Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    Regular Coder hinch's Avatar
    Join Date
    Sep 2005
    Location
    UK
    Posts
    923
    Thanks
    25
    Thanked 80 Times in 80 Posts

    Angry mcrypt, 3des, 32 byte keys and oh dear god my brain

    I'm trying (in vein at the moment) to convert a c# encryption function to php!

    Its a simple 3DES setup to encrypt a string that is passed along a query string to a c# application.

    Now the c# code is as follows

    PHP Code:
    public string SSOCFEncrypt(string inputValue)
    {
        
    string sKey "g4h5cjdf57hjjdpjo41xd6awe7qwxvxz";

        
    //re-seed the key with todays date
        
    string strToday DateTime.UtcNow.DayOfYear.ToString();

        if (
    strToday.Length 0)
            
    sKey strToday sKey.Substring(strToday.Length);

        
    //Set the Encryption Key
        
    TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();
        
    des.Key Convert.FromBase64String(sKey);
        
    /*the mode is the block cipher mode which is basically the
        details of how the encryption will work. Here we use Electronic Codebook cipher
        which means that a given bit of text is always encrypted
        exactly the same when the same password is used.*/
        
    des.Mode CipherMode.ECB;

        
    ICryptoTransform desdencrypt des.CreateEncryptor();
        
    /* the mode is the block cipher mode which is basically the
        details of how the encryption will work. Here we use Electronic Codebook cipher
        which means that a given bit of text is always encrypted
        exactly the same when the same password is used.*/

        
    Byte[] buff ASCIIEncoding.ASCII.GetBytes(inputValue);
        
    /* encrypt the byte buffer representation of the original string
        and base64 encode the encrypted string. the reason the encrypted
        bytes are being base64 encoded as a string is the encryption will
        have created some weird characters in there. Base64 encoding
        provides a platform independent view of the encrypted string
        and can be sent as a plain text string to wherever.*/

        
    return Convert.ToBase64String(desdencrypt.TransformFinalBlock(buff0buff.Length));

    pretty straight forward!

    now my attempt in php to replicate its encryption routines allowing php to use this web service not just c# and cf

    PHP Code:
    function desencrypt($input) {
                
    //pad out input 
                // get the amount of bytes to pad
                
    $extra - (strlen($input) % 8);
                
    // add the zero padding
                
    if($extra 0) {
                    for(
    $i 0$i $extra$i++) {
                        
    $input .= "\0";
                    }
                }

                
                
    $ssokey =  'g4h5cjdf57hjjdpjo41xd6awe7qwxvxz';
                
    $todaysdate date("z")+1;
                if (
    strlen($todaysdate)>0) {
                    
    $newkey $todaysdate.substr($ssokey,strlen($todaysdate),strlen($ssokey));
                }
                
    $key base64_decode($newkey);
                
                
    $td mcrypt_module_open(MCRYPT_3DES''MCRYPT_MODE_ECB'');
                
    $iv mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
                
    //$ks = mcrypt_enc_get_key_size($td);
                //$key = substr($newkey, 0, $ks);
                 /* Intialize encryption */
                
    mcrypt_generic_init($td$key$iv);
                
    /* Encrypt data */
                
    $encrypted mcrypt_generic($td$input);
                
    //echo mcrypt_get_key_size('tripledes', 'ecb');        
                /* Terminate encryption handler */
                
    mcrypt_generic_deinit($td);        
                
    /* close module */
                
    mcrypt_module_close($td);
                
                
                
    /* Show string */
                
    echo "<textarea>".base64_encode($encrypted)."</textarea>";
                return 
    base64_encode(trim($encrypted));

           } 
    however best will in the world its simply wrong

    for example the word cyclone encrypted with c# is BENLMFQ1kcE= but in php its coming out as F15/e+305FE= to confuse matters even more check this out

    C#
    k3beJouw6thohkA3+8Z9dGvLVdLmuc6Yvr2ApcT1rgU=
    PHP
    k3beJouw6thohkA3+8Z9dGvLVdLmuc6YhG4ti8GTeY8=

    string encrypted
    dave@angel-computers.co.uk

    encrypted string is identical apart from last 10 or so chars! so very random!

    I'm fairly sure that its to do with php not supporting 32 byte keys for mcrypt so it shortens the used key down BUT I have no way of testing this as obviously the base 64 decrypted key is a binary string ie: no display on the monitor magic.

