Got an error "Decrypting: authentication failed" while using Encryption service

Hi, in my project I need to store category id in category edit page inside a hidden field. Then, after form submit I want to update that particular category. To achieve this, in a secured approach, I used Encryption service of CodeIgniter 4.

Note: In the App\Config\Encryption.php file, I already set the "base 64" encoded value for "key" property that I got after executing createKey() static function of the Encryption class. 

Also, I included that Encryption class with its namespace that is "CodeIgniter\Encryption\Encryption".

Below code is for the editCategory function, where I create the encryption key, then using that key I encrypt category id. Finally, I pass that to the "edit_category" view file.

PHP Code:

public function editCategory($categoryId) {
        $data = [];
        $data['title'] = 'Edit Category';

        /**
         * Access Configuration settings for the Encryption file
         */
        $config = config('Encryption');

        /**
         * Generate base64 encoded representation of the encryption key
         */
        $key = base64_encode(Encryption::createKey(32));


        $configuration = new \Config\Encryption();
        $configuration->key = $key;
        $configuration->driver = 'OpenSSL';
        $encrypter = \Config\Services::encrypter($configuration);

        $categoryModel = new CategoryModel();
        $category = $categoryModel->where('id', $categoryId)->first();
        $categoryId = $category['id'];

        $encryptedCategoryId = $encrypter->encrypt($categoryId);
        // echo $encryptedCategoryId;die;

        $data['category'] = $category;
        $data['categoryId'] = $encryptedCategoryId;


        echo view('templates/admin_header', $data);
        echo view('admin/category/edit_category', $data);
        echo view('templates/admin_footer');
    } 


In edit_category.php file, I pass the encrypted category id to the updateCategory function.

Code snippet for hidden field in edit_category.php is written below.

PHP Code:

  <input type="hidden" name="categoryId" value="<?= isset($categoryId) ? $categoryId : ''  ?>"> 


Codes for updateCategory function is shown below, in that function I wanted to display the decrypted version of the category id.

PHP Code:

public function updateCategory() {
        $data = [];
        $data['title'] = 'Edit Category';

        $validation = \Config\Services::validation(); 
        $rules = $validation->getRuleGroup('categoryCreate');

        if(!$this->validate($rules)) {

            $data['validation'] = $this->validator;
            echo view('templates/admin_header', $data);
            echo view('admin/edit_category', $data);
            echo view('templates/admin_footer');

        } else {

            $catId = $this->request->getPost('categoryId');
            
            // configure the encryption service properly, before decrypting
            $config = new \Config\Encryption();
                        
                        // load the Encryption.php file's configuration settings
            $configValues = config('Encryption');
            $config->key = base64_decode($configValues->key);
            $config->driver = 'OpenSSL';

            $encrypter = \Config\Services::encrypter($config);

            $decryptedCatId = $encrypter->decrypt($catId);
            
            die('category id: '. $decryptedCatId);

            
        }
    } 


Have I done any mistake? Please help.

In your editCategory function, you setup two instances of the encryption config.

$config = config('Encryption'); // the shared instance
$configuration = new \Config\Encryption(); // the other instance

Yet, you passed to the encrypter is the "other" instance. This causes the wrong starter key to be used in your decryption. You need to manipulate the shared instance.

Then in both editCategory and updateCategory, you don't really need two instances of the same config file. Just use the shared config instance across your code.

In your editCategory function, you setup two instances of the encryption config.

$config = config('Encryption'); // the shared instance
$configuration = new \Config\Encryption(); // the other instance

Yet, you passed to the encrypter is the "other" instance. This causes the wrong starter key to be used in your decryption. You need to manipulate the shared instance.

Then in both editCategory and updateCategory, you don't really need two instances of the same config file. Just use the shared config instance across your code.

Thanks for your advice.