I am using this library: https://github.com/bitwiseshiftleft/sjcl
I want to encrypt a string client side, pass it through the URL, and then decrypt it in the backend.
This is the JS:
<script src="https://bitwiseshiftleft.github.io/sjcl/sjcl.js"></script>
<script>
var ciphertext = sjcl.encrypt("password", "Hello World!")
var plaintext = sjcl.decrypt("password", ciphertext)
console.log(ciphertext)
console.log(plaintext)
</script>
Results.
console.log(plaintext):
{"iv":"XA+HFebsM7WiVy0Ko8EEuA==","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"f4BX8a9fUPM=","ct":"a4LesnrsT7C6MmkxZifSw7FsDyI="}
console.log(ciphertext):
Hello World!
As you can see, encryption and decryption work as intended with JS. The problem comes when I try to decrypt it using PHP:
$password = 'password';
$input = json_decode('{"iv":"XA+HFebsM7WiVy0Ko8EEuA==","v":1,"iter":1000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"f4BX8a9fUPM=","ct":"a4LesnrsT7C6MmkxZifSw7FsDyI="}', true);
$digest = hash_pbkdf2('sha256', $password, base64_decode($input['salt']), $input['iter'], 16, true);
$cipher = $input['cipher'] . '-' . $input['ks'] . '-' . $input['mode'];
$ct = substr(base64_decode($input['ct']), 0, - $input['ts'] / 8);
$tag = substr(base64_decode($input['ct']), - $input['ts'] / 8);
$iv = base64_decode($input['iv']);
$adata = $input['adata'];
$dt = openssl_decrypt($ct, $cipher, $digest, OPENSSL_RAW_DATA, $iv, $tag, $adata);
var_dump($dt);
while ($msg = openssl_error_string()) {
echo $msg . "
";
}
Result of var_dump($dt) is false, which is what happens when the openssl_decrypt fails to decrypt the string.
Surely I'm missing something, anyone could help me notice what it is?
