I mostly work with PHP, but I'm sending data to an api that's using C# for encryption, so I'm trying to encrypt a password in PHP, using the same method used in the following C# code:
System.Security.Cryptography.TripleDESCryptoServiceProvider DES = new System.Security.Cryptography.TripleDESCryptoServiceProvider();
System.Security.Cryptography.MD5CryptoServiceProvider hashMD5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
DES.Key = hashMD5.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(Key));
DES.Mode = System.Security.Cryptography.CipherMode.ECB;
System.Security.Cryptography.ICryptoTransform DESEncrypt = DES.CreateEncryptor();
Buffer = System.Text.ASCIIEncoding.ASCII.GetBytes(Plaintext);
string TripleDES = Convert.ToBase64String(DESEncrypt.TransformFinalBlock(Buffer, 0, Buffer.Length));
return TripleDES;
This is what I have so far in PHP:
function encryptData($key, $plainText)
{
$byte = mb_convert_encoding($key, 'ASCII');
$desKey = md5(utf8_encode($byte), true);
$data = mb_convert_encoding($plainText, 'ASCII');
// add PKCS#7 padding
$blocksize = mcrypt_get_block_size('tripledes', 'ecb');
$paddingSize = $blocksize - (strlen($data) % $blocksize);
$data .= str_repeat(chr($paddingSize), $paddingSize);
// encrypt password
$encData = mcrypt_encrypt('tripledes', $desKey, $data, 'ecb');
echo base64_encode($encData);
}
I know I needed to add the true argument for the md5 function, and I know I needed to add the PKCS7 padding.
I haven't had a chance to check it against the C# code, because I'm still installing visual studio on my computer. Is there anything I'm missing? Do I need to add an IV?
EDIT: I tested the C# code, and saw that it was not giving same result. I fixed some things, and now have the DES.Key and Buffer variables from C# in PHP, giving the correct results.
EDIT again: It's fixed. All I had to do was append the first 8 characters to the end of the hashed key.
$desKey .= substr($desKey,0,8);
