0

I know this question might be asked multiple times and there is also an example for capturing IV and TAG before decryption but when I use it, it does not work!

I'm trying to use "decrypt" function in separate file, and I when i try to use this function, i see no output. Below messy code is the method that I am trying to use for encryption/decryption but why i see no output for decryption?

If anyone knows the answer please help me. Thank you very much.

<?php
    class encryption{
        private $KEY;
        private $cipher = "aes-256-gcm";
        private $ivlen;
        private $IV;
        private $options;
        private $tag;
        private $output = "";

        private function Key(){
            $this->KEY = openssl_random_pseudo_bytes (16);
            return $this->KEY;
        }

        private function Iv(){
            $this->IV = openssl_random_pseudo_bytes (16);
            $this->IV = base64_encode($this->IV);
            return $this->IV;
        }

        public function encrypt($string){
            $ivlen = openssl_cipher_iv_length($this->cipher);
            if (in_array($this->cipher, openssl_get_cipher_methods())){
                $this->output = openssl_encrypt($string, $this->cipher, $this->Key(), $options=0, $this->Iv(), $this->tag);
                $this->tag = base64_encode($this->tag);
            }
            return $this->output;
        }

        public function decrypt($string){
            $this->tag = base64_decode($this->tag);
            $dec_iv = base64_decode($this->Iv());
            if (in_array($this->cipher, openssl_get_cipher_methods())){
                $this->output = openssl_decrypt($string, $this->cipher, $this->Key(), $options=0, $dec_iv, $this->tag);
            }
            return $this->output;
        }
    }
?>
Uncle John
  • 48
  • 8

1 Answers1

0

Your method Iv() overwrites the IV that you set for encryption. If you use the IV as field then you'll have to check if the IV was already generated, of course.

However, the IV should never be a field in any class, as it should differ for each encryption. Generally the IV is send with the ciphertext. In that case it is usual to prefix it to the ciphertext (and to end with the tag). After that it is possible to encode the complete concatenated set to base 64 if a string is required.

During decryption the set can be partitioned into separate components as the IV size and tag size are configuration options that should be established beforehand. For GCM it is highly recommended to keep them to 96 bits / 12 bytes for the IV and 128 bits / 16 bytes for the authentication tag.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Thank you for answering my question. So as you wrote, there is no specific problem with TAG, in matter of fact, I have to use and capture IV appropriately? – Uncle John Feb 04 '20 at 01:18
  • I didn't really look at it, as the question seems to have been answered. The IV is part of the tag calculation, so if it is incorrect, the tag verification fails. That part I'm 100% about, and since your IV gets replaced... – Maarten Bodewes Feb 04 '20 at 01:23
  • So sorry, that IV inside encrypt function was an error during copying/pasting codes in fact I forgot to update code so it is edited now. Sorry again! – Uncle John Feb 04 '20 at 01:27
  • No need to be sorry, as the faulty code is in the decrypt functionality, not in the encrypt functionality: `$dec_iv = base64_decode($this->Iv());` – Maarten Bodewes Feb 04 '20 at 01:29
  • I tried to improve my codes, so I improved it to at least see encryption and decryption in same file! in both functions I used 4 parameters for each function $string, $cipher, $key and $iv. I generate $key, $ivlen and $iv in same page that I encrypt or decrypt strings. when I use function in same file so it works great! but when I use decryption function in separate file I receive this error: ** base64_decode() expects parameter 1 to be string, null given** I also encode and decode $tag as I used in above code! What is reason Sir? why capturing tag is not working well?! – Uncle John Feb 04 '20 at 06:16