views:

936

answers:

4

I'm trying to do a simple task. Encypt a value in PHP and Decrypt it in my VB.net app. I figure I'd use tripleDES or Rijdael 128 or 256

I though this should be simple. Can anyone point me in the right direction?

Thank you

A: 

For PHP you should look at the mcrypt extension, which should support all of the ciphers you specified

GApple
My php code uses mcrypt. The problem I have is decoding it in VB.net
shaiss
A: 

Disclaimer: I've never actually used the Crytography classes in .NET.

To do Rijndael decryption in .NET, you're probably looking for the System.Security.Cryptography.RijndaelManaged class.

That page also has some examples of how to use it, although you may also need an instance of RSACryptoServiceProvider... I'm not sure.

R. Bemrose
I'm looking into your first posted link. Looks like it could work, just need to figure it out. Thank you.
shaiss
+5  A: 

We have some ciphers working between C# on .NET and PHP. I am not familiar with VB.net. I assume it uses the same crypto library System.Security.Cryptography.

On PHP side, we switched from mcrypt to OpenSSL because some modes and paddings are not supported by mcrypt.

As long as you use same algorithm (DES, AES etc), same mode (CBC, ECB etc), same padding (PKCS1, PKCS5), the cipher should work on both platforms.

Example of encryption using AES-128 on PHP side using mcrypt,

    $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $blockSize = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128);
    $data = $this->paddingAlgorithm->padData($data, $blockSize);
    return $iv . mcrypt_encrypt($this->MCRYPT_DES, $keyBytes, $data, MCRYPT_MODE_CBC, $iv);

Please note that we use PKCS7 padding but mcrypt doesn't support it so we have to write the padding algorithm. We also prepend the IV (Initial Vector) to the cipher text. You might store it somewhere else but you need that to decrypt.

Here is the corresponding C# code to setup the cipher to decrypt,

    // create the underlying symmetric algorithm with the given name
    algorithm = (SymmetricAlgorithm)CryptoConfig.CreateFromName("RIJNDAEL");
    // set cipher mode
    algorithm.Mode = CipherMode.CBC;
    // set padding mode
    algorithm.Padding = PaddingMode.PKCS7;
ZZ Coder
Could you give a bit more detail for the PHP side?What did you do on the C# side?Would you have any code snippets to share?thank you!
shaiss
The code is not in public domain so I can't share. I posted some snippets to show you how the parameters are matched up on both ends. The PHP code is from an older version using mcrypt, which doesn't support PKCS7 padding. So you have to write the padding function if you use mcrypt. It's really simple once you understand the algorithm.
ZZ Coder
Thank you for posing. I'm trying this out now.
shaiss
A: 

I also looked long and hard for solutions to this problem. Here is a complete set of code for both php and vb.net that will do what you are looking for. Should be pretty easy to translate to C# as well.

########################################
# BEGIN PHP CODE
########################################


<?php

ini_set('display_errors', 1);
error_reporting(E_ALL);

// I blantantly stole, tweaked and happily used this code from: 
// Lord of Ports http://www.experts-exchange.com/M_1736399.html


$ky = 'lkirwf897+22#bbtrm8814z5qq=498j5'; // 32 * 8 = 256 bit key
$iv = '741952hheeyy66#cs!9hjv887mxx7@8y'; // 32 * 8 = 256 bit iv

$text = "Here is my data to encrypt!!!";

$from_vb = "QBlgcQ2+v3wd8RLjhtu07ZBd8aQWjPMfTc/73TPzlyA=";   // enter value from vb.net app here to test

$etext = encryptRJ256($ky, $iv, $text);
$dtext = decryptRJ256($ky, $iv, $etext);
$vtext = decryptRJ256($ky, $iv, $from_vb);

echo "<HR>orignal string: $text";
echo "<HR>encrypted in php: $etext";
echo "<HR>decrypted in php: $dtext";
echo "<HR>encrypted in vb: $from_vb";
echo "<HR>from vb decrypted in php: $vtext"; 
echo "<HR>If you like it say thanks! richard dot varno at gmail dot com";


exit;



function decryptRJ256($key,$iv,$string_to_decrypt)
{

    $string_to_decrypt = base64_decode($string_to_decrypt);

    $rtn = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $string_to_decrypt, MCRYPT_MODE_CBC, $iv);

    $rtn = rtrim($rtn, "\0\4");

    return($rtn);

