Search code examples
c#phprijndael

Php Decrypt a String from C# .NET RIJNDAEL 256


Fixed it.

$data = base64_decode(str_replace(' ', '+', $_GET['data']));

for whatever reason, Php was converting the +'s from the GET variablesinto spaces

--

I am trying to decrypt a string that is being decrypted in C#.NET.

The results of the code vary, There were several occasions where the final string had some parts decrypted, and the rest of it was random characters.

Most of the time the "decrypted" string is just all random characters, I also tried some Php functions to remove PKCS7 padding but none of them fixed the problem.

I've looked at several similar questions on the site but none of them were of help.

C#

// called as Response.Redirect(url + encryptParams(param));

private string encryptData(string data)
{
    Rijndael aes = Rijndael.Create();
    aes.KeySize = 256;
    aes.BlockSize = 256;
    aes.Mode = CipherMode.CBC;
    aes.Padding = PaddingMode.PKCS7;
    aes.Key = Convert.FromBase64String("b0dJN2c6cklVUX1qUGlFfGMweXRKbH5fSEMuXjAgfQo=");

    ICryptoTransform crypto = aes.CreateEncryptor(aes.Key, aes.IV);
    byte[] txt = ASCIIEncoding.UTF8.GetBytes(data);          
    byte[] cipherText = crypto.TransformFinalBlock(txt, 0, txt.Length);

    return "&data=" + Convert.ToBase64String(cipherText) + "&iv=" + Convert.ToBase64String(aes.IV);
}

Php:

   $data = base64_decode($_GET['data']);
   $iv = base64_decode($_GET['iv']);

   echo "<br /><b>IV</b>: " . $_GET['iv'] .
       "<br /><b>Encrypted String</b>: <br /><textarea>".$_GET['data']."</textarea>" .
       "<br /><b>key size:</b> " . mcrypt_get_key_size ( MCRYPT_RIJNDAEL_256,  MCRYPT_MODE_CBC) .
       "<br /><b>block size:</b> " . mcrypt_get_block_size ( MCRYPT_RIJNDAEL_256,  MCRYPT_MODE_CBC) .
       "<br /><b>cipher:</b> " . mcrypt_get_cipher_name ( MCRYPT_RIJNDAEL_256 ) .
       "<br /><b>iv size:</b> " .  mcrypt_get_iv_size  ( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC) . "<br />"; 

   echo "Result: " . 
      mcrypt_decrypt
      (
          MCRYPT_RIJNDAEL_256,
          base64_decode("b0dJN2c6cklVUX1qUGlFfGMweXRKbH5fSEMuXjAgfQo="),
          $data,
          MCRYPT_MODE_CBC,
          $iv
       );

Php output:

IV: WzsMlG39tfCGuX2EQM3vq8CoqGA xC0nW jICls8Cno=
key: b0dJN2c6cklVUX1qUGlFfGMweXRKbH5fSEMuXjAgfQo=

Encrypted String: oLxa21fxfQGg0EJ5rwMjEzMblvcaTq0AInDAsD88wAkNeLqOdon0ukLjz49Hpp36KPTKcTGkj1f7EPYPAAbuADnr3Ff0zpptZkx2d22VRbHrMgj QLF9vDxQRT3er3UAXsAfKKTyW8qeSIgrzACFLX3yoro/bzWic rt7ED7y0jZ7a1Hci3GMz/4KhwaftarbV QQWStJlSOqdxAdmtRRe84Vi3085S6um51bNrh5QzGRH PcpucfqaTb3junfO9g67j2JUQaM/Tj1EGnv6oX3wATR/LuWyhnhrCH86u10I=

key size: 32
block size: 32
cipher: Rijndael-256
iv size: 32
Result: /ci�����^/�c�g�������s��c�(��

Original String (JSON): {"user":"jsmith","firstName":"John","lastName":"Smith","phone":"12223334444.5555","email":"[email protected]","address":"123 Some Street","address2":"apt 456","city":"Some City","state":"LA","zip":"55555"}


Solution

  • Fixed it by using the following code.

    $data = base64_decode(str_replace(' ', '+', $_GET['data']));
    

    For whatever reason, PHP was converting the +'s from the GET variablesinto spaces.