search

Home  >  Article  >  Backend Development  >  How to Decrypt AES Encryption in PHP with MCrypt Using evpKDF()?

How to Decrypt AES Encryption in PHP with MCrypt Using evpKDF()?

DDD
DDDOriginal
2024-11-03 02:02:02353browse

How to Decrypt AES Encryption in PHP with MCrypt Using evpKDF()?

Decrypting AES Encryption in PHP with MCrypt

In this scenario, a password is encrypted using CryptoJS in JavaScript and needs to be decrypted on the server side with PHP using MCrypt. Here's how to achieve this:

Issue with Decryption in PHP

The previous attempt to decrypt the password using MCrypt's mcrypt_decrypt() function failed due to differences in key generation. CryptoJS utilizes a password to create both the AES key and initialization vector (IV), while MCrypt only uses the key for encryption/decryption.

Solution with evpKDF() Function

To resolve this, we need to derive the key and IV in PHP using the same method as CryptoJS. Here's a custom evpKDF() function for this purpose:

<code class="php">function evpKDF($password, $salt, $keySize = 8, $ivSize = 4, $iterations = 1, $hashAlgorithm = "md5") {
    // Code goes here...
}</code>

Modified Encryption Process

To use the evpKDF() function, the encrypted password in JavaScript should include a generated salt. Here's the updated CryptoJS code:

<code class="javascript">    var encryptedPassword = CryptoJS.AES.encrypt(password, "Secret Passphrase");
    var ivHex = encryptedPassword.iv.toString();
    var ivSize = encryptedPassword.algorithm.ivSize; // same as blockSize
    var keySize = encryptedPassword.algorithm.keySize;
    var keyHex = encryptedPassword.key.toString();
    var saltHex = encryptedPassword.salt.toString(); // must be sent
    var openSslFormattedCipherTextString = encryptedPassword.toString(); // not used
    var cipherTextHex = encryptedPassword.ciphertext.toString(); // must be sent</code>

Decryption Process in PHP

On the server side in PHP, retrieve the salt and ciphertext from the request. Then, use the evpKDF() function to derive the key and IV based on the password and salt:

<code class="php">$keyAndIV = evpKDF("Secret Passphrase", hex2bin($saltHex));</code>

Finally, perform decryption with MCrypt:

<code class="php">$decryptPassword = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, 
        $keyAndIV["key"], 
        hex2bin($cipherTextHex), 
        MCRYPT_MODE_CBC, 
        $keyAndIV["iv"]);</code>

This should successfully decrypt the password encrypted using CryptoJS with AES. Additionally, a version using the OpenSSL extension is provided as an alternative to MCrypt.

The above is the detailed content of How to Decrypt AES Encryption in PHP with MCrypt Using evpKDF()?. For more information, please follow other related articles on the PHP Chinese website!

php JavaScript for while include using finally function this issue
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:How to Sort a Multi-Dimensional PHP Array by Inner Array Values?Next article:How to Sort a Multi-Dimensional PHP Array by Inner Array Values?

Related articles

See more