Search code examples
pythonphpencryptionaespycryptodome

Why are AES-256-CBC results in PHP and Python different when using the same keys and data?

I'm trying to encrypt the same string in PHP and Python using AES-256-CBC with the same keys and IVs. However, the results of both languages ​​are different, even though I am using the same encryption method and the same data.

In PHP, I am using openssl_encrypt, while in Python I am using pycryptodome with PKCS7 padding. Below are the two code snippets I'm using, and the results I'm getting.

Here is my PHP code:

<?php
$plaintextstr = 'AAAAAAAAAAAAAAAA';
$encrypt_method = "AES-256-CBC";
$secret_key = "SSSSSSSSSSSS";
$secret_iv = "LLLLLLLLLLLL";
$key = substr(hash('sha256', $secret_key), 0, 32);
$iv = substr(hash('sha256', $secret_iv), 0, 16);
$encrypted_str = openssl_encrypt($plaintextstr, $encrypt_method, $key, 0, $iv);
echo base64_encode($encrypted_str);
?>

Here is my Python code:

from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from hashlib import sha256
import base64

plaintextstr = 'AAAAAAAAAAAAAAAA'
secret_key = "SSSSSSSSSSSS"
secret_iv = "LLLLLLLLLLLL"

# Generar key y iv
key = sha256(secret_key.encode('utf-8')).digest()[:32]
iv = sha256(secret_iv.encode('utf-8')).digest()[:16]

# Padding
padded_data = pad(plaintextstr.encode('utf-8'), AES.block_size)

# Crear el cifrador
cipher = AES.new(key, AES.MODE_CBC, iv)
encrypted = cipher.encrypt(padded_data)

# Convertir a base64
encrypted_base64 = base64.b64encode(encrypted).decode('utf-8')
print(encrypted_base64)

I have verified the following:

  • The keys and the IV in both languages ​​are generated in the same way using SHA-256.
  • I am using CBC mode and applying PKCS7 padding in both languages.
  • Both results are Base64 encoded.

Despite these steps, the results remain different. I'm not sure why this happens.

Solution

  • The php hash function returns a hexadecimal representation of the bytes, so cutting 16 characters of that with substr leads to "20139ebeee312271" for your IV (similar result for key). These are not true bytes, they're characters in the range [0-9a-f]. This is not what you intend to do.

    The Python sha256 .digest() function returns a byte string, not a hexadecimal represntation. Cutting 16 characters of that leads to 16 true bytes from the hash. This is probably what you intend to do.

    The results are different because you're encrypting with different keys and initialization vectors.

    From the documentation, PHP hash can take a third parameter, binary, which defaults to false:

     hash(
    string $algo,
    string $data,
    bool $binary = false,
    array $options = []
): string

    binary When set to true, outputs raw binary data. false outputs lowercase hexits.

    Changing the PHP code to:

    <?php

$plaintextstr = 'AAAAAAAAAAAAAAAA';
$encrypt_method = "AES-256-CBC";
$secret_key = "SSSSSSSSSSSS";
$secret_iv = "LLLLLLLLLLLL";
$key = substr(hash('sha256', $secret_key, true), 0, 32);
$iv = substr(hash('sha256', $secret_iv, true), 0, 16);
$encrypted_str = openssl_encrypt($plaintextstr, $encrypt_method, $key, 0, $iv);
echo $encrypted_str;
// Result: V7zSp9KHPke9QuPbWoUNvjCHVJ7giluD9YaOnX9E57k=

    yields the same result as the python code.