abiusx / aes-ctr-256.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
| function bin2text ( $ binary ) |
| return implode(» «, str_split(bin2hex( $ binary ), 32 )); |
| > |
| function aes_256_ctr ( $ data , $ key , $ iv , & $ counter = 0 ) |
| assert(strlen( $ data )% 32 == 0 ); |
| assert(strlen( $ iv ) == 16 ); |
| assert(strlen( $ key ) == 32 ); |
| $ res = «»; |
| $ chunks = str_split( $ data , 32 ); //256 bit blocks |
| foreach ( $ chunks as $ chunk ) |
| // Construct 256 bit $nonce_with_counter |
| $ nonce_with_counter = «»; |
| for ( $ j = 0 ; $ j < 2 ;++ $ j ) |
| $ nonce = $ iv ; |
| $ add = $ counter ; |
| // adding counter to nonce |
| for ( $ i = 15 ; $ i >= 0 and $ add ; — $ i ) |
| if (ord( $ nonce [ $ i ]) + $ add >= 256 ) |
| $ t = (ord( $ nonce [ $ i ]) + $ add ); |
| $ nonce [ $ i ] = chr( $ t % 256 ); |
| $ add = ( int )( $ t / 256 ); |
| > |
| else |
| $ nonce [ $ i ] = chr( ord( $ nonce [ $ i ]) + $ add ); |
| $ add = 0 ; |
| > |
| > |
| $ counter ++; |
| $ nonce_with_counter .= $ nonce ; |
| > |
| $ ecb = openssl_encrypt( $ nonce_with_counter , ‘aes-256-ecb’ , $ key , OPENSSL_RAW_DATA | OPENSSL_NO_PADDING ); |
| $ res .= ( $ ecb ^ $ chunk ); |
| > |
| return $ res ; |
| > |
| // Testing: |
| $ data = ‘A000000000000000000000000000000000000000000000000000000000000000’ |
| . ‘0000000000000000000000000000000000000000000000000000000000000000’ |
| ; |
| $ data =hex2bin( $ data ); |
| $ data = random_bytes( 32 * 100 ); |
| $ iv = ‘A000000000000000000000000000000A’ ; // 16 bytes |
| $ iv = hex2bin( $ iv ); |
| $ iv = random_bytes( 16 ); |
| $ key = ‘A000000000000000000000000000000000F00000000000000000000000000000’ ; //32 bytes |
| $ key = hex2bin( $ key ); |
| $ key = random_bytes( 32 ); |
| $ ctr = openssl_encrypt( $ data , ‘aes-256-ctr’ , $ key , OPENSSL_RAW_DATA | OPENSSL_NO_PADDING , $ iv ); |
| $ custom_ctr = aes_256_ctr( $ data , $ key , $ iv , $ counter ); |
| echo bin2text( $ custom_ctr ), PHP_EOL ; |
| echo » Should be: \n»; |
| echo bin2text( $ ctr ), PHP_EOL ; |
| var_dump( $ custom_ctr == $ ctr ); |
Solution : 1 :
After some discussion, I’ve come up with a solution. Below is the working decryption procedure:
- Store the encrypted base64 text in a file input.txt
- Open input.txt and make new line for every 64 characters and also make new line at the end (you can also using program to add ‘n’ for every 64 characters).
- Store the hexadecimal aes key in a file called aes_key.txt.
- Use a program (e.g., python) to open the aes_key.txt in uft-8 bytes and encoded it using hexadecimal encoding.
with open('aes_key.txt', 'r') as f: aes_key = f.read().encode('utf-8') import binascii hex_encoded_hex_aes_key = binascii.hexlify(aes_key).decode('utf-8') with open('hex_encoded_hex_aes_key.txt', 'w') as f: f.write(hex_encoded_hex_aes_key) openssl aes-256-ecb -d -base64 -K -in input.txt -out recover.json Problem :
I want to decrypt an AES encrypted json file using Linux pre-installed openssl command line tool, but I cannot figure out how to setup the correct flag of the openssl of Linux. The encryption code is provided by another party, so it cannot be changed. Because my environment does not support PHP, so I have to implement a Linux-version. Does anyone know how to solve the problem?