}


function encryptRJ256($key,$iv,$string_to_encrypt)
{

    $rtn = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $string_to_encrypt, MCRYPT_MODE_CBC, $iv);

    $rtn = base64_encode($rtn);

    return($rtn);

}    

?>

########################################
# END PHP CODE
########################################



########################################
# BEGIN VB.NET CODE (console app)
########################################

Imports System
Imports System.Text
Imports System.Security.Cryptography
Imports System.IO

Module Module1

    ' I blantantly stole, tweaked and happily used this code from: 
    ' Lord of Ports http://www.experts-exchange.com/M_1736399.html

    Sub Main()

        'Shared 256 bit Key and IV here
        Dim sKy As String = "lkirwf897+22#bbtrm8814z5qq=498j5"  '32 chr shared ascii string (32 * 8 = 256 bit)
        Dim sIV As String = "741952hheeyy66#cs!9hjv887mxx7@8y"  '32 chr shared ascii string (32 * 8 = 256 bit)

        Dim sTextVal As String = "Here is my data to encrypt!!!"

        Dim eText As String
        Dim dText As String

        eText = EncryptRJ256(sKy, sIV, sTextVal)
        dText = DecryptRJ256(sKy, sIV, eText)

        Console.WriteLine("key: " & sKy)
        Console.WriteLine()
        Console.WriteLine(" iv: " & sIV)
        Console.WriteLine("txt: " & sTextVal)
        Console.WriteLine("encrypted: " & eText)
        Console.WriteLine("decrypted: " & dText)
        Console.WriteLine("If you like it say thanks! richard dot varno at gmail dot com")
        Console.WriteLine("press any key to exit")
        Console.ReadKey(True)

    End Sub

    Public Function DecryptRJ256(ByVal prm_key As String, ByVal prm_iv As String, ByVal prm_text_to_decrypt As String)

        Dim sEncryptedString As String = prm_text_to_decrypt

        Dim myRijndael As New RijndaelManaged
        myRijndael.Padding = PaddingMode.Zeros
        myRijndael.Mode = CipherMode.CBC
        myRijndael.KeySize = 256
        myRijndael.BlockSize = 256

        Dim key() As Byte
        Dim IV() As Byte

        key = System.Text.Encoding.ASCII.GetBytes(prm_key)
        IV = System.Text.Encoding.ASCII.GetBytes(prm_iv)

        Dim decryptor As ICryptoTransform = myRijndael.CreateDecryptor(key, IV)

        Dim sEncrypted As Byte() = Convert.FromBase64String(sEncryptedString)

        Dim fromEncrypt() As Byte = New Byte(sEncrypted.Length) {}

        Dim msDecrypt As New MemoryStream(sEncrypted)
        Dim csDecrypt As New CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)

        csDecrypt.Read(fromEncrypt, 0, fromEncrypt.Length)

        Return (System.Text.Encoding.ASCII.GetString(fromEncrypt))

    End Function


    Public Function EncryptRJ256(ByVal prm_key As String, ByVal prm_iv As String, ByVal prm_text_to_encrypt As String)

        Dim sToEncrypt As String = prm_text_to_encrypt

        Dim myRijndael As New RijndaelManaged
        myRijndael.Padding = PaddingMode.Zeros
        myRijndael.Mode = CipherMode.CBC
        myRijndael.KeySize = 256
        myRijndael.BlockSize = 256

        Dim encrypted() As Byte
        Dim toEncrypt() As Byte
        Dim key() As Byte
        Dim IV() As Byte

        key = System.Text.Encoding.ASCII.GetBytes(prm_key)
        IV = System.Text.Encoding.ASCII.GetBytes(prm_iv)

        Dim encryptor As ICryptoTransform = myRijndael.CreateEncryptor(key, IV)

        Dim msEncrypt As New MemoryStream()
        Dim csEncrypt As New CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write)

        toEncrypt = System.Text.Encoding.ASCII.GetBytes(sToEncrypt)

        csEncrypt.Write(toEncrypt, 0, toEncrypt.Length)
        csEncrypt.FlushFinalBlock()

        encrypted = msEncrypt.ToArray()

        Return (Convert.ToBase64String(encrypted))

    End Function

End Module

########################################
# END VB.NET CODE
########################################
Richard Varno
Wow, thank you, I'll have to test this one out on my next app.Thank you!
shaiss