Login/Register
DES/ECB/PKCS5Padding decryption in PHP
Asked Answered
phpencryptiondes
F

1

3

I'm in the need of decrypting with PHP (or Javascript) some service calls. I've spent all the day trying to accomplish, this, but I've been unable to decrypt it properly.

As a reference, the service provider sent me the following decryption sample code in Java:

DESKeySpec dks = new DESKeySpec("keyword".getBytes()); 
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey key = keyFactory.generateSecret(dks);

Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
SecureRandom sr = new SecureRandom();  
cipher.init( Cipher.DECRYPT_MODE, key ,sr); 

byte b[] = response.toByteArray();      
byte decryptedData[] = cipher.doFinal( b );

I think I'm in the correct path by using:

$td = mcrypt_module_open(MCRYPT_DES, '', 'ecb', '');
$iv_size = mcrypt_enc_get_iv_size($td);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$key = substr($keyword, 0, mcrypt_enc_get_key_size($td));
mcrypt_generic_init($td, $key, $iv);
$decrypted = mdecrypt_generic($td, $data);
$decrypted = pkcs5_unpad($decrypted);

But, frankly, I'm sure I'm messing everything with the $iv creationg and $keyword setup (or maybe with $data or $decrypted types?). The pkcs5_unpad function is as follows:

function pkcs5_unpad($text)
{
   $pad = ord($text{strlen($text)-1});
   if ($pad > strlen($text)) return false;
   return substr($text, 0, -1 * $pad);
}

I'm not only a noob on php, but also on cryptography techniques... could you please help me to solve this issue?

Fredia answered 17/4, 2012 at 18:51 Comment(4)
Your provider is a moron, no other word for it. The IV (called SR) can never be random for decrypt. Keyword is not a valid secret key. DES should not be used, neither should ECB encoding. getBytes should never be called without specifying the character encoding. And that's just what stung me directly.Bowen
Probably yes, but that Java Sample is supposed to be working (at least he says so). "keyword" is not the actual secret key, but the rest of the code is supposed to be a working java code.Fredia
Hmm, small change, that SR is not used for the IV, but used for any random part of the Cipher (which actually means it is not used at all). So the Java code may work. Not that the IV would make any change within ECB mode, but whatever.Bowen
"Keyword" is unfortunately only 7 characters. Your platform probably uses 1 byte UTF-8 encoding for ASCII characters, so your code won't run anymore. You could pretty easily generate a symmetric "encrypt" method in Java or PHP, test it with the Java decrypt and then procede to test the PHP code. Then you can send us test vectors instead of just code (and you can create unit tests as well).Bowen
B
0

Make sure your key consists of the same bytes (strings may be encoded differently) and feed it a IV filled with zero's. ECB mode does not use an IV (and the PHP manual specifies as much), but if you do give it one default it to all zero's - the IV will be XOR'ed with the first plain text block, so setting it to all zero's will cancel out that operation. Also, make sure that the input cipher data is the same. Ignore the padding in the first instance, you should be able to check if the result is correct before unpadding.

Bowen answered 18/4, 2012 at 0:17 Comment(2)
The actual keyword is 11 characters long. I've tried with your suggestion of all zeros, with no luck. I'm getting a lot of symbols in the service response, so I think I'm probably in the need of fo some conversion previous to decrypt.Fredia
Depends too, what are you expecting as result? You haven't told us, so we cannot tell. That's why I recommended to write an ecrypt method as well... Oh, and 11 bytes are not accepted when creating DES keys, afaik.Bowen

© 2022 - 2024 — McMap. All rights reserved.