#1 2018-06-19 18:56:04

patcher
Member
Registered: 2018-06-19
Posts: 3

SynCrypto AES vs PHP openssl_encrypt

Hi! I have a problem with different results of encryption using Syncrypto TAESCBC and PHP openssl_encrypt.
Delphi code:

function Str2Hex(s : string): string;
var i : integer;
begin
  result := '';
  for i := 1 to Length(s) do
    result := result+LowerCase(IntToHex(ord(S[i]), 2));
end;

var cipher : TAESCBC;
     s : string;
     key : THash256;
begin
  key := MyPBKDF2('password', 'salt', 5000, 32); //my function, the result is the same as PHP hash_pbkdf2, rechecked many times
  cipher := TAESCBC.Create(key, 256);
  s := cipher.EncryptPKCS7('test');
  writeln(StringToHex(s));
end.

The result is 4e4404591a4c3a44b5f5f4030541b43541748453

And PHP code:

$key = hash_pbkdf2("sha1", 'password', 'salt', 5000, 32, TRUE);
$s = openssl_encrypt("test", "aes-256-cbc", $key);
echo bin2hex(base64_decode($s));

And it's result is 4ef09a1a4c3afb5f5f8105cbe5c74883

What is my fault? Thanks.
P.S. Sorry for my bad English.

Offline

#2 2018-06-20 07:58:05

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,654
Website

Re: SynCrypto AES vs PHP openssl_encrypt

Are you sure http://php.net/manual/fr/function.openssl-encrypt.php is making PKCS7 padding?
How is the IV defined on both sides?

Also check https://synopse.info/forum/viewtopic.php?id=1587

Online

#3 2018-06-20 19:32:21

patcher
Member
Registered: 2018-06-19
Posts: 3

Re: SynCrypto AES vs PHP openssl_encrypt

ab, thank you so much! Now I have another one question: can I modify the PBKDF2_HMAC_SHA1 procedure to return the key with not default size (20 bytes)? As I can do it in PHP:

$key = hash_pbkdf2("sha1", 'password', 'salt', 5000, 32, TRUE);

32 - the key size in bytes

Offline

#4 2018-06-20 20:49:59

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,654
Website

Re: SynCrypto AES vs PHP openssl_encrypt

Currently, our PBKDF2 version doesn't allow a key size bigger than the hash size itself.
So for 32 bytes key, please use SHA-256 - and anyway it is a safer algorithm than SHA-1.

Online

#5 2018-06-20 21:24:02

patcher
Member
Registered: 2018-06-19
Posts: 3

Re: SynCrypto AES vs PHP openssl_encrypt

I'm sad to read that, `cause this method used by PHP backend and I need to realese it in my application. Currently I have code based on IdHMAC, but it is very slow. Maybe there is some way to release it using SynCrypto? Just help me to make first step if it is possible. Thx.

Offline

Board footer

Powered by FluxBB