John Davidson

Decrypt encrypted string on a different machine with PHP

0 comments
Message:


I wrote a simple API with PHP that return an encypted string (using openssl_encrypt() function) to the clients/consumers.
When the consumer receives the encrypted string, it can't decrypt it correctly (obviously using the same key) because openssl_decrypt() function return false...


What's wrong?


/* Encryption on server */
$cipher = "aes-128-gcm";
$key = 'my-super-secret-key';
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$enc_string = openssl_encrypt($my_string, $cipher, $key, 0, $iv, $tag);

/* Decryption on client */
$cipher = "aes-128-gcm";
$key = 'my-super-secret-key';
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$my_string = openssl_decrypt($enc_string, $cipher, $key, 0, $iv, $tag);


My Answer:
openssl_encrypt($data, 'AES-256-CBC', $key, 0, $iv);_echo $cipher;_/* Decryption on client */_$decrypted = openssl_decrypt($cipher, 'AES-256-CBC', $key, 0, $iv);_if ($decrypted === false) { echo "Decryption failed";}_The issue might be related to the encoding of the key and IV. Make sure that the key and IV are encoded in the same way on both the server and client side. You can use base64_encode() and base64_decode() functions to encode and decode the key and IV before using them in the encryption and decryption functions._Also, ensure that the key and IV are securely generated and stored. If the key or IV is incorrect or compromised, the decryption will fail._Additionally, check if the encryption and decryption algorithms and modes are compatible on both the server and client side. Make sure that the same algorithm and mode are used for both encryption and decryption._If the issue persists, you can try using a different encryption and decryption library or method to see if that resolves the problem.

Rate this post

4 of 5 based on 6400 votes

Comments




© 2024 Hayatsk.info - Personal Blogs Platform. All Rights Reserved.
Create blog  |  Privacy Policy  |  Terms & Conditions  |  Contact Us