[Solved] encrypt in Livecode - decrypt with PHP ?

[Zax]

Hello,

I've encrypted some strings in a LiveCode application with:

Code: Select all

encrypt myString using "blowfish" with password myKey

Encryted strings are stored in a XML file, and now I try to decrypt these strings with PHP, using:

Code: Select all

mcrypt_decrypt(MCRYPT_BLOWFISH, $myKey, $myCryptedString, MCRYPT_MODE_ECB, '0');

And it doesn't work
I tried different MCRYPT_MODE, MCRYPT_MODE_ECB seems the best.
I also put '0' as IV, but without knowing why.

PHP mcrypt-decrypt documentation:
http://php.net/manual/fr/function.mcrypt-decrypt.php


Thanks for your help.

[FourthWorld]

How are you passing the data from LC to PHP? More specifically, how do you convert the binary data returned from LC's encrypt command into a form suitable for inclusion in an XML file?

[Zax]

The encrypted strings are base64Encoded and stored in a XML text file with LiveCode.

With PHP, I read this XML file (with simplexml_load_file PHP class), then I use base64_decode. At this point, key and cryptedString in PHP and LiveCode are equals.
My problem is with PHP mcrypt_decrypt: it returns me garbage instead of decrypted string.

[FourthWorld]

Just to rule this part out, have you been able to determine that the output from PHP reversing the base64 encoding is the same as what went in within LC?

[Zax]

You're right and I made some tests: base64 encoding and decoding are the same in LiveCode and PHP.

An example of the problem I encounter:

Code: Select all

on mouseUp
   put "testing encryption" into theString
   put "banana" into theKey
   
   put myCrypt(theKey,theString) into cryptedString
   
   put cryptedString // returns: "U2FsdGVkX1+iykvqj69YVLreBFyoS99plklLbDC2EiSbxZpJ6fZ/2wVYjof/0VNC"
end mouseUp

function myCrypt theKey,theString
   encrypt base64Encode(theString) using "blowfish" with password theKey -- default 128 bits
   return base64Encode(it)
end myCrypt

For testing purpose, I copy "U2FsdGVkX1+iykvqj69YVLreBFyoS99plklLbDC2EiSbxZpJ6fZ/2wVYjof/0VNC" (without quotes, of course), and paste it into the following PHP script, to be sure that XML text file part has nothing to do with my problem:

Code: Select all

$theKey = "banana";
$theString = "U2FsdGVkX1+iykvqj69YVLreBFyoS99plklLbDC2EiSbxZpJ6fZ/2wVYjof/0VNC";

echo myDeCrypt($theKey,$theString); // returns: "�}*�� �b "

function myDeCrypt($theKey,$theString) {
	$it = base64_decode($theString,false);
	$it = mcrypt_decrypt(MCRYPT_BLOWFISH,$theKey,$it,MCRYPT_MODE_ECB,'0');
	return base64_decode($it,false);
}

I perform a double base64 encoding in order to prevent some "strange" characters thta could cause XML strange behaviour. I tested the scripts with only one base64 encoding but th problem is the same.
I'm using LiveCode Community Edition 7.0.0

[MaxV]

Please note that livecode add "Salted__" to the crypted string, do you remove it?

[capellan]

Another useful comparison test is create, store and display
a md5 or sha1 digest of every step while doing the encryption
within both environments: LiveCode and PHP

[Zax]

I tried removing "Salted__" but it doesn't seem better.

I looked at this post : http://forums.livecode.com/viewtopic.php?f=11&t=22200. It's not with blowfish encryption and it seems to work but I don't understand how to define IV parameter when having variable key.

[Zax]

Well, I finally found how to use this damned IV parameter and I will use the solution described here:
http://forums.livecode.com/viewtopic.php?f=11&t=22200

Of course, in order to manage accented characters, I had to add

Code: Select all

put base64Encode(textEncode(pTokenText,"UTF-8")) into pTokenText

in EncryptIt function.

Anyhow, thank you all for your help.

[FourthWorld]

Excellent sleuthing, Zax. Thanks for posting the link to the solution.

I've taken the liberty of marking this thread "Solved" so others looking for this type of solution will be able to find it easily.