt` function in PHP could be due to a variety of factors, including differences in the encryption algorithms, key generation, padding, or encoding used by each method.

Here are a few potential reasons for the discrepancy:

1. Encryption Algorithm: The `openssl enc` command and the `openssl_encrypt` function in PHP may be using different default encryption algorithms. Make sure that both methods are using the same algorithm (e.g. AES-256-CBC) and mode of operation (e.g. CBC).

2. Key Generation: The key used for encryption may be generated differently in each method. Ensure that both methods are using the same key and initialization vector (IV) for encryption.

3. Padding: The padding used for encryption may differ between the two methods. Make sure that both methods are using the same padding scheme (e.g. PKCS7).

4. Encoding: The encoding of the input data or output may be different between the two methods. Check that both methods are using the same encoding (e.g. base64) for input and output data.

To troubleshoot the issue further, you can try explicitly specifying the encryption algorithm, key, IV, padding, and encoding parameters in both the `openssl enc` command and the `openssl_encrypt` function to ensure consistency between the two methods. Additionally, you can compare the output of both methods byte by byte to identify any differences in the encrypted data.