aes 256 encryption on PHP and decryption with ios pannding

Question

I'm trying to encrypt strings on my server and send it to my iPhone.

When I'm encrypting on my iphone and send it to decryption on my server, every thing is OK.

But when I'm trying to encrypt on my server (php page) I can't decrypt it on my iPhone.

e.g.: When I encrypt "True" on my PHP, I am getting:

ca 82 66 c8 be 5a a9 fb d8 7f 25 b6 1e f0 fb 68 54 72 75 65 0 0 0 0 0 0 0 0 0 0 0 0

then I'm doing some - base64

yoJmyL5aqfvYfyW2HvD7aA== when im sending it to my iphone i cant decrypt it right ..

But when I'm trying to encrypt "True" on my Iphone I'm getting:

ca 82 66 c8 be 5a a9 fb d8 7f 25 b6 1e f0 fb 68 54 72 75 65 c c c c c c c c c c c c

base64-

fwqkKsopev3Xmu4BF4OE5Q==

Can someone guide me towards a solution?

Answer 1

The difference is is the padding. The PHP solution does not perform a standardized padding mechanism. Instead it uses zero-padding, which can lead to trouble if the plain text ends with a string of 00h valued bytes as they will be removed from the plain text by the unpadding mechanism (or any trim or right_trim method for that matter).

You should pad the plain text before encryption in PHP, just like CCCrypt does. CCCrypt uses a good standardized padding mode called PKCS#7 padding. This mode always pad 1 to 16 (blocksize) bytes. The value of the bytes are identical to the number of padding bytes. In your example it is 0Ch in hexadecimals, or 12 padding bytes.

Check out this link to StackOverflow on how to pad/unpad in PHP. Padding/unpadding is always performed on the raw plain text, never on the ciphertext.

Note that your ciphertext is probably pre-fixed with the IV value. These first 16 bytes should not be decrypted. They should be used as IV and skipped by the decrypt functions. Normally a new IV value should be created for each encryption. Otherwise you would be able to see if the (start of the) plaintext is identical to an earlier one. The random IV changes the entire ciphertext for each encryption.