in reply to Perl encryption not matching PHP encryption

Crypt::Rijndael mentions that it works with a key size of 32 bytes, and you use 16 as the $key_size in PHP. Suspicious.
Perl 6 - second systems done right
  • Comment on Re: Perl encryption not matching PHP encryption

Replies are listed 'Best First'.
Re^2: Perl encryption not matching PHP encryption
by johnnytc4 (Novice) on Apr 08, 2011 at 18:19 UTC
    It looks like Crypt::Rijndeal supports 16byte keys but there is no way to communicate that to Crypt::CBC.
[reply]

      Version 2.30 of C::CBC pod shows that new() accepts keysize via -keysize-value pair. And, currently only C::Blowfish supports variable keysize via Openssl ...

      The -keysize and -blocksize arguments can be used to force the cipher's keysize and/or blocksize. This is only currently useful for the Crypt::Blowfish module, which accepts a variable length keysize. If -keysize is not specified, then Crypt::CBC will use the maximum length Blowfish key size of 56 bytes (448 bits). The Openssl library defaults to 16 byte Blowfish key sizes, so for compatibility with Openssl you may wish to set -keysize=>16. There are currently no Crypt::* modules that have variable block sizes, but an option to change the block size is provided just in case.
[reply]
[d/l]
[select]
        It looks like the encryption is getting closer, but not exact. From my php encrypted string, they always end in %3D. My perl encrytped string is slightly longer and ends in ...%3D%0A. 
        
#!/usr/bin/perl

use Crypt::CBC;
use Crypt::Rijndael;
use Digest::MD5 qw(md5_hex md5_base64);
use MIME::Base64;
use URI::Escape;

sub encrypt{
    my $data = shift;
    $data = &get16($data);
    my $key = "HELLOKEY";
    my $key_size = 16;
    my $key_hash = md5_hex($key);
    $AESKEY = substr($key_hash,0,$key_size);
    print "AESKEY->".$AESKEY."\n";
    my $iv= Crypt::CBC->random_bytes(16);
    my $cipher = Crypt::CBC->new(
                 -key    =>  $AESKEY,
                 -cipher => 'Rijndael',
                 -padding => 'rijndael_compat',
                 -keysize => $keysize,
                 -header => 'none',
                 -iv =>$iv
                 );
    
    $iv = $cipher->get_initialization_vector();  
    my $encrypted = $cipher->encrypt($data);
    print "After encryption:$encrypted\n";
    $encrypted = $iv.$encrypted;
    $encrypted = encode_base64($encrypted);
    print "After base 64 encoding:$encrypted\n\n";    
    
    $encrypted =  uri_escape($encrypted);
    print "After url_encoding: $encrypted\n";
}

&encrypt("test123");

        [download]
        Output: After encryption:ß7ý NÌÚNf"G¼èÈøö After base 64 encoding:W91lGKIvb4dyJhYx96ME2t83/YROzNpOZiJHvOjI+PY= After url_encoding: W91lGKIvb4dyJhYx96ME2t83%2FYROzNpOZiJHvOjI%2BPY%3D%0A
[reply]
[d/l]

In Section Seekers of Perl Wisdom