2

I have tried using Blowfish (CBC) technique for encrypting / decrypting a text from PHP to Flash. After hours of investigation and research, I got to know that AS3Crypto could be used for decryption of Blowfish (CBC Mode). In a simple example, I'm using Mcrypt (A Library for PHP) to encrypt the text:

const CYPHER = 'blowfish';
const MODE   = 'cbc';
const KEY    = '12345';
    public function encrypt($plaintext)
{
    $td = mcrypt_module_open(self::CYPHER, '', self::MODE, '');
    $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
    mcrypt_generic_init($td, self::KEY, $iv);
    $crypttext = mcrypt_generic($td, $plaintext);
    mcrypt_generic_deinit($td);
    return $iv.$crypttext;
}

Then, I can transfer the output by encoding it using Base64. So for example, if we have the original text as (without quotations) "stackoverflow" and the key as "123456", the output will be (base64):

MUXl8mBS9OsvxTbLAiCrAMp851L8vVD0

Till now there is no problem. Now when I shift this encoded text to flash, I can get it without any problem. You can try going to http://crypto.hurlant.com/demo/CryptoDemo.swf and then select "Secret Key" tab, and choose encryption as "Blowfish", mode as "CBC", Padding as "none" and tick the "Prepend IV to cipher text" option. After that, you can successfully decrypt the text above, using the key, and get the "stackoverflow" text again.

So, till now I know that its possible to convert from Mcrypt to AS3Crypt, and then I tried to use AS3Crypto library in flash (You can get it from: http://code.google.com/p/as3crypto/).

I made a new actionscript file which has the following content to test whether or not the encryptions would be the same (I couldn't figure out how to decrypt it because of the main problem):

package
{
    import com.hurlant.crypto.Crypto;
    import com.hurlant.util.Hex;    
    import com.hurlant.crypto.hash.HMAC;
    import com.hurlant.crypto.hash.IHash;
    import com.hurlant.crypto.hash.MD5;
    import com.hurlant.crypto.hash.SHA1;
    import com.hurlant.crypto.hash.SHA224;
    import com.hurlant.crypto.hash.SHA256;
    import com.hurlant.crypto.prng.ARC4;
    import com.hurlant.crypto.symmetric.AESKey;
    import com.hurlant.crypto.symmetric.BlowFishKey;
    import com.hurlant.crypto.symmetric.CBCMode;
    import com.hurlant.crypto.symmetric.CFB8Mode;
    import com.hurlant.crypto.symmetric.CFBMode;
    import com.hurlant.crypto.symmetric.CTRMode;
    import com.hurlant.crypto.symmetric.DESKey;
    import com.hurlant.crypto.symmetric.ECBMode;
    import com.hurlant.crypto.symmetric.ICipher;
    import com.hurlant.crypto.symmetric.IMode;
    import com.hurlant.crypto.symmetric.IPad;
    import com.hurlant.crypto.symmetric.ISymmetricKey;
    import com.hurlant.crypto.symmetric.IVMode;
    import com.hurlant.crypto.symmetric.NullPad;
    import com.hurlant.crypto.symmetric.OFBMode;
    import com.hurlant.crypto.symmetric.PKCS5;
    import com.hurlant.crypto.symmetric.SimpleIVMode;
    import com.hurlant.crypto.symmetric.TripleDESKey;
    import com.hurlant.crypto.symmetric.XTeaKey;
    import flash.utils.ByteArray;
    import com.hurlant.crypto.rsa.RSAKey;
    import com.hurlant.util.Base64;

 public class BlowFish
 {
 /**
 * Encrypts a string.
 * @param text  The text string to encrypt.
 * @param key  A cipher key to encrypt the text with.
 */


 /**
 * Decrypts an encrypted string.
 * @param text  The text string to decrypt.
 * @param key  The key used while originally encrypting the text.
 */
  static public function encrypt( s :String, k :String ) :String 
 {

    var key  :ByteArray = Hex.toArray(k);
            var data :ByteArray = Hex.toArray(Hex.fromString(s));

            var pad    :IPad = new NullPad();
            var cipher :ICipher = Crypto.getCipher("blowfish-cbc", key, pad);

            pad.setBlockSize(cipher.getBlockSize());
            cipher.encrypt(data);

            var result :String = Hex.fromArray(data);

            var ivmode :IVMode = cipher as IVMode;
            var iv     :String = Hex.fromArray(ivmode.IV);

            return  Base64.encodeByteArray(Hex.toArray(Hex.fromArray(ivmode.IV) + Hex.fromArray(data)));

 }

 }
}

And I've used the following code to get out the result:

import BlowFish;
var $key:String = "123456";
var $encryption:String = BlowFish.encrypt("stackoverflow", $key);

trace( $encryption );

The problem is that I couldn't match the following outputs together. I don't have any idea about actionscript, so you will obviously find a lot of mistakes in it.

I will be really appreciated about any explanation and solution with an example to figure out how to successfully decrypt the encrypted text in flash using AS3Crypto.

Thank you.

Divisible
  • 182
  • 1
  • 7
  • You should encode all binary data, not just the plain text, but also the key. The key should be a blowfish compatible sized string of octets, not some generic text string of variable length, of which the encoding is not known. – Maarten Bodewes Mar 17 '12 at 14:49
  • You seem to use plain text one time and hexadecimals the other. – Maarten Bodewes Mar 17 '12 at 14:52
  • @owlstead I have no problem so far with the PHP side of the problem, and in that, I just get the output as base64, so how can I get this base64 encoded text to be decoded in flash? – Divisible Mar 17 '12 at 15:00
  • A quick google turned up this: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/mx/utils/Base64Encoder.html ? But I'm more into crypto than into flash... – Maarten Bodewes Mar 17 '12 at 15:03
  • @owlstead I know how to encode/decode base64 in flash, but I just use base64 as a way to protect the real data while transferring. – Divisible Mar 17 '12 at 16:04
  • @wvxvw The "as it is" form contains some characters which may get damaged while transferring, and to make it easier and safe, I encode the output and decode it again. :) – Divisible Mar 22 '12 at 06:43
  • I have the same problem, let me know if you've found a solution (for my part, i'm trying to match IRC blowfish with AS3 blowfish and so far, no success) – Eric Apr 24 '12 at 17:36

1 Answers1

2

hope this is helpful:

public static function encryptString(encString : String = "") : String
{
    var kdata : ByteArray = Hex.toArray(Hex.fromString(k))
    var _method : String  = "simple-blowfish-ecb";
    var pad : IPad        = new NullPad;
    var crypt : ICipher   = Crypto.getCipher(_method, kdata, pad);
    var data : ByteArray  = Hex.toArray(Hex.fromString(encString));
    pad.setBlockSize(crypt.getBlockSize());
    crypt.encrypt(data);
    encString = Base64.encodeByteArray(data);
    return encString;
}
Urash
  • 13
  • 6