TechQA.

Encrypt in Javascript with SJCL and decrypt in PHP

3.7k views Asked by At

I want to encrypt some data in Javascript and after sending it the php server it could be decrypted.

I'm planig to use JS encryption library as SJCL : http://crypto.stanford.edu/sjcl/ . Up to now I can encrypt my data in JS and send it via ajax post. my JS code lool like this.

sjcl.encrypt('a_key','secured_message');

My question is how do I decrypt my data in php. If it is possible show me how to do it with an example code. (note: SSL is not a option for me, and now I'm planning to use the KEY as generated random number per each request)

Thanks

php javascript cryptography sjcl
Original Q&A
2

There are 2 answers

1
robocoder On

PHP 7.1.0 finally adds openssl support for iv and aad parameters BUT it incorrectly enforces a 12 byte iv length.

In your example, we encrypt as follows:

var sjcl = require('./sjcl');
console.log(sjcl.encrypt('a_key', 'secured_message', { mode: 'ccm', iv: sjcl.random.randomWords(3, 0) }));

To get:

{"iv":"YAKkgmNCcVawQtiB","v":1,"iter":10000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"CwEDE4PXBzY=","ct":"pJ7nmnAGXiC9AD29OADlpFdFl0d/MxQ="}

So, given:

$password = 'a_key';
$input = json_decode('{"iv":"YAKkgmNCcVawQtiB","v":1,"iter":10000,"ks":128,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"CwEDE4PXBzY=","ct":"pJ7nmnAGXiC9AD29OADlpFdFl0d/MxQ="}', true);

We can decrypt in PHP 7.1.0 as follows:

$digest   = hash_pbkdf2('sha256', $password, base64_decode($input['salt']), $input['iter'], 0, true);
$cipher   = $input['cipher'] . '-' . $input['ks'] . '-' . $input['mode'];
$ct       = substr(base64_decode($input['ct']), 0, - $input['ts'] / 8);
$tag      = substr(base64_decode($input['ct']), - $input['ts'] / 8);
$iv       = base64_decode($input['iv']);
$adata    = $input['adata'];

$dt = openssl_decrypt($ct, $cipher, $digest, OPENSSL_RAW_DATA, $iv, $tag, $adata);
var_dump($dt);
0
Miloš Đakonović On

While this does not answers your question entirely, I have to:

  1. suggest using crypto-js as most standard complaint JS encryption, hashing and KDF library (that means that provided methods is compatibile with PHP equivalents )
  2. suggest that you read at least first lines of this article where you will learn why all gain from utilizing Javascript cryptography is false sense of security

Related Questions in PHP

Related Questions in JAVASCRIPT

Related Questions in CRYPTOGRAPHY

Related Questions in SJCL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions