How can I match the output of openssl_encrypt in JavaScript, when no IV is declared in PHP and a non-compliant key length is used?
PHP
php -r '$value = openssl_encrypt("test", "AES-128-CBC", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); echo $value;'
/u+5lB/VwbMX9U1YY4cnCQ==
JavaScript
iv = CryptoJS.enc.Utf8.parse("");
var encrypted = CryptoJS.AES.encrypt("test", "aaaaaaaaaaaaaaaaaaaaaaaaaaaaa", {iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7});
console.log(encrypted.toString());
U2FsdGVkX19Cn1f6x8C/rJdfwzsZk5m5WWCUrR4z3U4=
console.log(CryptoJS.enc.Base64.stringify(encrypted.ciphertext));
l1/DOxmTmblZYJStHjPdTg==
I can only modify the Javascript code and I need a way to encrypt a string so that it can be decrypted by PHP's openssl_decrypt. It works fine obviously if the string it's encrypted from PHP.
I understand that by not declaring a IV renders the code less secure, but in my particular case it's not a big issue.
I've read in other topics that PHP defaults the padding to Pkcs7, which is why I added it to the JS method.
My current theory is that either the default IV of PHP is the issue or the output of the JS function needs to be further processed. As you can see I tried the Base64.stringify method, but the results are still different.
The sample key I'm using here is of the same length of the actual key.
I'm using https://github.com/sytelus/CryptoJS/blob/master/rollups/aes.js (whatever I use in JS, it needs to be easily distributed like a standalone file, with a relatively small footprint)
