How to Decrypt AES Encryption in JavaScript with PHP Using mcrypt_decrypt()?

Decrypting AES Encryption in JavaScript with PHP Using mcrypt_decrypt()

When encrypting user passwords in JavaScript using CryptoJS and attempting to decrypt them using PHP's mcrypt_decrypt() function, discrepancies can arise. This is primarily because mcrypt_decrypt() only uses the key for encryption/decryption, whereas CryptoJS employs a password to derive both the key and IV. To address this issue, it is necessary to obtain the key and IV in the same manner in PHP.

Key and IV Derivation with evpKDF

The following PHP function, evpKDF, can be used to derive the key and IV from a password and salt:

<code class="php">function evpKDF($password, $salt, $keySize = 8, $ivSize = 4, $iterations = 1, $hashAlgorithm = "md5") {
    // ... (Code omitted for brevity) ...
}</code>

Decryption with Salt and Ciphertext

Once the key and IV have been derived, the encrypted ciphertext can be decrypted using mcrypt_decrypt():

<code class="php">$keyAndIV = evpKDF("Secret Passphrase", hex2bin($saltHex));
$decryptPassword = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $keyAndIV["key"], hex2bin($cipherTextHex), MCRYPT_MODE_CBC, $keyAndIV["iv"]);</code>

Decryption with OpenSSL Formatted Ciphertext

If the encrypted ciphertext was formatted using the proprietary OpenSSL format with "Salted__" prefix, you can use the following function to decrypt it:

<code class="php">function decrypt($ciphertext, $password) {
    // ... (Code omitted for brevity) ...
}</code>

Conclusion

By deriving the key and IV in the same way as CryptoJS and using the appropriate decryption method, you can effectively decrypt encrypted passwords from JavaScript in PHP using mcrypt_decrypt().

The above is the detailed content of How to Decrypt AES Encryption in JavaScript with PHP Using mcrypt_decrypt()?. For more information, please follow other related articles on the PHP Chinese website!