in reply to Re^2: Perl encryption not matching PHP encryption
in thread Perl encryption not matching PHP encryption

Version 2.30 of C::CBC pod shows that new() accepts keysize via -keysize-value pair. And, currently only C::Blowfish supports variable keysize via Openssl ...

The -keysize and -blocksize arguments can be used to force the cipher's keysize and/or blocksize. This is only currently useful for the Crypt::Blowfish module, which accepts a variable length keysize. If -keysize is not specified, then Crypt::CBC will use the maximum length Blowfish key size of 56 bytes (448 bits). The Openssl library defaults to 16 byte Blowfish key sizes, so for compatibility with Openssl you may wish to set -keysize=>16. There are currently no Crypt::* modules that have variable block sizes, but an option to change the block size is provided just in case.

Replies are listed 'Best First'.
Re^4: Perl encryption not matching PHP encryption
by johnnytc4 (Novice) on Apr 12, 2011 at 14:15 UTC
    It looks like the encryption is getting closer, but not exact. From my php encrypted string, they always end in %3D. My perl encrytped string is slightly longer and ends in ...%3D%0A. 
    
#!/usr/bin/perl

use Crypt::CBC;
use Crypt::Rijndael;
use Digest::MD5 qw(md5_hex md5_base64);
use MIME::Base64;
use URI::Escape;

sub encrypt{
    my $data = shift;
    $data = &get16($data);
    my $key = "HELLOKEY";
    my $key_size = 16;
    my $key_hash = md5_hex($key);
    $AESKEY = substr($key_hash,0,$key_size);
    print "AESKEY->".$AESKEY."\n";
    my $iv= Crypt::CBC->random_bytes(16);
    my $cipher = Crypt::CBC->new(
                 -key    =>  $AESKEY,
                 -cipher => 'Rijndael',
                 -padding => 'rijndael_compat',
                 -keysize => $keysize,
                 -header => 'none',
                 -iv =>$iv
                 );
    
    $iv = $cipher->get_initialization_vector();  
    my $encrypted = $cipher->encrypt($data);
    print "After encryption:$encrypted\n";
    $encrypted = $iv.$encrypted;
    $encrypted = encode_base64($encrypted);
    print "After base 64 encoding:$encrypted\n\n";    
    
    $encrypted =  uri_escape($encrypted);
    print "After url_encoding: $encrypted\n";
}

&encrypt("test123");

    [download]
    Output: After encryption:ß7ý NÌÚNf"G¼èÈøö After base 64 encoding:W91lGKIvb4dyJhYx96ME2t83/YROzNpOZiJHvOjI+PY= After url_encoding: W91lGKIvb4dyJhYx96ME2t83%2FYROzNpOZiJHvOjI%2BPY%3D%0A
[reply]
[d/l]

      There is typo in -keysize value.

      And, what does get16() do? Rhetorical question that is to point out that you should provide a working code if you expect others to do experiments on your behalf.

      In any case, note that 0x3d & 0x0a are converted by chr to "=" & newline characters. That newline character is coming most likely from &MIME::Base64::encode_base64 ...

      encode_base64($str)
      encode_base64($str, $eol)
      Encode data by calling the encode_base64() function. The first argument is the string to encode. The second argument is the line-ending sequence to use. It is optional and defaults to "\n". The returned encoded string is broken into lines of no more than 76 characters each and it will end with $eol unless it is empty. Pass an empty string as second argument if you do not want the encoded string to be broken into lines.
[reply]
[d/l]
[select]
        A_Monk, Thanks for pointing that out. I was frantically trying diferrent combinations of the code and forgot to paste the running code. I've include get16 sub function and updated the perl code above. I used the "" for the $eol argument and that %0A has dropped off. I think the issue is the IV generation that the two languages generate. However I would like to believe that during the decrypt, the IV would be read and accounted for. But obviously my debugging skills are sub_par. Do you have any other ideas? WHAT each encrypt function generates when i use Ax16 for the IV ...

        PERL QUFBQUFBQUFBQUFBQUFBQcldXcuylXuYG%2BOav3Awis4%3D

        PHP QUFBQUFBQUFBQUFBQUFBQYZ0ZaS%2BWwtqd05V7CeJh%2BE%3D

[reply]

In Section Seekers of Perl Wisdom