1

When I execute:

openssl_decrypt(
 base64_decode(file_get_contents('/path/to/file')),
 'aes-256-cbc',
 $key,
 OPENSSL_RAW_DATA,
 $iv
);

OpenSSL decrypts my file perfectly. However, when I execute:

shell_exec('openssl enc -aes-256-cbc -base64 -d -A -p -K ' . $key . ' -iv ' . $iv . ' -in /path/to/file -out /path/to/dest');

The destination file is not created.

Does anyone know what could be wrong? My client wants to be able to upload large files up to 2GB, and loading that much data into a PHP variable seems like an exceedingly bad idea.

Edit:

With bin2hex i get a seemingly sane command of:

openssl enc -aes-256-cbc -base64 -d -A -p -K 64343438343165333635663434663262633036636235656462383238356239303763373365353633 -iv abdd099c7bac8b514089d8c901c8395c -in /usr/www/vault/new/d71fd708181573c5f92c8f500ddcb399/787 -out /tmp/decrypted/57574484b684c

But with pack I get:

openssl enc -aes-256-cbc -base64 -d -A -p -K M�>VO���[ދ�� �7^6 -iv ⬧⬧⬧⬧⬧⬧⬧ -in /usr/www/vault/new/d71fd708181573c5f92c8f500ddcb399/787 -out /tmp/decrypted57574484b684c
jww
104k107 gold badges454 silver badges975 bronze badges
asked Jun 7, 2016 at 20:14
4
  • Does your web user have permissions to run that file? Commented Jun 7, 2016 at 20:17
  • Yes, permissions are correct because the php openssl_decrypt command will decrypt the file perfectly with the same input parameters. Commented Jun 7, 2016 at 20:18
  • 1
    $key and $iv must be hex encoded for the command. Commented Jun 7, 2016 at 20:21
  • This question is not about how to execute shell commands in php, it's about openssl no decrypting files properly. Commented Jun 10, 2016 at 14:07

1 Answer 1

3

Maybe you need to encode your parameters so the shell can actually execute the command:

shell_exec('openssl enc -aes-256-cbc -base64 -d -A -p -K '
 . escapeshellarg($key) . ' -iv ' . escapeshellarg($iv)
 . ' -in /path/to/file -out /path/to/dest');

The same can be true for your file names if they contain e.g. spaces.

Edit: Actually Artjom B. is right: openssl says: -K/-iv key/iv in hex is the next argument. So you need to hex-encode it:

shell_exec('openssl enc -aes-256-cbc -base64 -d -A -p -K '
 . bin2hex($key) . ' -iv ' . bin2hex($iv)
 . ' -in /path/to/file -out /path/to/dest');
answered Jun 7, 2016 at 20:34
Sign up to request clarification or add additional context in comments.

2 Comments

Yeah, I've tried hex encoding my key and iv to hex and it still doesn't output anything. I'm going to keep looking at it.
bin2hex encodes with "highest nibble first" which is network byte order. You can try to encode it with "lowest nibble first"/little endian, which is the byte order of a normal intel based PC, using pack: pack("h*", $key)

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.