2

I need to make a simple very basic encryption with AES 128 ECB mode.

The idea is to generate a cryptogram, code it in base64 and then decipher that text from a web service in php to process its content. Later we will increase the robustness of the encryption with a 256 key and CBC mode.

The problem is that the encrypted text generated from the openssl tool (installed by default in MacOX) generates a completely different result than the one generated by the openssl_encrypt function in php 7.

echo -n 'Sergio Sánchez' | openssl12n enc -aes-128-ecb  -a

Result

U2FsdGVkX1+wrLjaCTSM9T3WMV1YcD9Cwzj0mKBoa7M=

No Salt

echo -n 'Sergio Sánchez' | openssl12n enc -aes-128-ecb -nosalt -a

Result

stpJKCaUQ/Q1GLzDvqaYRg==

PHP 7

echo base64_encode(openssl_encrypt('Sergio Sánchez', 'AES-128-ECB', 'password', OPENSSL_RAW_DATA));

Result

dum7MBJOzIi9jvMTvEYnug==

How can I generate a compatible cryptogram between both tools?

Sergio Sánchez Sánchez
  • 1,694
  • 3
  • 28
  • 48
  • 2
    ECB is not secure. – SLaks Mar 08 '18 at 19:54
  • @SLaks How can I add that padding with openssl_encrypt in php? – Sergio Sánchez Sánchez Mar 08 '18 at 19:59
  • @SLaks ok, thanks . but when using the openssl_decrypt php function with the base64 generated by the other tool, it returns an empty string. – Sergio Sánchez Sánchez Mar 08 '18 at 20:08
  • @SLaks I'm using a 16-character password on both tools (oxPt4SyZuXCk2CSI). I've also tried specifying the key in hex with the -K option and generating another result. – Sergio Sánchez Sánchez Mar 08 '18 at 20:24
  • 1
    What is `openssl12n` ... none of the OSX versions I have know what that is. However when I do the command with just `openssl` ... and copy/paste to a php script with openssl_decrypt(same args) ... I can confirm that the php version does not decrypt what the osx version is spitting out. I tried even with decoding the base64 before or not, and changing the options. Odd issue here. – IncredibleHat Mar 08 '18 at 20:25
  • Which version of OSX? – IncredibleHat Mar 08 '18 at 20:27
  • 1
    Sorry, I forgot to comment that it is not the default version. It is an alias that of another installed version. alias openssl12n='/usr/local/Cellar/openssl/1.0.2n/bin/openssl' – Sergio Sánchez Sánchez Mar 08 '18 at 20:29
  • MacOS Sierra 10.12.6 – Sergio Sánchez Sánchez Mar 08 '18 at 20:29
  • Do not use ECB mode in new work and update legacy work ASAP, it is not secure, see [ECB mode](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_Codebook_.28ECB.29), scroll down to the Penguin. Instead use CBC mode with a random IV, just prefix the encrypted data with the IV for use in decryption, it does not need to be secret. – zaph Mar 08 '18 at 20:31
  • While I agree one should just get it working with aes-256-cbc now... it is still a very odd issue that the 128-ecb is disjointed like this between platforms. – IncredibleHat Mar 08 '18 at 20:32
  • Ok Thank you very much, then an AES 256 bit CBC mode in addition to being more secure would you avoid this problem? – Sergio Sánchez Sánchez Mar 08 '18 at 20:35
  • 1
    I'm testing it out right now... (requires more coding since the IV is required) – IncredibleHat Mar 08 '18 at 20:37
  • 1
    CBC mode and 256-bit key will not help, the problem is elsewhere. 1. AES is block based to the input data must be a multiple of the block size: 16-bytes. If the data is shorter it must be padded to length. This can be specified in a padding option such as PKCS#7 or née PKCS#5, there is no standard default, each implementation can choose how to handle short data. – zaph Mar 08 '18 at 20:44
  • 1
    2. The key must be one of three lengths, 128, 192 or 256-bits. If the key is not a correct length the implementation will produce an error or in some other manor handle the error such as appending nulls or deriving a key from the input. The easy solution: provide a correct length key. – zaph Mar 08 '18 at 20:49
  • 1
    Right, I'm meeting walls with multiple kinds of enc types between osx and php. Really not coming up with any answers either. So I am going to have to bow out to better encryption experts. (this question may get some notice on https://crypto.stackexchange.com/) – IncredibleHat Mar 08 '18 at 20:49
  • perfect thank you very much, I will raise the question at crypto.stackexchange.com. I've done it here because I wanted to make sure it was not a trivial problem. – Sergio Sánchez Sánchez Mar 08 '18 at 20:58
  • 1
    It is a trivial problem, you need to read the documentation for OpenSSL command line and PHP. Why are you using OpenSSL command line? – zaph Mar 09 '18 at 15:35
  • @zaph The cryptogram is generated with the openssl tool and must be decrypted from php. I have tried specifying the key in hexadecimal, and the result is still different – Sergio Sánchez Sánchez Mar 09 '18 at 15:59

1 Answers1

1

Here is an example of Command Line OpenSSL and web based encryption with the same encrypted example:

Changing the test data and key in order to reduce length issues:
key: 'testkey1testkey1 hex: 746573746b657931746573746b657931
data: '54657374446174615465737444617461' hex: 746573746b657931746573746b657931

Test OpenSSL encryption:
echo -n 'TestDataTestData' | openssl enc -aes-128-ecb -a -K 746573746b657931746573746b657931
Output: 'AdLbg3zhQ2/hei0QxAdvnVZaYCTUjgmjheMmWi8Js5A='
hex: 01D2DB837CE1436FE17A2D10C4076F9D565A6024D48E09A385E3265A2F09B390
The first 16 bytes are the encrypted data, the last 16 bytes are padding, see note.

Test web based encryption (yes it is ECB mode):
http://extranet.cryptomathic.com/aescalc?key=746573746b657931746573746b657931&iv=00000000000000000000000000000000&input=54657374446174615465737444617461&mode=ecb&action=Encrypt&output=
output: 01D2DB837CE1436FE17A2D10C4076F9D

Comparing the two outputs (dropping the padding):
AESCalc : 01D2DB837CE1436FE17A2D10C4076F9D
OpenSSL: 01D2DB837CE1436FE17A2D10C4076F9D

From here you can make changes as necessary one by one.

Helpful links:
OpenSSL enc man page
AES Calculator
Base64 to hex decoder
Text to Hex Converter
PKCS#7 padding

Note 1: PKCS#7 padding always adds padding so when used with data that is a multiple of the block size a full block of padding is (must be) added. If padding were not added, even in this case, it would not be possible in all cases to determine that no padding were added.

Note 2: AESCalc with padding explicitly added:
http://extranet.cryptomathic.com/aescalc?key=746573746B657931746573746B657931&iv=00000000000000000000000000000000&input=5465737444617461546573744461746110101010101010101010101010101010&mode=ecb&action=Encrypt&output=01D2DB837CE1436FE17A2D10C4076F9D
Output: 01D2DB837CE1436FE17A2D10C4076F9D565A6024D48E09A385E3265A2F09B390

zaph
  • 111,848
  • 21
  • 189
  • 228