I am trying to Use the Padding Mode: Zeros in AES-256-ECB encryption
but when i use OPENSSL_ZERO_PADDING it does not return anything.
this is the code :
$plaintext = "The quick brown fox jumps over the lazy dog"; $key = 'd61d2cd58d01b234e1800938erf8467k'; $chiperRaw = openssl_encrypt($plaintext, $cipher, $key, OPENSSL_ZERO_PADDING); $ciphertext = trim(base64_encode($chiperRaw)); echo($ciphertext);
But when i use OPENSSL_RAW_DATA instead of OPENSSL_ZERO_PADDING it returns the encrypted string
Why isnt the OPENSSL_ZERO_PADDING working ? how can i fix this ?
Advertisement
Answer
What do you know, I’m Sam too!
It looks like OPENSSL_NO_PADDING won’t work if the input data is not a multiple of the blocksize. You can fix this by padding the plaintext yourself:
$cipher = 'AES-256-ECB';
$key = 'd61d2cd58d01b234e1800938erf8467k';
$plaintext = "The quick brown fox jumps over the lazy dog";
if (strlen($plaintext) % 8) {
$plaintext = str_pad($plaintext, strlen($plaintext) + 8 - strlen($plaintext) % 8, "");
}
$chiperRaw = openssl_encrypt($plaintext, $cipher, $key, OPENSSL_NO_PADDING);
$ciphertext = trim(base64_encode($chiperRaw));
echo($ciphertext);
This will get your what you’re looking for, but I think the best option for you (if you’re not absolutely required to pad the string), is to use the 5th parameter of openssl_encrypt and pass an IV like the following (note the switch back to OPENSSL_RAW_DATA):
$cipher = 'AES-256-ECB'; $key = 'd61d2cd58d01b234e1800938erf8467k'; $iv_size = openssl_cipher_iv_length( $cipher ); $iv = openssl_random_pseudo_bytes( $iv_size ); $plaintext = "The quick brown fox jumps over the lazy dog"; $chiperRaw = openssl_encrypt($plaintext, $cipher, $key, OPENSSL_RAW_DATA, $iv); $ciphertext = trim(base64_encode($chiperRaw)); echo($ciphertext);
There’s great summary of why you should use an iv here: What is an openssl iv, and why do I need a key and an iv?