How to decrypt AES-CFB retrieved from post variable in php?

Question

I'm trying to send an encrypted text from a python script to a php page. I successfully encrypted it in python, but I'm unable to decipher it in PHP.

Python Code:

from Crypto.Cipher import AES
message="{'platform': 'Linux', 'hostname': 'some-name', 'ram': '8 GB'}"
key = "=e+r28W^8PkyYtwk"
obj = AES.new(key, AES.MODE_CFB, '1101020304050607')
ciphertext = obj.encrypt(str(message))
print(message, "||", key, "||", ciphertext)

url = 'https://ebenezer-isaac.com/indexer.php'
myobj = {'message': ciphertext}
x = requests.post(url, data = myobj)
print("")
print(x.text)

PHP Code I have: I got the code for PHP decryption from here

<?php
echo "Hello || ";
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
function decrypt_openssl($key, $str) {
  $iv = "1101020304050607";
  return openssl_decrypt($str, 'AES-256-CFB', $key, OPENSSL_ZERO_PADDING, $iv);
}
$encrypted = $_POST["message"];
echo "Encrypted : ".$encrypted." || ";
$decrypted = decrypt_openssl("=e+r28W^8PkyYtwk",$encrypted);
echo "Decrypted : ".$decrypted;
?>

Current Output of Python :

{'platform': 'Linux', 'hostname': 'some-name', 'ram': '8 GB'} || =e+r28W^8PkyYtwk || b'*T\xbd\x9e\xfe\xfa#\x9b\x8a-\xc1\xd3W\x96\xc0\x93\xa7\x99\xceS1\xe1q\x13\xc8j~n\xe1\x97\xb6\xef\x93\xa87\xa9\xe0?\x1f\xe4\x99\xf6\xe8\xfd\xc1q\x13\xe07uV\xb1gu\xa1V\xd2\xd7}\xb4l'

Hello || Encrypted : *T����#��-��W������S1�q�j~nᗶ7��?�����q�7uV�gu�V��}�l || Decrypted : �5��f0�?w

Expected Output of Python :

{'platform': 'Linux', 'hostname': 'some-name', 'ram': '8 GB'} || =e+r28W^8PkyYtwk || b'*T\xbd\x9e\xfe\xfa#\x9b\x8a-\xc1\xd3W\x96\xc0\x93\xa7\x99\xceS1\xe1q\x13\xc8j~n\xe1\x97\xb6\xef\x93\xa87\xa9\xe0?\x1f\xe4\x99\xf6\xe8\xfd\xc1q\x13\xe07uV\xb1gu\xa1V\xd2\xd7}\xb4l'

Hello || Encrypted : *T����#��-��W������S1�q�j~nᗶ7��?�����q�7uV�gu�V��}�l || Decrypted : {'platform': 'Linux', 'hostname': 'some-name', 'ram': '8 GB'}

Can you post a base64 encoded encrypted string created by your python so we can debug? — John Conde, May 05 '20 at 19:07
Please post some _valid_ example code, as well as the output from it. Your python is missing the import for `AES` [I'm assuming `from Crypto.Cipher import AES`] and the key `password` results in `ValueError: AES key must be either 16, 24, or 32 bytes long`. — Sammitch, May 05 '20 at 19:14
@JohnConde I just updated the question as you had asked. I included the exact code I tried and also the exact output from the shell. — Ebenezer Isaac, May 05 '20 at 20:31
@Sammitch Yes, I have included the import now in the question. I had changed the password just for representation purpose here. I have posted the password with which I was trying to encrypt now. — Ebenezer Isaac, May 05 '20 at 20:34
Well at least part of it is probably a CFB segment size mismatch between PHP an Python as detailed in: https://stackoverflow.com/questions/46346371/convert-openssl-aes-in-php-to-python-aes though I can't seem to figure out how to make PHP and Python agree even with the benefit of that example. — Sammitch, May 05 '20 at 21:51

score 0 · Accepted Answer · answered May 06 '20 at 05:33

Thanks to @Sammitch, with a few tweeks, I finally did it.

The Python code which encrypts data:

def my_encrypt(data):
    encryption_key = base64.b64decode('c7e1wJFz+PBwQix80D1MbIwwOmOceZOzFGoidzDkF5g=')
    bs = AES.block_size
    cipher = AES.new(encryption_key, AES.MODE_CFB, "1101020304050607")
    encrypted = cipher.encrypt(data)
    return base64.b64encode(encrypted)  

message="{'platform': 'Linux', 'hostname': 'some-name', 'ram': '8 GB'}"
print("Actual string: " ,str(message))
data_encrypted = my_encrypt(str(message))
print("")
print(data_encrypted)
url = 'https://ebenezer-isaac.com/indexer.php'
myobj = {'message': data_encrypted}
x = requests.post(url, data = myobj)
print("")
print(x.text)

PHP Code which decrypts the data:

<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$encryption_key = base64_decode('c7e1wJFz+PBwQix80D1MbIwwOmOceZOzFGoidzDkF5g=');
$data_encrypted = $_POST["message"];
$data_decrypted = openssl_decrypt($data_encrypted, 'aes-256-cfb8', $encryption_key, OPENSSL_ZERO_PADDING, "1101020304050607");
echo "Decrypted string: ". $data_decrypted;

OUTPUT of python :

Actual string:  {'platform': 'Linux', 'hostname': 'some-name', 'ram': '8 GB'}

b'7p3rqnEEuGp2mVj4gSHTccEK/1FUMnQDrwSHEd9Kv504NoLlv72mdxT6VcaKxA8JFUnbS75qSjyLWBFSjw=='

Decrypted string: {'platform': 'Linux', 'hostname': 'some-name', 'ram': '8 GB'}

How to decrypt AES-CFB retrieved from post variable in php?

1 Answers1