How do I decrypt data with sodium_crypto_box_seal_open function that was encrypted with sodium_crypto_box_seal in mysql using php?

Question

I have some data that was encrypted with sodium_crypto_box_seal and store the encrypted data and the keypair in mysql. Now I would like to decrypt the data with sodium_crypto_box_seal_open in php but I am getting the following error:

Fatal error: Uncaught SodiumException: sodium_crypto_box_seal_open(): Argument #2 ($key_pair) must be SODIUM_CRYPTO_BOX_KEYPAIRBYTES bytes long in C:\xampp\htdocs\encryption\vulnerability1.php:67 Stack trace: #0 C:\xampp\htdocs\encryption\vulnerability1.php(67): sodium_crypto_box_seal_open() #1 {main} thrown in C:\xampp\htdocs\encryption\vulnerability1.php on line 67

I google for solution but I couldn't get it to work. For reference here is the decrypt php code:

<?php 
 //check if input box not empty
 if(isset($_POST['company'])){ 
   //get value from form input boxes
   $company = $_POST['company'];

//set secret and public keys for the input values
$company_keypair = sodium_crypto_box_keypair();

//set public keys for input value
$company_public_key = sodium_crypto_box_publickey($company_keypair);

//encrypt the values
$encrypted_text = sodium_crypto_box_seal($company, $company_public_key);

$company_keypair = bin2hex($company_keypair);
$encrypted_text = base64_encode($encrypted_text);

echo "<br>c".$company_keypair;
echo "<br>en".$encrypted_text;

//connect to a databse
try {
    $connDB = new PDO("mysql:host=localhost;dbname=encryption", "root", ""); 
    // set the PDO error mode to exception
    $connDB->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    echo "Connected successfully";
    } catch(PDOException $e) {
    echo "Connection failed: " . $e->getMessage();
}
//insert query
$insert = "INSERT INTO report (company,ck) 
VALUES ('$encrypted_text','$company_keypair')";

 //do insertion
 if($connDB->query($insert)){
    echo  'Report added successfully';
}
else{
    echo $connDB->error;
    echo "Problem in Adding Report";
}
}//end isset
?>

And below is what I have for the decryption

<h2>Below is the decrypted result</h2>
<table border= 1>
<thead>
    <th>Company</th>
       
</thead>
<tbody>
    <?php 
        $sql = "SELECT * FROM report";
        $sql = $connDB->prepare($sql);
        $sql->execute();
        $sql->setFetchMode(PDO::FETCH_ASSOC);
        //$query = $connDB->query($sql);
        while($row = $sql->fetch()): 
    ?>
    <tr>
        <td>
            <?php 
                $sealed = base64_decode($row['company']);
                $key =  $row['ck'];
                $keypair = sodium_base642bin($key, SODIUM_BASE64_VARIANT_ORIGINAL);
                $opened = sodium_crypto_box_seal_open($sealed, $keypair);
                ECHO var_dump($opened);
            ?>
        </td>
        
        <?php endwhile; ?>
    </tr>
    </tbody>
   </table>

Just a quick shot: on encryption side your company keypair seems to be stroed as HEXSTRING before bas64 encdoing: "$company_keypair = bin2hex($company_keypair);". On decryption side the "hex2bin" conversion seems to be missing. — Michael Fehr, Mar 23 '22 at 06:46
Thanks @MichaelFehr I will add the conversion at the decryption part and revert. — dyahmed, Mar 23 '22 at 07:17
I converted the $company_pair on the decryption part to hex2bin and it works thanks a lot @MichaelFehr — dyahmed, Mar 23 '22 at 07:42

score 1 · Answer 1 · answered Mar 23 '22 at 07:51

Below code is an updated part of the decryption that resolved the problem for me as indicated in the comment section above the value "$company_keypair" was stored in HEXSTRING before the base64 encoding. Therefore, on the decryption side the "$company_keypair" has to be converted to hex2bin before it will work as a parameter of a sodium_crypto_box_seal_open function:

<h2>Below is the decrypted result</h2>
<table border= 1>
<thead>
    <th>Company</th>
       
</thead>
<tbody>
    <?php 
        $sql = "SELECT * FROM report";
        $sql = $connDB->prepare($sql);
        $sql->execute();
        $sql->setFetchMode(PDO::FETCH_ASSOC);
        //$query = $connDB->query($sql);
        while($row = $sql->fetch()): 
    ?>
    <tr>
        <td>
            <?php 
                $sealed = base64_decode($row['company']);
                $key =  $row['ck'];
                $keypair = hex2bin($key);
                //$keypair = sodium_base642bin($key, SODIUM_BASE64_VARIANT_ORIGINAL);
                $opened = sodium_crypto_box_seal_open($sealed, $keypair);
               // $opened = sodium_crypto_box_seal_open($sealed, $key);
                ECHO var_dump($opened);
            ?>
        </td>
        
        <?php endwhile; ?>
     </tr>
  </tbody>

How do I decrypt data with sodium_crypto_box_seal_open function that was encrypted with sodium_crypto_box_seal in mysql using php?

1 Answers1