Below is the detail description of the encryption provided by another party and decryption process I implemented.
encryption process
function openssl_encrypt_data($data, $cipher_algo, $key, $options = OPENSSL_RAW_DATA , $iv = NULL) < try < $encryptstr = base64_encode(openssl_encrypt($data, $cipher_algo, $key, $options, $iv)); return $encryptstr; >catch (Exception $e) < >> $aes_key = "b4396c8cd9b16b0d86604d6d3787bc12fe2af4c6401c23ec35db84d8392565b9190c0db1543e7be967240348d6d86d037e34042476509c786aa78dce706a620c"; // This is a super large json file. $original_data = '< "item": [ < "submitId": "AG113560102", "submitDate": "2022-05-09 15:56:10", "age": "1", "workType": "12", "workTitle": "5", . "agreeSales": true, "agreeScrivener": true>]>' echo openssl_encrypt_data($original_data, "aes-256-ecb", $aes_key); The script produces the following Base64 string:
decryption process
openssl aes-256-ecb -d -K b4396c8cd9b16b0d86604d6d3787bc12fe2af4c6401c23ec35db84d8392565b9190c0db1543e7be967240348d6d86d037e34042476509c786aa78dce706a620c -in input.txt -out recover.json The script, unfortunately, produces the following error:
hex string is too long, ignoring excess
bad decrypt
140157171651584:error:0606506D:digital envelope routines: EVP_DecryptFinal_ex:wrong final block length: crypto/evp/evp_enc.c:599:
I also tried the -nopad flag on the script:
openssl aes-256-ecb -nopad -d -K b4396c8cd9b16b0d86604d6d3787bc12fe2af4c6401c23ec35db84d8392565b9190c0db1543e7be967240348d6d86d037e34042476509c786aa78dce706a620c -in input.txt -out recover.json The script ran successfully without raising error, but the recover.json file created cannot be load succesfully:
recover.json is not UTF-8 encoded
I altered the flag to the -base64 flag, but it doesn’t work, too.
openssl aes-256-ecb -d -base64 -K b4396c8cd9b16b0d86604d6d3787bc12fe2af4c6401c23ec35db84d8392565b9190c0db1543e7be967240348d6d86d037e34042476509c786aa78dce706a620c -in input.txt -out recover.json hex string is too long, ignoring excess
bad decrypt
140157171651584:error:0606506D:digital envelope routines: EVP_DecryptFinal_ex:bad decrypt: crypto/evp/evp_enc.c:599:
None of the above script work. Does anyone know what is going on here?
READ [ANSWERED] php — How to get different outcomes of two variables being different percentage to eachother
Problem :
I want to decrypt an AES encrypted json file using Linux pre-installed openssl command line tool, but I cannot figure out how to setup the correct flag of the openssl of Linux. The encryption code is provided by another party, so it cannot be changed. Because my environment does not support PHP, so I have to implement a Linux-version. Does anyone know how to solve the problem?
Below is the detail description of the encryption provided by another party and decryption process I implemented.
encryption process
function openssl_encrypt_data($data, $cipher_algo, $key, $options = OPENSSL_RAW_DATA , $iv = NULL) < try < $encryptstr = base64_encode(openssl_encrypt($data, $cipher_algo, $key, $options, $iv)); return $encryptstr; >catch (Exception $e) < >> $aes_key = "b4396c8cd9b16b0d86604d6d3787bc12fe2af4c6401c23ec35db84d8392565b9190c0db1543e7be967240348d6d86d037e34042476509c786aa78dce706a620c"; // This is a super large json file. $original_data = '< "item": [ < "submitId": "AG113560102", "submitDate": "2022-05-09 15:56:10", "age": "1", "workType": "12", "workTitle": "5", . "agreeSales": true, "agreeScrivener": true>]>' echo openssl_encrypt_data($original_data, "aes-256-ecb", $aes_key); The script produces the following Base64 string:
decryption process
openssl aes-256-ecb -d -K b4396c8cd9b16b0d86604d6d3787bc12fe2af4c6401c23ec35db84d8392565b9190c0db1543e7be967240348d6d86d037e34042476509c786aa78dce706a620c -in input.txt -out recover.json The script, unfortunately, produces the following error:
hex string is too long, ignoring excess
bad decrypt
140157171651584:error:0606506D:digital envelope routines: EVP_DecryptFinal_ex:wrong final block length: crypto/evp/evp_enc.c:599:
I also tried the -nopad flag on the script:
openssl aes-256-ecb -nopad -d -K b4396c8cd9b16b0d86604d6d3787bc12fe2af4c6401c23ec35db84d8392565b9190c0db1543e7be967240348d6d86d037e34042476509c786aa78dce706a620c -in input.txt -out recover.json The script ran successfully without raising error, but the recover.json file created cannot be load succesfully:
recover.json is not UTF-8 encoded
I altered the flag to the -base64 flag, but it doesn’t work, too.
