-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Compatibility with PHP5.6's openssl AES #194
Comments
I got the same issue way back version 2.1.0. I found solution and add another security on top of it with the folowing. P.S: without any loss of speed.
All the encryption done in dart aqueduct server. Dart aqueduct and php run seperate server internaly. Used nginx as proxy and config server. I have 2 nginx. First one is in dmz and second one behind dmz. |
Thanks for the suggestion. Unfortunately changing the entire server architecture is not a solution for me. |
Here's what I am doing: If I try to encrypt from Flutter and decrypt from PHP: (Flutter)
This sends (PHP)
Which returns Still same IV and same key on both ends. Here's what happens if I try to encrypt from php and decrypt from flutter: (PHP)
Which returns (Flutter)
Which errors out with this:
@leocavalcante Could you show me how to encrypt "Ping" in flutter and decrypt it correctly on the php side? |
@TaiTair |
Thanks a lot Leo. #87 (comment) seems to work in my environment. I'm going to use what you sent me and make it work. Thanks again. |
Phew, I finally figured it out by breaking your code. |
@TaiTair Did you try setting |
@TaiTair "Does the Encrypt module use AES-128 or AES-256?" Did you get an answer for this? Also, what is the default iteration count? |
Ok, I see it uses 100 iteration count. I still don't see whether it uses s 128 or 256 bit key. Any idea? |
Sorry for the late reply. It's 256 bits. |
Hi,
I am currently trying to develop an API for a flutter-based mobile app.
I've been having some really strange issues that make me think this module does not use the same algorithms as PHP.
For example:
If I encrypt the word "Ping" from flutter with my secret key and my IV set to 16 0 bytes then I get: "kU1IVV86Aw7Iuub8KuxmYw=="
If I encrypt the same word from PHP5.6 with the same secret key and same IV then I get: "QdKmZQ=="
Note: I encode the encrypted result in base64.
Here's where it gets really, really strange though:
If I encrypt the word "Ping" from flutter and send it to my API, then decrypt it in PHP and log the decrypted result I get a bad string that seems to be some kind of encoding error or an empty string. But then if I re-encrypt the decrypted message with PHP's functions and send it back it is a perfect copy of the original string: "kU1IVV86Aw7Iuub8KuxmYw=="
What in the world is going on? If I encrypt it straight from PHP I get a different encrypted message but if I send it from flutter, decrypt it in PHP then re-encrypt it in PHP i get the exact same message?
If I try to encrypt straight from PHP, flutter never manages to decrypt. What am I missing? It shouldn't ever manage to decrypt if the algorithms are different, right?
I'm thinking the problem might be linked to block-size. Does the Encrypt module use AES-128 or AES-256?
Any insight would be appreciated. I can run some tests if need be.
Note: I tried with several different methods, ofb, cbc, ctr. I always get the same result. PHP's encryption seems to be different from Encrypt's encryption.
The text was updated successfully, but these errors were encountered: