erucquoy / crypto-js

Automatically exported from code.google.com/p/crypto-js
0 stars 0 forks source link

Not decoded code using PHP #52

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. encodes a string 
2. var encrypted = CryptoJS.DES.encrypt("123", "123");
3. //encrypted == "U2FsdGVkX1/F6/pmeKgkMNUBpAkUdC7c";
4. Next on the PHP side
5. $encrypted = "U2FsdGVkX1/F6/pmeKgkMNUBpAkUdC7c";
6. $passphrase = "123";
7. $decrypt = mcrypt_decrypt(MCRYPT_DES, $passphrase, $encrypted, 
MCRYPT_MODE_CBC);
8. // $decrypt == "��M��#�"

What is the expected output? What do you see instead?
8. // $decrypt == "123"

What version of the product are you using? On what operating system?
Windows 7 64-bit, PHP 5.3.13, CryptoJS 3

Also experimented with IV
var iv encrypted.iv;
...
$iv = {iv from JS};
$decrypt = mcrypt_decrypt(MCRYPT_DES, $passphrase, $encrypted, MCRYPT_MODE_CBC, 
$iv);
But the result was not expected

Original issue reported on code.google.com by ivan.s...@gmail.com on 1 Oct 2012 at 7:56

GoogleCodeExporter commented 8 years ago
You'll have to do some extra work to make mcrypt and CryptoJS compatible. At 
minimum, you need to consider the ciphertext format, key generation, and 
padding. CryptoJS's ciphertext format, by default, matches OpenSSL's format, 
which is the string "Salted__", followed by a 64-bit salt, followed by the raw 
ciphertext. Mcrypt doesn't parse that format on its own. You'll have to parse 
it yourself, or format CryptoJS's output to something mcrypt expects. You also 
need to make sure that the key is being generated in the same way on both ends. 
CryptoJS, by default, uses OpenSSL's BytesToKey algorithm. Mcrypt doesn't do 
any key generation. And, finally, CryptoJS uses PKCS5 padding by default, 
whereas mcrypt will zero pad. For more information, see the discussion for this 
topic: https://groups.google.com/forum/#!topic/crypto-js/YLKt6es-h1w

Original comment by Jeff.Mott.OR on 1 Oct 2012 at 8:31

GoogleCodeExporter commented 8 years ago

Original comment by Jeff.Mott.OR on 1 Oct 2012 at 6:29