PHP (Laravel) decrypt what CryptoJS encrypt

[v-e-y]

Hello Roland (@brainfoolong brainfoolong).
I am a junior developer, I have the task of implementing password verification on Laravel, on a project migrating from Node.

In the old platform, they used CryptoJs like this:

 password: cryptojs.encrypt(JSON.stringify(req.body.password), secretKey).toString();
-----
 let bytes = AES.decrypt(user.password.toString(), aesKey); 
 result = password === JSON.parse(bytes.toString(CryptoJS.enc.Utf8));

In Laravel tried this

$newEncrypter = new \Illuminate\Encryption\Encrypter(config('app.secret_key'), config('app.cipher'));
$decrypted = $newEncrypter->decrypt( $encrypted );

tinker output: Illuminate\Contracts\Encryption\DecryptException  The payload is invalid. 

Also tried this and it return false

public function check($value, $hashedValue, array $options = [])
{
   $hashedBytes = base64_decode($hashedValue);
   $iv = substr($hashedBytes, 0, openssl_cipher_iv_length('aes-256-cbc'));
   $encrypted = substr($hashedBytes, openssl_cipher_iv_length('aes-256-cbc'));
   $decrypted = openssl_decrypt($encrypted, 'aes-256-cbc', $this->key, OPENSSL_RAW_DATA, $iv);

   return $value === $decrypted;
}

Then I found your solution, tried to implement it but it didn't work.
You use salt, vector.
I don't have that.
And judging by the code, past developers did not use it.

I have an encrypted strings (in DB).
One original password and encrypted string (for tests)
And the key (aesKey).

I've been trying to come up with something for the second day, or find something on Google or Stackoverflow, but I can't.
Maybe you will have some ideas

[brainfoolong]

Hi.

This is not a problem with this library. I can't help you. I do not provide code support for applications that i don't have written.

But, to give you some hints nonetheless:

• cryptojs.encrypt is no default part of CryptoJS. First, original cryptojs variable called CryptoJS, not lowercase as in your code example. So it seems your old application have implemented a custom method to encrypt.
• So also "AES" is not default of the global namespace. It's originally inside CryptoJS, like CryptoJS.AES. So another thing that seems to have a custom imlementation in your old project
• You need to check what the old application really do with cryptojs.encrypt. What AES mode is used (aes-256-cbc or other).
• Then use the exact same method in php (as you already have tried with the check function).
• Verify what the out of JS is, then you must extract the correct parts in php
• Usually a AES-256-CBC cipher has 3 parts. encryptedValue, salt and initialization vector. The last 2 are usually generated along with the encrypted text

You will find all this parts and how they work together in my library for PHP and JS.

That's all, i will not provide more support here.

Have a nice day.