There is a node.js code snippet, you need to implement it in php (AES-256-CTR encryption). How?

Z

zaartix2016-05-10 22:34:21

PHP

zaartix, 2016-05-10 22:34:21

task: to correctly generate a signature for an external api, as an example of generating a valid signature, there is this code on the node:

var encrypt = function(text, password)  {
  var cipher = crypto.createCipher('aes-256-ctr', password)
  var crypted = cipher.update(text,'utf8','hex')
  crypted += cipher.final('hex')
  return crypted
}

In PHP, you need to repeat the same thing, i.e. achieve the same result for the same input parameters. Tried like this:

$sign = bin2hex(openssl_encrypt($text, 'AES-256-CTR', $password,1,str_repeat('\0',8)));

It doesn’t work, the fact is that openssl_encrypt uses an initialization vector (last parameter), and createCipher is used on the node (it does not use it).
From the crypto.createCipher(algorithm, password):
The implementation of crypto.createCipher() derives keys using the OpenSSL function EVP_BytesToKey with the digest algorithm set to MD5, one iteration, and no salt.
From the source of the node:
https://github.com/nodejs/node-convergence-archive...
point of interest:
password is used to derive key and IV
but how exactly the IV is made from the password and the key is not very clear.
Plz tell me where to dig?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

Z

zaartix, 2016-05-11
@zaartix

Working but not native solution:

exec('openssl enc -aes-256-ctr -a -in string.txt -k your_password -nosalt -out openssl_out.txt');
echo bin2hex(base64_decode(file_get_contents('ssl_out.txt')));

E

Eugene, 2016-05-11
@Nc_Soft

https://gist.github.com/rojan/9545706