This is the function I use in OpenEdge 10.1B to encrypt a string with AES-128 OFB:
DEFINE VAR cRes AS CHAR INITIAL ? NO-UNDO.
DEFINE VAR rKey AS RAW NO-UNDO.
DEFINE VAR rEnc AS RAW NO-UNDO
rKey = GENERATE-PBE-KEY(cEncKey).
eEnc = ENCRYPT(cData, rKey, ?, "AES_OFB_128").
cRes = BASE64-ENCODE(rEnc) NO-ERROR.
IF ERROR-STATUS::ERROR THEN cRes = ?.
return cRes.
This function does encrypt well.
When I want to decrypt this with the following PHP, it fails, e.g. it gives me a different result than the original string.
// decrypted: original string is supposed to have 33 characters
$encrypted = "YnRvNjIG1kj1QtUM9ZYuVYS3D4LBYCEsprjg2QCaD/eM";
$key = "27Zkp6Wq";
$method = 'aes-128-ofb';
# do decryption
echo "<pre>".openssl_decrypt(base64_decode($encrypted), $method, $key, false)."</pre>";
I understand that might have something to do with the GENERATE-PBE-KEY function, but I fail to see how I can generate an PCKS#5 key in PHP.
Can someone please help me?
This was too long for a comment. A few things to look at:
The fourth parameter of openssl_decrypt should be true OR the first parameter should be left base64 encoded. Unless it was double base64 encoded :)
Is the key base64 encoded or is that the raw key?
From the OpenEdge it's not entirely clear whether PBES1 (pbkdf1) or PBES2 (pbkdf2) is applied to the key, but the default settings use sha1 as the hash algorithm, no salt and 1000 as the iteration count. You can find example PHP implementations online.
Having fiddled with your example I couldn't get it to work, but the above should lead you in the right direction; btw, when I tried doing the encoding step in PHP it resulted in a much shorter encrypted string ... I'm not sure what to think of that :)