3

Previously, I had a working system to encrypt data in PHP and decrypt it using JAVA. This is the PHP code:

function encrypt($message, $initialVector, $secretKey) {
return base64_encode(
 mcrypt_encrypt(
 MCRYPT_RIJNDAEL_128,
 md5($secretKey),
 $message,
 MCRYPT_MODE_CFB,
 $initialVector
 )
 );
}
function decrypt($message, $initialVector, $secretKey) {
 $decoded = base64_decode($message);
 return mcrypt_decrypt(
 MCRYPT_RIJNDAEL_128,
 md5($secretKey),
 $decoded,
 MCRYPT_MODE_CFB,
 $initialVector
 );
}

and the java code

 public String decrypt(String encryptedData, String initialVectorString, String secretKey) {
 String decryptedData = null;
 try {
 SecretKeySpec skeySpec = new SecretKeySpec(md5(secretKey).getBytes(), "AES");
 IvParameterSpec initialVector = new IvParameterSpec(initialVectorString.getBytes());
 Cipher cipher = Cipher.getInstance("AES/CFB8/NoPadding");
 cipher.init(Cipher.DECRYPT_MODE, skeySpec, initialVector);
 byte[] encryptedByteArray = (new org.apache.commons.codec.binary.Base64()).decode(encryptedData.getBytes());
 byte[] decryptedByteArray = cipher.doFinal(encryptedByteArray);
 decryptedData = new String(decryptedByteArray, "UTF8");
 } catch (Exception e) {
 e.printStackTrace();
 }
 return decryptedData;
}

However, I've recently switched from PHP 5.x to 7.1 and now get the following message:

"Function mcrypt_encrypt() is deprecated"

So it seems mcrypt isn't such a good choice anymore. I've googled a lot but most examples still use mcrypt. The only other good options refer to tools like RNCryptor or defuse but don't come with any working examples. Are there some simple working examples out there that work for PHP and JAVA? I need to be able to decrypt the data to its original form since I need to perform certain tasks with it.

Thanks in advance

asked Jul 14, 2017 at 20:01
3
  • so you have two decrypt functions? what for? Commented Jul 14, 2017 at 20:14
  • @Oliver As OP explains, one is PHP and one is Java Commented Jul 14, 2017 at 20:26
  • MD5 is not a secure key derivation function, the NIST recommendation is PBKDF2 sometimes known as Rfc2898DeriveBytes. The derivation function should use about 100ms of CPU time to be secure. Commented Jul 14, 2017 at 21:08

2 Answers 2

2

This looks like the code from this link: http://php.net/manual/de/function.mcrypt-encrypt.php#119395. But anyway, I think it should be replaced by openssl_encrypt().

This is a port of your functions (without md5 of course).

<?php
function encrypt_new($data, $iv, $key, $method)
{
 return base64_encode(openssl_encrypt($data, $method, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv));
}
function decrypt_new($data, $iv, $key, $method)
{
 return openssl_decrypt(base64_decode($data), $method, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv);
}
$data = "plain text";
$method = 'AES-128-CFB8'; // AES/CFB8/NoPadding
$ivSize = openssl_cipher_iv_length($method);
$iv = openssl_random_pseudo_bytes($ivSize);
$password = 'default-secret-salt';
$key = password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]);
$encrypted = encrypt_new($data, $iv, $key, $method);
echo $encrypted. "\n";
$decrypted = decrypt_new($encrypted, $iv, $key, $method);
echo $decrypted. "\n"; // plain text
answered Jul 14, 2017 at 20:40
Sign up to request clarification or add additional context in comments.

6 Comments

The other problem is the IV, it is random for each encryption which is good but how will it be shared between the encryption and decryption functions. One good way is to generate the random IV in the encryption code and prefix the encrypted data with is, that way the decryption function will have the IV available.
@zaph The password hash could also be generated with 1. $key = password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]); or 2. $key = hash_pbkdf2("sha256", $password, $iv, $iterations = 1000, 20); What would be better and more secure? The IV could be concatenated as prefix, true.
Yes, password_hash is fine. The key is to use ~100ms of CPU time if at all possible. So either method is good.
@zaph Ok thanks! I just fixed the code in the answer.
Thanks for the code, it works in my PHP project. I am now trying to find some Java code that is able to decrypt the data.
|
0

Have you considered moving from mcrypt_encrypt to openssl_encrypt. Keep in mind that openssl will not output the same crypttext given the same plaintext and key.

Also, it is a good idea to remove md5 as it is very fast and easy to brute force.

answered Jul 14, 2017 at 20:14

4 Comments

Please elaborate on "openssl will not output the same crypttext given the same plaintext and key".
Sorry, that was not an explanation, it is just a made-up statement. The question is why are they different if both use the same encryption algorithm, mode and if applicable IV? Hint, the answer is in what I omitted in the preceding. Also agreed that MD5 should not be used for key derivation but that begs the question of what should be used.
@The kicker of course is that mcrypt only supports non-standard null padding, that is why I hedged and asked.
You are correct. Comment has been deleted to avoid misleading information.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.