I have an input.DAT file that is encrypted with aes-256-cbd method. I want to decrypt the file using php. When I execute the following command from command line, the file is decrypted successfully.
aes-256-cbc -d -in input.DAT -out output.TXT -K 00478c54c432b3ca9a98d4a750ea874eba07410ae61834cd5aaac7505f1f5ad4 -iv 0
But when I try to use php for decrypting the file using the method
openssl_decrypt($data, AES_256_CBC, $encryption_key, 0, 0);
it gives me this error: openssl_decrypt(): IV passed is only 1 bytes long, cipher expects an IV of precisely 16 bytes, padding with
How can I decrypt the file using php instead of the command line?
Advertisement
Answer
The OpenSSL statement loads the ciphertext from input.DAT. Since neither the -a nor -base64 options are set, the raw binary data is read. The read data is decrypted with AES-256 in CBC mode.
The hex decoding of 00478c54c432b3ca9a98d4a750ea874eba07410ae61834cd5aaac7505f1f5ad4 is used as key and a zero IV (all 16 bytes are 0x00) is applied as IV.
A possible implementation for the decryption with PHP using openssl_decrypt() is:
// Load ciphertext
$file = '<input.DAT path>';
$data = file_get_contents($file);
// Decrypt
$key = hex2bin('00478c54c432b3ca9a98d4a750ea874eba07410ae61834cd5aaac7505f1f5ad4');
$iv = hex2bin('00000000000000000000000000000000');
$decrypted = openssl_decrypt($data, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
print($decrypted . PHP_EOL);
Note that openssl_encrypt() generates a Base64 encoded ciphertext by default and openssl_decrypt() expects a Base64 encoded ciphertext accordingly. Since the ciphertext read here is raw, i.e. not Base64 encoded, the OPENSSL_RAW_DATA flag must be set. Furthermore, both sides use PKCS7 as padding by default.
Keep in mind that a static IV (like a zero IV) is generally insecure.