Encryption help, last 11 characters always wrong

[Haberdasher]

I've been beating my head against this encryption problem for days and can't crack it. I'm trying to port a Windows application to PHP that encrypts the date but cannot get the PHP output to match the Windows output. The PHP output is always off by the last 11 (sometimes 10) characters.

 

Example:

Windows application:    pAyeHcqJJdFB+pegdagwLpBNAhfutioS

PHP port:                      pAyeHcqJJdFB+pegdagwLpGmCaBlvMVV

 

I cannot for the life of me figure out why. I've tried encoding the key and date in different ways. I've tried adjusting the length of the date but oddly enough it's had no effect. Even if I cut the date down by several chars it still ends up being off by 11 chars after encrypting and encoding.

 

The settings I've used are consistent with the windows app (TrippleDES, CBC, 0s for the iv). In the code below I've replaced the real key.

 

Any help to get me pointed in the right direction would be really, really, really appreciated.

 

-Dave

 

Here's my code:

 

<html>
<head>
<title>Date Encrypt</title>
</head>

<body>
<?php

//Date format YYYY-MM-DD HH:MM:SS.0000
$DateTime = date('Y-m-d H:i:s.0000');
$key = "private";

//print time and key for debug
print 'Time: '. $DateTime.'<br>';
print 'Key: '. $key.'<br>';
print '<br>';
print 'Block size: ';
print mcrypt_get_block_size(MCRYPT_TripleDES, 'cbc');
print '<br>';
print 'String len: ';
print strlen($DateTime);
print '<br>';
TDbase64encrypt($key, $DateTime);

function TDbase64encrypt($key, $DateTime)
{
$iv = "00000000";
$des_encrypt = mcrypt_encrypt(MCRYPT_TripleDES, $key, $DateTime, MCRYPT_MODE_CBC,$iv);
$encryptDate = base64_encode($des_encrypt);
print 'Encrypted Date: '.$encryptDate.'<br>';
}
?>
</body>
</html>

[gizmola]

2 Questions:

 

1. What is the purpose of using CBC with an IV that is always a bunch of zeros.  That defeats the entire purpose of the mechanism, which is designed to insure that encryption of the same plaintext multiple times does not produce the same ciphertext.

 

2. Why does it matter that things match as long as the data can be decrypted. 

 

I don't see us offering much help here truthfully.  The only thing I could suggest is a side by side comparison guaranteeing that the data is the same in each app, at each step of the process.  If you've guaranteed that, then one would have to assume there's something different about the two 3des implementations.

 

 

[Haberdasher]

1) You'd have to ask the SWEs responsible for the system that I'm accessing, I don't have any control over it.

 

2) This encryption is needed as part of an authentication process. The encrypted date is sent with other auth credentials and needs to match with the encrypted date that's generated on the server. The windows app is producing the correct encryption that the server accepts. The PHP created encryption is not being accepted.

 

-Dave

[teamatomic]

Remove the dot before your padding and see what happens, the dot might be increasing the padding to 5 for php and that would be right about an 11 byte difference.

 

 

HTH

TEamatomic

[Haberdasher]

This ended up being an instance of the differences between the .net TripleDESCryptoServiceProvider and mcrypt padding behavior defined here:

 

http://www.php.net/manual/en/function.mcrypt-encrypt.php#68368

http://www.php.net/manual/en/function.mcrypt-encrypt.php#47973

 

Once I manually padded the string with the TripleDESCryptoServiceProvider padding type everything worked. I wasn't able to use the exact code in the above linked posts but it got me close enough to get there.

 

I didn't try this solution first on the advice of one of the service engineers saying that my problems weren't padding related; but it did end up being a padding problem. Just goes to show that highly paid engineers don't always know what they are talking about.

 

-Dave