2

I have a PHP REST (Gateway) server. The client is a node.js server. THe data exchanged between them is encrypted (crypto_secretbox) & decrypted (crypto_secretbox_open) using libsodium easy api implementations of PHP & Node respectively.

Encrypted data in PHP doesn't have the 16 byte Zeros at the beginning (salt) where as the encrypted data in node.js has the 16 byte zeros.

To decrypt on node of the data encrypted in PHP, I have to prepend 16 bytes of zeros (salt) before calling the secretBox.decrypt.

To decrypt on PHP of the data encrypted in node, I have to first remove the 16 bytes of zeros before calling the \Sodium\crypto_secretbox_open.

The question: Is this the best possible approach or I am missing something very obvious?

indiangolfer
  • 311
  • 1
  • 2
  • 8
  • Its unclear what your question is. You have clearly found the solution to the differences in both implementations? – shrmn Mar 07 '16 at 01:18
  • Hi. I did but I feel that it is a hack. I am hoping that someone would tell me that "this is how you do it, you hack!" :) – indiangolfer Mar 07 '16 at 03:13

1 Answers1

2

Are you actually using secretbox_easy with Node-Sodium, and not secretbox?

secretbox requires extra bytes to be prepended/stripped. It is only available for backward compatibility, it doesn't really make sense to use this in except in C, but for some reason, Node-Sodium provides it.

The PHP bindings don't require these extra bytes. Like most other bindings, secretbox is actually secretbox_easy under the hood.

The good news is that Node-Sodium also provides secretbox_easy. You just need to explicitly call it secretbox_easy. No more padding required.

Frank Denis
  • 1,475
  • 9
  • 12
  • Thanks. I will try it out and let you know. – indiangolfer Mar 11 '16 at 22:45
  • Hi Frank. I looked at all the code in https://github.com/paixaop/node-sodium and in my node_modules/sodium. I can't find an API that I can call to pass in just the secretkey encryption other than the secretbox. The rest of them all want public/private key pair. My Encryption/Decryption is based on the secretkey as opposed to Public/Private key. Please advise. – indiangolfer Mar 12 '16 at 05:51
  • Also, node implementation of sodium when using crypto_secretbox and crypto_secretbox_open restricts the secretkey to be 32 bytes long based on the code in ./node_modules/sodium/deps/libsodium/src/libsodium/crypto_stream/salsa20/ref/xor_salsa20_ref.c PHP's implementation doesn't seem to have this restriction. – indiangolfer Mar 12 '16 at 06:37