    I've knocked up a small c# encryption app for anyone brave enough to attempt this to check your php vs c# results www.angel-computers.co.uk/davestester.rar simply run setup.exe and it should appear in your start menu as daves SSO Tester, uninstall via admin panel (full c# code available on request if you wanna check its not a dodgy program)

    This is now officially driving me insane I can't find a reason for it apart from the potential key length but still i'm not 100% sure that is the cause!
    A programmer is just a tool which converts caffeine into code

    My work: http://www.fcsoftware.co.uk && http://www.firstcontactcrm.com
    My hobby: http://www.angel-computers.co.uk
    My life: http://www.furious-angels.com

  • #2
    Regular Coder
    Join Date
    Sep 2010
    Location
    Virginia
    Posts
    112
    Thanks
    11
    Thanked 7 Times in 7 Posts
    google

    Sorry, I just love using lmgtfy =D

  • #3
    Regular Coder hinch's Avatar
    Join Date
    Sep 2005
    Location
    UK
    Posts
    923
    Thanks
    25
    Thanked 80 Times in 80 Posts
    apart from google is useless for this
    I've already been through about 40 different google search terms to try and work out the issue. Actually found alot of threads with people having same issue as me but none of them have had answers in them
    A programmer is just a tool which converts caffeine into code

    My work: http://www.fcsoftware.co.uk && http://www.firstcontactcrm.com
    My hobby: http://www.angel-computers.co.uk
    My life: http://www.furious-angels.com

  • #4
    Regular Coder slappyjaw's Avatar
    Join Date
    Mar 2009
    Location
    Wonderland!
    Posts
    146
    Thanks
    14
    Thanked 3 Times in 3 Posts
    This is probably a stupid question and i dont know c# that well but is the time and date the same in both? Because for today the php will give out 315 plus 1 like in your script.

  • #5
    Regular Coder hinch's Avatar
    Join Date
    Sep 2005
    Location
    UK
    Posts
    923
    Thanks
    25
    Thanked 80 Times in 80 Posts
    Quote Originally Posted by slappyjaw View Post
    This is probably a stupid question and i dont know c# that well but is the time and date the same in both? Because for today the php will give out 315 plus 1 like in your script.

    slightly different php counts from zero c# from 1 thats why i've got the+1 on the php

    on the upside I've got this 99% working now.

    it works for some users but not for others.

    for example

    dave@angel-computers.co.uk encrypts fine

    stephendenny@sky.com encrypts wrong
    pb/OfKGXTX1ZqDR1QP6dlqdJB9pHAno= <===php
    pb/OfKGXTX1ZqDR1QP6dlqdJB9pHAnoK <===c#

    last character is wrong I assumed it was down to a space at the end but i've trimmed like the devil and can't work it out
    A programmer is just a tool which converts caffeine into code

    My work: http://www.fcsoftware.co.uk && http://www.firstcontactcrm.com
    My hobby: http://www.angel-computers.co.uk
    My life: http://www.furious-angels.com

  • #6
    New to the CF scene
    Join Date
    May 2011
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I've got a similar issue - a string encoded with TripleDES on an ASP server, I'm trying to decode it in php, but the supplied key is a 16character string, that for some reason they've told me has to be hex encoded before use first - making it a 32 character string - too long for TripleDES!

    Did you find a full solution to this problem?

  • #7
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,642
    Thanks
    2
    Thanked 405 Times in 397 Posts
    Hinch posted a followup thread here with some code that might help.

  • #8
    New to the CF scene
    Join Date
    May 2011
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Inigoesdr View Post
    Hinch posted a followup thread here with some code that might help.
    Thanks - unfortunately it doesn't really help, I have no control whatsoever over the encrypting process, I'm dealing with a pre-encrypted string that I am trying to decrypt.

  • #9
    New to the CF scene
    Join Date
    Aug 2011
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Unhappy

    I'm having a similar issue as well, again going between C# and PHP5. I even have the freedom to modify both server and client code, to no avail. I am starting to feel like the two are simply not compatible.

    To test my theory, I built a test application. I have a routine that randomly generates keys and another one that generates 240,000 unique pieces of sample data patterned after my data - email addresses and DateTime strings. I send the encoded data and the key to the server for decoding and then compare the decoded result to the data. The server also mirrors the encoded data back to me so I can compare it to what was sent to make sure that the data didn't get corrupted somewhere - which it never has.

    RESULT: Abject failure. I have tried different key lengths (8 bit, 16 bit, 24 bit) all to no avail. I have tried CBC, ECB ciphers, PKCS7 and Zero padding as well as numerous other little tweaks I've googled and nothing works. I can get both .NET and mcrypt to decode their own encrypted data with 100% success, but when trying to decode each others, both fail anywhere from a tantalizingly low 1% of the time to an alarming 50% of the time, depending on the key.

    Unless someone can show me that I'm wrong - and by all means I hope someone can - I am ready to declare mcrypt and .NET incompatible and wash my hands of the endeavor to use them together.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •