Use PHP to get the same AES-128-CBC encryption as java does

3
votes

I know there are quite a lot of discuss around stackoverflow about PHP Java AES CBC encryption, but none of them solve my problem

here is java function:

public static String encrypt(String input, String key){
    byte[] crypted = null;

    SecretKeySpec skey = new SecretKeySpec(getHash("MD5", key), "AES");
    IvParameterSpec iv = new IvParameterSpec(new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 });
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, skey, iv);
    crypted = cipher.doFinal(input.getBytes());
    return new String(Base64.encodeBase64(crypted));
}

 private static byte[] getHash(String algorithm, String text) {
    try {
        byte[] bytes = text.getBytes("UTF-8");
        final MessageDigest digest = MessageDigest.getInstance(algorithm);
        digest.update(bytes);
        return digest.digest();
    } catch (final Exception ex) {
        throw new RuntimeException(ex.getMessage());
    }
}

Here is what I've done in PHP

public static function encrypt($input, $key) {

    $key = hash('md5', $key, true);
    $iv = '0000000000000000';
    return openssl_encrypt($input, 'aes-128-cbc', $key, 0, $iv);
}

Let's see the result

key:"790757e76c8942f995675b247aa57c2a"
input:"1234"

result in java:UfczMtIAm8ewSuIGRdPTDQ==
result in PHP:wd/OTHoIXwgHGDHcj8OTgg==

In php, I also have use other method, such as mcrypt_encrypt, mcrypt_generic with pkcs5 padding (see code blow), all of them could get the same encryption as openssl_encrypt did, but still not the same as Java function result 

public static function encrypt($input, $key) {

    $key = hash('md5', $key, true);


    $iv = '0000000000000000';

    $size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
    $input = Security::pkcs5_pad($input, $size);


    $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $input, MCRYPT_MODE_CBC, $iv);

    // output wd/OTHoIXwgHGDHcj8OTgg==
    echo base64_encode($encrypted);

    $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');

    mcrypt_generic_init($td, $key, $iv);
    $data = mcrypt_generic($td, $input);
    mcrypt_generic_deinit($td);
    mcrypt_module_close($td);
    $data = base64_encode($data);

    // output wd/OTHoIXwgHGDHcj8OTgg==
    echo $data;
}

private static function pkcs5_pad ($text, $blocksize) {
    $pad = $blocksize - (strlen($text) % $blocksize);
    return $text . str_repeat(chr($pad), $pad);
}

Another strange thing I have notice, if I change cipher method from CBC to ECB, both java and php encryption would be the same, but sadly for access 3rd party API, I have to use CBC

1
phpencryptionaes
How do you ensure they have same padding?user2797321
@Rahul I use PKCS#5Tim Sims

1 Answers

2
votes

finally figure it out

$iv = '0000000000000000';

should replace it with

$iv = str_repeat(chr(0), 16);

I copy it from somewhere else and thought '0000000000000000' is equal to IvParameterSpec(new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }), and that was TOTALLY wrong..