openssl aes-256-ecb -d -base64 -K b4396c8cd9b16b0d86604d6d3787bc12fe2af4c6401c23ec35db84d8392565b9190c0db1543e7be967240348d6d86d037e34042476509c786aa78dce706a620c -in input.txt -out recover.json hex string is too long, ignoring excess
bad decrypt
140157171651584:error:0606506D:digital envelope routines: EVP_DecryptFinal_ex:bad decrypt: crypto/evp/evp_enc.c:599:
None of the above script work. Does anyone know what is going on here?
Encrypt / decrypt with AES256 in PHP and Java
thank you for your hard work! I’m Ishiguro from GMO Research!
By the way, I think that you may suddenly be urged to encrypt with AES. For those of you, this time we will write encryption / composite code in a total of three ways: Java and PHP, PHP is OpenSSL and Mcrypt. It is implemented with AES256 algorithm, ECB mode, PKCS5 padding.
version
By default, Java can only handle AES key lengths of 128 bits. In order to handle 256bit keys, it is necessary to replace the Java policy file.
For details, refer to articles such as Making AES256 available in Java.
aes01.java
import javax.crypto.Cipher; import javax.crypto.spec.SecretKeySpec; import javax.xml.bind.DatatypeConverter; public class aes01 < public static void main(String[] args) < try < byte[] key = DatatypeConverter.parseBase64Binary( "Base64 encoded string of keys"); SecretKeySpec sks = new SecretKeySpec(key, "AES"); byte[] input = "The string you want to encrypt".getBytes(); //encryption Cipher c = Cipher.getInstance("AES/ECB/PKCS5Padding"); c.init(Cipher.ENCRYPT_MODE, sks); byte encrypted[] = c.doFinal(input); System.out.println(DatatypeConverter.printBase64Binary(encrypted)); //Decryption c.init(Cipher.DECRYPT_MODE, sks); byte decrypted[] = c.doFinal(encrypted); System.out.println(new String(decrypted)); >catch (Exception e) < e.printStackTrace(); >> > Encryption with PHP 5.3 or later is done with OpenSSL.
aes01.php
PHP (Mcrypt) * Not recommended
Encryption in a deprecated way. Do not use it except when necessary. Or rather, it’s too annoying.
aes02.php
encrypt($input)); echo $encrypted; //Decryption $decrypted = $crypt->decrypt(base64_decode($encrypted)); echo $decrypted; class Crypt < private $__encrypt_key = null; public $iv = null; public function __construct($encrypt_key) < $this->__encrypt_key = $encrypt_key; > public function encrypt($input, $algo = MCRYPT_RIJNDAEL_128, $mode = MCRYPT_MODE_ECB) < list($size, $td) = $this->__open($algo, $mode); $input = $this->__pkcs5Pad($input, $size); $data = mcrypt_generic($td, $input); $this->__close($td); return $data; > public function decrypt($input, $algo = MCRYPT_RIJNDAEL_128, $mode = MCRYPT_MODE_ECB) < list ($size, $td) = $this->__open($algo, $mode); $input = mdecrypt_generic($td, $input); $data = $this->__pkcs5Unpad($input); $this->__close($td); return $data; > private function __open($algo, $mode) < $size = mcrypt_get_block_size($algo, $mode); $td = mcrypt_module_open($algo, '', $mode, ''); $this->iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); mcrypt_generic_init($td, $this->__encrypt_key, $this->iv); return array($size, $td); > private function __close($td) < mcrypt_generic_deinit($td); mcrypt_module_close($td); >public static function __pkcs5Pad($text, $blocksize) < $pad = $blocksize - (strlen($text) % $blocksize); return $text . str_repeat(chr($pad), $pad); >public static function __pkcs5Unpad($text) < $pad = ord($text); if ($pad > strlen($text)) return false; if (strspn($text, chr($pad), strlen($text) - $pad) !== $pad) return false; return substr($text, 0, -1 * $pad); > > MCRYPT_RIJNDAEL_128 seems to be equivalent to AES256. There is also an algorithm called MCRYPT_RIJNDAEL_256, but note that this is not the case.
