I'm using php AES openssl encrypt/decrypt methods answered here but sending encrypted data as URL param and decrypting it is not working.
- secret is the same in both php files
- crypto data is the same (AFAIK) in both files
Encryption/decryption example that works:
$crypted = cryptoJsAesEncrypt($secret, "test");
$decrypted = cryptoJsAesDecrypt($secret, $crypted);
var_dump($decrypted); // returns "test"
URL encoding functions used in example below
function base64_url_encode($input) {
return strtr(base64_encode($input), '+/=', '-_,');
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_,', '+/='));
}
php_from.php (url params crypted here):
// params to encrypt
$params = array(
'key' => 'value'
);
// encrypt data
$crypto = cryptoJsAesEncrypt($secret, json_encode($params));
// var_dump($crypto); -> {"ct":"vt5RZUmrZkCk2RCiC4euiM0onSHgXa6rwSJQ33ygeXdJmEN2X8bcUMn\/ldXR8y5K","iv":"eac142cb44f6a585e801a25ae353b45e","s":"176ac0f4a9519361"}
// base64 encode crypto data for sending as URL param
$crypto = base64_url_encode($crypto);
// here is the code for calling php_to.php (using curl) and sending crypto parameter
// url path
$url = "http://path_to_php_to.php";
// apend url with param
$url = $url . "?crypto=" . $crypto;
// open connection
$ch = curl_init();
// set the url, number of POST vars, POST data
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, count($params));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// execute post
$result = (curl_exec($ch));
// close connection
curl_close($ch);
php_to.php (URL params decrypted here):
// get crypted data param
$crypto = isset($_GET['crypto']) ? $_GET['crypto'] : NULL;
// base64 url decode crypto param
$crypto = base64_url_decode($crypto);
// var_dump($crypto); -> {"ct":"vt5RZUmrZkCk2RCiC4euiM0onSHgXa6rwSJQ33ygeXdJmEN2X8bcUMn\/ldXR8y5K","iv":"eac142cb44f6a585e801a25ae353b45e","s":"176ac0f4a9519361"}
// ** dumped crypto param is the same as the one sent **
// decrypt data
$crypto = cryptoJsAesDecrypt($secret, $crypto);
// var_dump($crypto); -> returns null