Clever Geek Handbook

Simple decryption / encryption for java and PHP

I used to have a working system to encrypt data in PHP and decrypt it using JAVA. This is the PHP code:

function encrypt($message, $initialVector, $secretKey) {

return base64_encode(
  mcrypt_encrypt(
    MCRYPT_RIJNDAEL_128,
    md5($secretKey),
    $message,
    MCRYPT_MODE_CFB,
    $initialVector
    )
  );
}

function decrypt($message, $initialVector, $secretKey) {
  $decoded = base64_decode($message);
  return mcrypt_decrypt(
    MCRYPT_RIJNDAEL_128,
    md5($secretKey),
    $decoded,
    MCRYPT_MODE_CFB,
    $initialVector
  );
}

and the java code

 public String decrypt(String encryptedData, String initialVectorString, String secretKey) {
    String decryptedData = null;
    try {
        SecretKeySpec skeySpec = new SecretKeySpec(md5(secretKey).getBytes(), "AES");
        IvParameterSpec initialVector = new IvParameterSpec(initialVectorString.getBytes());
        Cipher cipher = Cipher.getInstance("AES/CFB8/NoPadding");
        cipher.init(Cipher.DECRYPT_MODE, skeySpec, initialVector);
        byte[] encryptedByteArray = (new org.apache.commons.codec.binary.Base64()).decode(encryptedData.getBytes());
        byte[] decryptedByteArray = cipher.doFinal(encryptedByteArray);
        decryptedData = new String(decryptedByteArray, "UTF8");
    } catch (Exception e) {
        e.printStackTrace();
    }
    return decryptedData;

}

However, I recently switched from PHP 5.x to 7.1 and now received the following message:

"The mcrypt_encrypt () function is deprecated"

So, it seems like mcrypt is no longer such a good choice. I've googled a lot, but most examples still use mcrypt. The only other good options are for tools like RNCryptor or defuse, but don't come with working examples. Are there some simple working examples that work for PHP and JAVA? I need to be able to decrypt the data into its original form, as I need to perform certain tasks with it.

Thank you in advance

+3


source to share


2 answers


It looks like the code from this link: http://php.net/manual/de/function.mcrypt-encrypt.php#119395 . But anyway, I think it needs to be replaced with openssl_encrypt ().

This is a port of your functions (no md5, of course).



<?php

function encrypt_new($data, $iv, $key, $method)
{
    return base64_encode(openssl_encrypt($data, $method, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv));
}

function decrypt_new($data, $iv, $key, $method)
{
    return openssl_decrypt(base64_decode($data), $method, $key, OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv);
}

$data = "plain text";
$method = 'AES-128-CFB8'; // AES/CFB8/NoPadding
$ivSize = openssl_cipher_iv_length($method);
$iv = openssl_random_pseudo_bytes($ivSize);
$password = 'default-secret-salt';
$key = password_hash($password, PASSWORD_BCRYPT, ['cost' => 12]);

$encrypted = encrypt_new($data, $iv, $key, $method);
echo $encrypted. "\n";
$decrypted = decrypt_new($encrypted, $iv, $key, $method);
echo $decrypted. "\n"; // plain text
+2


source


Have you considered moving from mcrypt_encrypt

to openssl_encrypt

. Be aware that it openssl

does not output the same cryptotext with the same plaintext and key.



It is also advised to uninstall md5

, as it is very quick and easy to overdo it.

0


source






More articles:


All Articles