I've been extensively using Rijndael 256bit encryption in PHP for my API and would like to use it for my API wrapper that is written in JavaScript as well, but I've been unable to find a solution that gets the same result as in PHP.
By what PHP does I mean the following:
base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,$password,$secretInformation,MCRYPT_MODE_CBC,$iv));
and
base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,$password,$secretInformation,MCRYPT_MODE_EBC));
.. as well as the decryption variants.
I know that the many 256bit AES libraries don't get the same result that PHP does with its Rijndael 256bit encryption, thus I'm wondering if there is a library that is able to do what PHP does in the examples above?
Thanks!
MCRYPT_RIJNDAEL_256 is not AES with a 256 bit key, its basically "AES" with a 256 bit block size( AES normally has a 128 bit block size). Rinjdael had a bunch of options and was standardized into AES by reduces those options to just the 128 or 256 bit key size. As such, must libraries support the standard (AES) and not the prototype.
If you want AES 256 or 128 , which is what almost all libraries actually support, use MCRYPT_RIJNDAEL_128 with a 128 bit or 256 bit key. The difference in block size doesn't really make much of a difference security wise .
Also, using a raw password as a key is a really really bad idea. You get keys from a password by using a password based key derivation function like PBKDF2.