You are passing a passphrase instead of a key at the client side. So it will do OpenSSL key derivation, probably generating an IV in there as well.
Performing SecretPassphrase".getBytes()
is something that you should never do either. Use hexadecimals if you want your key to be text, and convert it into binary using hexadecimal decoding.