4

I would like to encrypt and decrypt somes data with AES CCM!

I managed to do this operation in the same php file. But I would like to be able to send the encrypted data to another page to decrypt it with. But impossible ... Yet I send the iv, the tag and the encrypted data. Do you have a solution?

I have these errors:

Warning: openssl_decrypt(): Setting tag for AEAD cipher decryption failed in adddata1.php on line 18

Fatal error: Uncaught Exception: OpenSSL error: error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length in adddata1.php:21 Stack trace: #0 {main} thrown in dddata1.php on line 21

First file : 

$algo = 'aes-128-ccm'; $iv = random_bytes(openssl_cipher_iv_length($algo)); $key = "cd9344040aa9f9217871d46ee871c59c"; $data = '00000000010-3b57af'; $ciphertext = openssl_encrypt( $data, $algo, $key, OPENSSL_RAW_DATA, $iv, $tag ); echo'<a href="adddata1?data='.$ciphertext.'&tag='.$tag.'&iv='.$iv.'">"decrypte"</a>'; ?>

Second file : 

$algo = 'aes-128-ccm'; $key = "cd9344040aa9f9217871d46ee871c59c"; $ciphertext = $_GET['data']; $iv = $_GET['iv']; $tag = $_GET['tag']; // Change 1 bit in additional authenticated data // $i = rand(0, mb_strlen($aad, '8bit') - 1); // $aad[$i] = $aad[$i] ^ chr(1); $decrypt = openssl_decrypt( $ciphertext, $algo, $key, OPENSSL_RAW_DATA, $iv, $tag ); if (false === $decrypt) { throw new Exception(sprintf( "OpenSSL error: %s", openssl_error_string() )); } printf ("Decryption %s\n", $data === $decrypt ? 'Ok' : 'Failed'); printf("<br/>"); printf(base64_encode($tag)); printf("<br/>"); printf(base64_encode($iv)); printf("<br/>"); printf(base64_encode($ciphertext)); printf("<br/>"); printf($data); ?>

In one file :

<?php $algo = 'aes-128-ccm'; $iv = random_bytes(openssl_cipher_iv_length($algo)); $key = "cd9344040aa9f9217871d46ee871c59c"; $data = '00000000010-3b57af'; $ciphertext = openssl_encrypt( $data, $algo, $key, OPENSSL_RAW_DATA, $iv, $tag ); // Change 1 bit in additional authenticated data // $i = rand(0, mb_strlen($aad, '8bit') - 1); // $aad[$i] = $aad[$i] ^ chr(1); $decrypt = openssl_decrypt( $ciphertext, $algo, $key, OPENSSL_RAW_DATA, $iv, $tag ); if (false === $decrypt) { throw new Exception(sprintf( "OpenSSL error: %s", openssl_error_string() )); } printf ("Decryption %s\n", $data === $decrypt ? 'Ok' : 'Failed'); printf("<br/>"); printf(base64_encode($tag)); printf("<br/>"); printf(base64_encode($iv)); printf("<br/>"); printf(base64_encode($ciphertext)); printf("<br/>"); printf($data); ?>

Thanks

Improve this question
3
  • Can you edit your post to show what does work in the "one" file? Also, is there anything that comes back when using error reporting? php.net/manual/en/function.error-reporting.php Commented Sep 14, 2017 at 17:20
  • Assume transport issue. Seems like the base64 stuff is backwards? Why encode on receiving end, should that not be decode? Where is it encoded when sent? Why change when outputting but not when using in openssl functions? Check for change as it goes over wire. Commented Sep 14, 2017 at 17:23
  • Not anything comme back, I have theses errors :Warning: openssl_decrypt(): Setting tag for AEAD cipher decryption failed in adddata1.php on line 18 Fatal error: Uncaught Exception: OpenSSL error: error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length in adddata1.php:21 Stack trace: #0 {main} thrown in adddata1.php on line 21 Commented Sep 14, 2017 at 17:29

1 Answer 1

Reset to default
6

The issue is likely the iv. You are generating random bytes and adding them as a request parameter in a URL, where string encodings matter. Convert the bytes to characters which are valid in a URL. bin2hex is one simple method:

echo '<a href="adddata1?data='.$ciphertext.'&iv='.bin2hex($iv)...

And on the receiving end convert it back:

$iv = hex2bin($_GET['iv']);
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Perfect ! Thanks a lot !

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.