PHP AES/Rijndael Encryption Confusion

AES is not exactly synonymous with “Rijndael”. AES is a (restricted) variant of Rijndael.

AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits, whereas Rijndael is specified with block and key sizes in any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits.

PHP provides a general implementation Rijndael algorithm. The PHP mcrypt API is unintentionally misleading because most users would think that specifying MCRYPT_RIJNDAEL_256 means that you’ll get 256-bit encryption. This is NOT the case.  The MCRYPT_RIJNDAEL_256 is actually settinig the block size of the algorithm (not the strength).

  • See this for detailed information about PHP encryption (mcrypt)
  • The AES encryption standard is defined as Rjindael encryption (128-bit, 192-bit, or 256-bit) using a block size of 16 bytes. Chilkat implements the AES encryption standard.
  • When you specify MCRYPT_RIJNDAEL_256 in PHP, you are *NOT* setting the encryption strength to 256-bits. You are setting the block size to 256 bits. This is NOT AES encryption. To properly produce 256-bit AES encryption in PHP, you must provide a 32-byte encryption key (which implicitly sets the encryption strength), but the block size must be set to MCRYPT_RIJNDAEL_128 (16 bytes).

PHP Three-Key Triple-DES (3DES) Test Vector

This post provides PHP sample code for matching a test vector (known answer test).

3DES Settings:

  • ECB Mode
  • 192-bit key (i.e. 3 8-bit keys)
  • ASCII Key Bytes: 1234567890123456ABCDEFGH
  • ASCII Text to Encrypt: The quick brown fox jumped over the lazy dog
  • Pads with zero bytes
  • Hexadecimalized Encrypted Result:

PHP Code:

	$cipher = mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_ECB, '');
	// The IV is ignored for ECB mode.
	$iv =  '12345678';
	$key192 = '1234567890123456ABCDEFGH';
	printf("key192: %s\n",bin2hex($key192));
	$cleartext = 'The quick brown fox jumped over the lazy dog';
	printf("clearText: %s\n\n",$cleartext);
	if (mcrypt_generic_init($cipher, $key192, $iv) != -1)
		// PHP pads with NULL bytes if $cleartext is not a multiple of the block size..
		$cipherText = mcrypt_generic($cipher,$cleartext );
		// Display the result in hex.
		printf("3DES encrypted:\n%s\n\n",bin2hex($cipherText));

3DES Code to match this test vector in other languages:
ASP: 3DES Test Vector
SQL Server: 3DES Test Vector
C#: 3DES Test Vector
C++: 3DES Test Vector
MFC: 3DES Test Vector
C: 3DES Test Vector
Delphi: 3DES Test Vector
Visual FoxPro: 3DES Test Vector
Java: 3DES Test Vector
Perl: 3DES Test Vector
PHP: 3DES Test Vector
Python: 3DES Test Vector
Ruby: 3DES Test Vector
VB.NET: 3DES Test Vector
Visual Basic: 3DES Test Vector
VBScript: 3DES Test Vector