For the time being, it is possible to change the algorithm and mode so that it can be used universally, I’m not sure if it really works.
in conclusion
that’s all! It’s okay to be driven by the urge to AES encrypt.
I’m glad that PHP’s OpenSSL is very simple. (Small feeling)
abiusx / aes-ctr-256.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
| function bin2text ( $ binary ) |
| return implode(» «, str_split(bin2hex( $ binary ), 32 )); |
| > |
| function aes_256_ctr ( $ data , $ key , $ iv , & $ counter = 0 ) |
| assert(strlen( $ data )% 32 == 0 ); |
| assert(strlen( $ iv ) == 16 ); |
| assert(strlen( $ key ) == 32 ); |
| $ res = «»; |
| $ chunks = str_split( $ data , 32 ); //256 bit blocks |
| foreach ( $ chunks as $ chunk ) |
| // Construct 256 bit $nonce_with_counter |
| $ nonce_with_counter = «»; |
| for ( $ j = 0 ; $ j < 2 ;++ $ j ) |
| $ nonce = $ iv ; |
| $ add = $ counter ; |
| // adding counter to nonce |
| for ( $ i = 15 ; $ i >= 0 and $ add ; — $ i ) |
| if (ord( $ nonce [ $ i ]) + $ add >= 256 ) |
| $ t = (ord( $ nonce [ $ i ]) + $ add ); |
| $ nonce [ $ i ] = chr( $ t % 256 ); |
| $ add = ( int )( $ t / 256 ); |
| > |
| else |
| $ nonce [ $ i ] = chr( ord( $ nonce [ $ i ]) + $ add ); |
| $ add = 0 ; |
| > |
| > |
| $ counter ++; |
| $ nonce_with_counter .= $ nonce ; |
| > |
| $ ecb = openssl_encrypt( $ nonce_with_counter , ‘aes-256-ecb’ , $ key , OPENSSL_RAW_DATA | OPENSSL_NO_PADDING ); |
| $ res .= ( $ ecb ^ $ chunk ); |
| > |
| return $ res ; |
| > |
| // Testing: |
| $ data = ‘A000000000000000000000000000000000000000000000000000000000000000’ |
| . ‘0000000000000000000000000000000000000000000000000000000000000000’ |
| ; |
| $ data =hex2bin( $ data ); |
| $ data = random_bytes( 32 * 100 ); |
| $ iv = ‘A000000000000000000000000000000A’ ; // 16 bytes |
| $ iv = hex2bin( $ iv ); |
| $ iv = random_bytes( 16 ); |
| $ key = ‘A000000000000000000000000000000000F00000000000000000000000000000’ ; //32 bytes |
| $ key = hex2bin( $ key ); |
| $ key = random_bytes( 32 ); |
| $ ctr = openssl_encrypt( $ data , ‘aes-256-ctr’ , $ key , OPENSSL_RAW_DATA | OPENSSL_NO_PADDING , $ iv ); |
| $ custom_ctr = aes_256_ctr( $ data , $ key , $ iv , $ counter ); |
| echo bin2text( $ custom_ctr ), PHP_EOL ; |
| echo » Should be: \n»; |
| echo bin2text( $ ctr ), PHP_EOL ; |
| var_dump( $ custom_ctr == $ ctr ); |