I'm trying to use an appinventor extension that encrypts a text with "AES 128, CBC, and PKCS5 padding". I've tried a lot but I can't decrypt the text on my PHP(7.2.9) Server.
On this site he describes what library he used, but I can't use it in php.
The openssl_decript would decript AES-128-CBC but it can't decrypt a massage that the extension encrypted. The extension encrypts with a password and a salt which is generated from the password within the app.
My PHP-Server code:
(index.php)
<?php
$password = $_POST["pw"];
$salt = $_POST["salt"];
$iv_mac_text = $_POST["text"];
$method = "AES-128-CBC";
$keyLength = 16;
$iterations = 10000;
echo "Iv, mac and text:$iv_mac_text \n --------------- \n";
echo "Salt:$salt \n --------------- \n";
echo "Password:$password \n --------------- \n";
$saltdecoded = base64_decode($salt);
$generated_key = openssl_pbkdf2($password, $saltdecoded, $keyLength, $iterations, 'sha1');
$keyencoded = base64_encode($generated_key);
echo "confidentialityKey:$keyencoded \n --------------- \n";
$exploded = explode(":", $iv_mac_text);
$iv = base64_decode($exploded[0]);
$mac = base64_decode($exploded[1]);
$encryptedtext = base64_decode($exploded[2]);
$decrypted = openssl_decrypt($exploded[2], $method, $keyencoded, OPENSSL_ZERO_PADDING, $iv);
$textlength = strlen($decrypted);
echo "Decrypted text ($textlength chars): $decrypted \n --------------- \n";
?>
The app that I've created to test it:
You can download the apk.
For the Server-address type that in the first textbox(without the space):
(example fill in your own server adress)
http ://your.domain/your/directory/index.php
I have made a PHP Library to decrypt Taifuns and Tiziano1960 (Both work because they are based on the same JAVA Library). You find all informations here.
