0

The openssl_get_cipher_methods() function returns, within the list of available algorithms, both aes-256-cbc and aes-256-cbc-hmac-sha256 so I was trying to understand how to use them with the openssl_encrypt/decrypt() functions but I see no difference.

php > echo openssl_encrypt('hello world!', 'aes-256-cbc', '5823r4s5b36f45f333c7be91e6819b91', 0, base64_decode('7urdW9TS74FKFgHFSb2sqA=='), $tag);
JmeNeIeK2yU3pVUMGX5VsQ==
php > echo $tag;
php > echo openssl_encrypt('hello world!', 'aes-256-cbc-hmac-sha256', '5823r4s5b36f45f333c7be91e6819b91', 0, base64_decode('7urdW9TS74FKFgHFSb2sqA=='), $tag);
JmeNeIeK2yU3pVUMGX5VsQ==
php > echo $tag;
php >

So, what's going on? Am I missing something?

zer0uno
  • 7,521
  • 13
  • 57
  • 86
  • 1
    I think the "hmac-sha256" part is irrelevant for openssl_encrypt. The HMAC is only to verify the integrity of the data and its sender, but not relevant for the actual encryption, and also not part of it. Maybe openssl_encrypt gracefully ignores this part? – Honk der Hase Aug 16 '22 at 17:17
  • 1
    This seems to be a bug, s. [here](https://crypto.stackexchange.com/q/83483). The tag is not returned during encryption (possibly not even generated) and not used for authentication during decryption, i.e. there is effectively no difference to aes-256-cbc. For authenticated encryption you can alternatively use aes-256-gcm. – Topaco Aug 16 '22 at 17:26

1 Answers1

3

aes-256-cbc-hmac-sha256 is a specialist cipher exposed by libcrypto for use in TLS by libssl. It is not meant for general purpose use. Don't use it unless you really know what you are doing.

The man page says this about it:

Authenticated encryption with AES in CBC mode using SHA256 (SHA-2, 256-bits) as HMAC, with keys of 128 and 256 bits length respectively. The authentication tag is 256 bits long.

WARNING: this is not intended for usage outside of TLS and requires calling of some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD interface.

https://www.openssl.org/docs/man3.0/man3/EVP_aes_256_cbc_hmac_sha256.html

Matt Caswell
  • 8,167
  • 25
  • 28