John Davidson

Message:

I wrote a simple API with PHP that return an encypted string (using openssl_encrypt() function) to the clients/consumers.
When the consumer receives the encrypted string, it can't decrypt it correctly (obviously using the same key) because openssl_decrypt() function return false...

What's wrong?

/* Encryption on server */

$cipher     = "aes-128-gcm";

$key        = 'my-super-secret-key';

$ivlen      = openssl_cipher_iv_length($cipher);

$iv         = openssl_random_pseudo_bytes($ivlen);

$enc_string = openssl_encrypt($my_string, $cipher, $key, 0, $iv, $tag);



/* Decryption on client */

$cipher    = "aes-128-gcm";

$key       = 'my-super-secret-key';

$ivlen     = openssl_cipher_iv_length($cipher);

$iv        = openssl_random_pseudo_bytes($ivlen);

$my_string = openssl_decrypt($enc_string, $cipher, $key, 0, $iv, $tag);

---

My Answer:
openssl_encrypt($data, 'AES-256-CBC', $key, 0, $iv);_echo $cipher;_/* Decryption on client */_$decrypted = openssl_decrypt($cipher, 'AES-256-CBC', $key, 0, $iv);_if ($decrypted === false) { echo "Decryption failed";}_The issue might be related to the encoding of the key and IV. Make sure that the key and IV are encoded in the same way on both the server and client side. You can use base64_encode() and base64_decode() functions to encode and decode the key and IV before using them in the encryption and decryption functions._Also, ensure that the key and IV are securely generated and stored. If the key or IV is incorrect or compromised, the decryption will fail._Additionally, check if the encryption and decryption algorithms and modes are compatible on both the server and client side. Make sure that the same algorithm and mode are used for both encryption and decryption._If the issue persists, you can try using a different encryption and decryption library or method to see if that resolves the problem.