Blowfish decryption / Action Script 3 (AS3Crypto)

2
votes

I have tried using Blowfish (CBC) technique for encrypting / decrypting a text from PHP to Flash. After hours of investigation and research, I got to know that AS3Crypto could be used for decryption of Blowfish (CBC Mode). In a simple example, I'm using Mcrypt (A Library for PHP) to encrypt the text:

const CYPHER = 'blowfish';
const MODE   = 'cbc';
const KEY    = '12345';
    public function encrypt($plaintext)
{
    $td = mcrypt_module_open(self::CYPHER, '', self::MODE, '');
    $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
    mcrypt_generic_init($td, self::KEY, $iv);
    $crypttext = mcrypt_generic($td, $plaintext);
    mcrypt_generic_deinit($td);
    return $iv.$crypttext;
}

Then, I can transfer the output by encoding it using Base64. So for example, if we have the original text as (without quotations) "stackoverflow" and the key as "123456", the output will be (base64):

MUXl8mBS9OsvxTbLAiCrAMp851L8vVD0

Till now there is no problem. Now when I shift this encoded text to flash, I can get it without any problem. You can try going to http://crypto.hurlant.com/demo/CryptoDemo.swf and then select "Secret Key" tab, and choose encryption as "Blowfish", mode as "CBC", Padding as "none" and tick the "Prepend IV to cipher text" option. After that, you can successfully decrypt the text above, using the key, and get the "stackoverflow" text again.

So, till now I know that its possible to convert from Mcrypt to AS3Crypt, and then I tried to use AS3Crypto library in flash (You can get it from: http://code.google.com/p/as3crypto/).

I made a new actionscript file which has the following content to test whether or not the encryptions would be the same (I couldn't figure out how to decrypt it because of the main problem):

package
{
    import com.hurlant.crypto.Crypto;
    import com.hurlant.util.Hex;    
    import com.hurlant.crypto.hash.HMAC;
    import com.hurlant.crypto.hash.IHash;
    import com.hurlant.crypto.hash.MD5;
    import com.hurlant.crypto.hash.SHA1;
    import com.hurlant.crypto.hash.SHA224;
    import com.hurlant.crypto.hash.SHA256;
    import com.hurlant.crypto.prng.ARC4;
    import com.hurlant.crypto.symmetric.AESKey;
    import com.hurlant.crypto.symmetric.BlowFishKey;
    import com.hurlant.crypto.symmetric.CBCMode;
    import com.hurlant.crypto.symmetric.CFB8Mode;
    import com.hurlant.crypto.symmetric.CFBMode;
    import com.hurlant.crypto.symmetric.CTRMode;
    import com.hurlant.crypto.symmetric.DESKey;
    import com.hurlant.crypto.symmetric.ECBMode;
    import com.hurlant.crypto.symmetric.ICipher;
    import com.hurlant.crypto.symmetric.IMode;
    import com.hurlant.crypto.symmetric.IPad;
    import com.hurlant.crypto.symmetric.ISymmetricKey;
    import com.hurlant.crypto.symmetric.IVMode;
    import com.hurlant.crypto.symmetric.NullPad;
    import com.hurlant.crypto.symmetric.OFBMode;
    import com.hurlant.crypto.symmetric.PKCS5;
    import com.hurlant.crypto.symmetric.SimpleIVMode;
    import com.hurlant.crypto.symmetric.TripleDESKey;
    import com.hurlant.crypto.symmetric.XTeaKey;
    import flash.utils.ByteArray;
    import com.hurlant.crypto.rsa.RSAKey;
    import com.hurlant.util.Base64;

 public class BlowFish
 {
 /**
 * Encrypts a string.
 * @param text  The text string to encrypt.
 * @param key  A cipher key to encrypt the text with.
 */


 /**
 * Decrypts an encrypted string.
 * @param text  The text string to decrypt.
 * @param key  The key used while originally encrypting the text.
 */
  static public function encrypt( s :String, k :String ) :String 
 {

    var key  :ByteArray = Hex.toArray(k);
            var data :ByteArray = Hex.toArray(Hex.fromString(s));

            var pad    :IPad = new NullPad();
            var cipher :ICipher = Crypto.getCipher("blowfish-cbc", key, pad);

            pad.setBlockSize(cipher.getBlockSize());
            cipher.encrypt(data);

            var result :String = Hex.fromArray(data);

            var ivmode :IVMode = cipher as IVMode;
            var iv     :String = Hex.fromArray(ivmode.IV);

            return  Base64.encodeByteArray(Hex.toArray(Hex.fromArray(ivmode.IV) + Hex.fromArray(data)));

 }

 }
}

And I've used the following code to get out the result:

import BlowFish;
var $key:String = "123456";
var $encryption:String = BlowFish.encrypt("stackoverflow", $key);

trace( $encryption );

The problem is that I couldn't match the following outputs together. I don't have any idea about actionscript, so you will obviously find a lot of mistakes in it.

I will be really appreciated about any explanation and solution with an example to figure out how to successfully decrypt the encrypted text in flash using AS3Crypto.

Thank you.

1
phpflashencryptionblowfishas3crypto
You should encode all binary data, not just the plain text, but also the key. The key should be a blowfish compatible sized string of octets, not some generic text string of variable length, of which the encoding is not known.Maarten Bodewes
You seem to use plain text one time and hexadecimals the other.Maarten Bodewes
@owlstead I have no problem so far with the PHP side of the problem, and in that, I just get the output as base64, so how can I get this base64 encoded text to be decoded in flash?Divisible
A quick google turned up this: help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/mx/… ? But I'm more into crypto than into flash...Maarten Bodewes
@owlstead I know how to encode/decode base64 in flash, but I just use base64 as a way to protect the real data while transferring.Divisible

1 Answers

2
votes

hope this is helpful:

public static function encryptString(encString : String = "") : String
{
    var kdata : ByteArray = Hex.toArray(Hex.fromString(k))
    var _method : String  = "simple-blowfish-ecb";
    var pad : IPad        = new NullPad;
    var crypt : ICipher   = Crypto.getCipher(_method, kdata, pad);
    var data : ByteArray  = Hex.toArray(Hex.fromString(encString));
    pad.setBlockSize(crypt.getBlockSize());
    crypt.encrypt(data);
    encString = Base64.encodeByteArray(data);
    return encString;
}