Encrypting in PHP (mcrypt), Decrypting in Ruby (OpenSSL::Cipher) -


i'm working on cross language project wrapping ruby/sinatra api in php consumed team. none of information exposed api sensitive, prefer not accessible casual observer guessing url.

    private function generatesliceidtoken($key){     $currentepoch = time();     $ivsize = mcrypt_get_iv_size(mcrypt_rijndael_128, mcrypt_mode_cbc);     $iv = mcrypt_create_iv($ivsize, mcrypt_rand);     $encryptedbytes = mcrypt_encrypt(         mcrypt_rijndael_128,         $key,         $currentepoch.**passcode**,         mcrypt_mode_cbc, $iv     );     $ivandencryptedbytes = $iv . $encryptedbytes;      return urlencode(urlencode(base64_encode($ivandencryptedbytes))); 

the code above encrypts password , time stamp using mcrypt's rijndael implementation , encodes send off ruby api

if identifier.validate_token base64.decode64(uri.unescape( uri.unescape(params[:token]))) 

sinatra grabs , decodes it

def validate_token(token)   cipher = openssl::cipher::aes.new(128, 'cbc')   cipher.decrypt   cipher.key = **key**   cipher.iv = token[0,16]    plain = cipher.update(token[16..-1]) + cipher.final   return plain[10,8] == **passcode** end 

and passes along decrypted

the problem is, decryption fails 'bad decrypt' error

i lead believe mcrypt's rijndael , cipher's aes compatible, assumption incorrect? can 1 helpful.

i lead believe mcrypt's rijndael , cipher's aes compatible, assumption incorrect?

you need tweak data being encoded make aes compatible. data must right padded, character , amount depending of current width:

$encode = $currentepoch.'**passcode**'; $len = strlen($encode); $pad = 16 - ($len % 16); $encode .= str_repeat(chr($pad), $pad); 

also remember have $key 16 characters long. if shorter, ruby throws ciphererror, while php pads key null bytes. if longer, ruby uses first 16 character php pads again, , uses last 16 characters.


Comments

Popular posts from this blog

php - regexp cyrillic filename not matches -

c# - OpenXML hanging while writing elements -

sql - Select Query has unexpected multiple records (MS Access) -