Skip to content
Advertisement

How can JAVA decrypt data which was base64 encoded and RIJNDAEL_256 encryped by PHP?

I need to migrate data from a PHP to a JAVA application.

The data has been encrypted using this PHP function:

function encrypt($text, $encryptionKey) {
  return utf8_encode(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $encryptionKey, $text, MCRYPT_MODE_CBC, "")));
}

… and it can be decrypted successfully using this function:

function decrypt($text, $encryptionKey) {
  return utf8_decode(rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $encryptionKey, base64_decode($text), MCRYPT_MODE_CBC, "")));
}

It is stored in MySql-InnoDB with collation=latin1_swedish_ci in a table with charset=utf8 in a VARCHAR(255) column.


In JAVA the data is retrieved through a JPA-repository using Hibernate and then presented to this method based on Rijndael 256 encryption with Java & Bouncy Castle :

protected String decryptRijndael256_(String encryptedBase64Text) {
  byte[] encryptedBytes = Base64.getDecoder().decode(encryptedBase64Text.getBytes(StandardCharsets.UTF_8));
  byte[] key = encryptionKey.getBytes(StandardCharsets.UTF_8);

  RijndaelEngine rijndaelEngine = new RijndaelEngine(256);
  KeyParameter keyParam = new KeyParameter(key);
  rijndaelEngine.init(false, keyParam);
  PaddedBufferedBlockCipher bufferedBlock = new PaddedBufferedBlockCipher(rijndaelEngine, new ZeroBytePadding());

  byte[] decryptedBytes = new byte[bufferedBlock.getOutputSize(encryptedBytes.length)];
  int processed = bufferedBlock.processBytes(encryptedBytes, 0, encryptedBytes.length, decryptedBytes, 0);
  processed += bufferedBlock.doFinal(decryptedBytes, processed);
  decryptedBytes = Arrays.copyOfRange(decryptedBytes, 0, processed);

  return new String(decryptedBytes, StandardCharsets.UTF_8);
}

While this works in most cases where the encrypted text looks like this:

5VTv/x2f41Aj2iES7B9lRUi8Q9gH3MYnSR3xc4X1di4= => account.name@gmail.com

… it fails if the text is long and looks like this:

p77KGdWlexQXLGPZzkAqk2OK6oC9r7TDfMfaDhofu0et7RaPcA0hUCq0mBnY4oakjZpIrBeMadwhYonVKwJlGw== => very.long.account.name@gmail.c���ե{.c��@*�c�ꀽ���|���G


So it is mostly decoded correctly, but the last block seems to be the problem. I suspect the problem lies either with character encoding or with the MCRYPT_MODE_CBC and its IV (…).

I have not found any way to add the mode and IV to the java implementation.

As for the Base64 encryption. I tried about any possible method from java.util.Base64, org.apache.commons.codec.binary.Base64 and org.bouncycastle.util.encoders.Base64.

The result is either as above or:

org.bouncycastle.crypto.DataLengthException: last block incomplete in decryption
    at org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher.doFinal(Unknown Source)

My guess is that the problem has to do with how PHP does the padding.


Question:

What is so different between how PHP and JAVA handle this decryption? How can I decode all values correctly?


(PHP: 5.6.40, JAVA: 11.0.7_10 Amazon Corretto)

Advertisement

Answer

The problem is caused by using the ECB mode instead of the CBC mode in the posted code. To apply the CBC mode replace:

RijndaelEngine rijndaelEngine = new RijndaelEngine(256);
KeyParameter keyParam = new KeyParameter(key);
rijndaelEngine.init(false, keyParam);
PaddedBufferedBlockCipher bufferedBlock = new PaddedBufferedBlockCipher(rijndaelEngine, new ZeroBytePadding());

with:

byte[] iv = new byte[32]; // 0-IV, analogous to PHP code
PaddedBufferedBlockCipher bufferedBlock = new PaddedBufferedBlockCipher(new CBCBlockCipher(new RijndaelEngine(256)), new ZeroBytePadding());
CipherParameters keyAndIV = new ParametersWithIV(new KeyParameter(key), iv);
bufferedBlock.init(false, keyAndIV);

with key from the posted code. iv is a byte[] containing the IV, whose size corresponds to the blocksize (32 bytes). Analogous to the PHP code, a 0-IV has to be used (to decrypt the data encrypted with the PHP code). Note, however, that for security reasons a key/IV pair may only be used once. Therefore, if the key is fixed, it’s best to use an IV, which is randomly generated for each encryption.

Furthermore, the code:

decryptedBytes = Arrays.copyOfRange(decryptedBytes, 0, processed);
return new String(decryptedBytes, StandardCharsets.UTF_8);

can be simplified to:

return new String(decryptedBytes, 0, processed, StandardCharsets.UTF_8);
User contributions licensed under: CC BY-SA
4 People found this is helpful
Advertisement