Since Mcrypt is deprecated, I want to use OpenSSL instead in my code since we already using php 7.0.17 in our server and there's no tell when they upgrade it.
Some third party API (hosted on PHP 5.x probably and using mcrypt), is taking encrypted data. They've provided methods which they are using to encrypt/decrypt strings.
Here are they
$secret = 'a0a7e7997b6d5fcd55f4b5c32611b87c' ;
public function encrypt128($str)
{
$block = mcrypt_get_block_size("rijndael_128", "ecb");
$pad = $block - (strlen($str) % $block);
$str .= str_repeat(chr($pad), $pad);
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $secret, $str, MCRYPT_MODE_ECB));
}
public function decrypt128($str)
{
$str = base64_decode($str);
$str = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $secret, $str, MCRYPT_MODE_ECB);
$len = strlen($str);
$pad = ord($str[$len - 1]);
return substr($str, 0, strlen($str) - $pad);
}
using these methods string small1
if encrypted becomes v7IXp5vVaFVXXlt/MN8BVw==
We want to use openssl_encrypt
in our side such that if we encrypt same string with OpenSSL it must give same results as Mcrypt. I've researched that mcrypt using rijndael-128 Mode ecb should be compatible with OpenSSL aes-128-ecb
.
For last few hours, I've been trying to make my own method to encrypt strings serving same result by using OpenSSL. So far I've come to this
public function sslEncrypt128($str)
{
$secret = 'a0a7e7997b6d5fcd55f4b5c32611b87c';
return base64_encode(openssl_encrypt($str, 'aes-128-ecb', $secret, OPENSSL_RAW_DATA));
}
But it produces different string SxJ3+EdaeItZx3/EwGTUbw==
for same as above input. I don't know if it is flag's problem or padding's, any pointers will be welcome.
I've added the code here to test online https://3v4l.org/v2J2N
Thanks in advance.
aes-128-ecb
toaes-256-ecb
. – Michael ButlerMCRYPT_RIJNDAEL_128
withMCRYPT_MODE_ECB
mode is same as open sslaes-256-ecb
. You can Post your finding as Answer and I will accept it. – Jamshad Ahmad