decrypt() returning incorrect result

decrypt() returning incorrect result - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: decrypt() returning incorrect result (/showthread.php?tid=86796)

decrypt() returning incorrect result - objecttothis - 02-17-2023

I'm converting an app from CI 3.1.13 to CI 4.3.1

In CI3 I had:

PHP Code:
$CI =& get_instance();
$this->api_key = $CI->encryption->decrypt($CI->Appconfig->get('mailchimp_api_key')); 

In CI4 I have:

PHP Code:
$encrypter = Services::encrypter();
$this->api_key = $encrypter->decrypt($config['mailchimp_api_key']) 

In Config/Encryption.php I have:

PHP Code:
public string $key = REDACTED; //32 Character encryption key
public string $driver = 'OpenSSL';
public int $blockSize = 16;
public string $digest = 'SHA512';
public bool $rawData = false;
public string $encryptKeyInfo = 'encryption';
public string $authKeyInfo = 'authentication'; 

Between the two version the key has not changed and the digest value hasn't changed. When I step through the code I see that the decrypted result is garbage characters. I see that it's identifying the encryption algorithm as aes-256-ctr. I don't know if that's the correct algorithm or not from what CI3 was using, but something is off. From reading another forum post, I thought this was CI3 compatible as of CI 4.3.0.

RE: decrypt() returning incorrect result - kenjis - 02-17-2023

It should work...
See https://codeigniter.com/user_guide/libraries/encryption.html#configuration-to-maintain-compatibility-with-ci3

RE: decrypt() returning incorrect result - objecttothis - 02-18-2023

(02-17-2023, 05:20 PM)kenjis Wrote: It should work...
See https://codeigniter.com/user_guide/libraries/encryption.html#configuration-to-maintain-compatibility-with-ci3

Should, but it isn't. As a test, with the settings I listed, I was able to encrypt a plain text value, then decrypt it and they matched, so the decryption algorithm is working against it's own encryption. However, I tried encrypting the same plain text that was encrypted in a CI3 version of the same application and it encrypts to a completely different value.

In CI3 'hotdoggies' encrypts to:

Code:
756f4d370aaf4cdd16b5b6a2917883acb338d2d66d33521114bcbe495ae2b8f351c240be70a709d20f9a16517e824e5f1a8424d2731db02c701a6ae0678bc2ccMecjhJImsNP5ziPf03zRn3z0dS4phxXuK6Ga/Bqb36o=

In CI4 'hotdoggies' encrypts to:

Code:
30777d629b28662fce7b292c64e0f26393b8b7d9e4ac69a1ee271c3d0c620639be72bb833857e2316a4b1f766352d4b701a33cbfe29585e4ab4aa556a3abf87eKpiCg4Mqen/qzZ/xJi5ewwr1RQdhMA==

You can see they are yielding different results, which, then it isn't strange that decrypting a CI3 encrypted value using the CI4 decrypt() is producing an incorrect result. The seed is the same in both CI3 and CI4 versions.

RE: decrypt() returning incorrect result - objecttothis - 02-18-2023

@kenjis

I applied the workaround that @ardimardiana referenced here https://forum.codeigniter.com/showthread.php?tid=82494&pid=406963#pid406963 and got it working. In doing so I discovered the problem. CI4 is incorrectly guessing the cipher to use in decrypting the CI3 data as aes-256-ctr, when at least in my case, it is the CI3 standard aes-128-cbc cipher. As soon as I changed @ardimardiana's workaround code to:

PHP Code:
$ci3 = new Ci3encrypt();
$ci3->initialize(array(
    'cipher' => 'aes-128',
    'mode' => 'cbc',
    'driver' => 'openssl',
    'key' => config('Encryption')->key
));
$plain_text = $ci3->decrypt($config['mailchimp_api_key']); 

The CI3 encryption library decrypted the input properly. I tried forcing the CI4 encryption to use aes-128-cbc and even though the documentation (https://codeigniter.com/user_guide/libraries/encryption.html#CodeIgniter\Encryption\Encryption::initialize) shows a cipher option, I'm not seeing cipher or mode in \Config\Encryption.php. Were they removed from CI4 at some point after that documentation?

RE: decrypt() returning incorrect result - kenjis - 02-18-2023

Oh, thank you for the investigation.
I got your situation.

Try:

PHP Code:
$config        = new Encryption();
$config->driver = 'OpenSSL';
// Your CI3's encryption_key
$config->key            = 'Your Key';
$config->cipher        = 'AES-128-CBC'; // Add this!
$config->rawData        = false;
$config->encryptKeyInfo = 'encryption';
$config->authKeyInfo    = 'authentication';

$encrypter = Services::encrypter($config, false); 

RE: decrypt() returning incorrect result - kenjis - 02-18-2023

(02-18-2023, 09:56 AM)objecttothis Wrote: However, I tried encrypting the same plain text that was encrypted in a CI3 version of the same application and it encrypts to a completely different value.

Even if the same plain text is encrypted, the encrypted data will be completely different each time.

RE: decrypt() returning incorrect result - objecttothis - 02-19-2023

(02-18-2023, 04:25 PM)kenjis Wrote: Oh, thank you for the investigation.
I got your situation.

Try:

PHP Code:
$config = new Encryption(); $config->driver = 'OpenSSL'; // Your CI3's encryption_key $config->key = 'Your Key'; $config->cipher = 'AES-128-CBC'; // Add this! $config->rawData = false; $config->encryptKeyInfo = 'encryption'; $config->authKeyInfo = 'authentication'; $encrypter = Services::encrypter($config, false);

Excellent. This works. I submitted a PR to add the field into \App\Config\Encryption.php and the documentation example. https://github.com/codeigniter4/CodeIgniter4/pull/7278

RE: decrypt() returning incorrect result - kenjis - 02-21-2023

This bug has been fixed in develop branch, and it will be included in v4.3.3.
https://github.com/codeigniter4/CodeIgniter4/pull/7273