PHP AES/Rijndael Encryption Confusion

Posted on June 7, 2012 by admin

AES is not exactly synonymous with “Rijndael”. AES is a (restricted) variant of Rijndael.

AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits, whereas Rijndael is specified with block and key sizes in any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits.

PHP provides a general implementation Rijndael algorithm. The PHP mcrypt API is unintentionally misleading because most users would think that specifying MCRYPT_RIJNDAEL_256 means that you’ll get 256-bit encryption. This is NOT the case. The MCRYPT_RIJNDAEL_256 is actually settinig the block size of the algorithm (not the strength).

See this for detailed information about PHP encryption (mcrypt)
The AES encryption standard is defined as Rjindael encryption (128-bit, 192-bit, or 256-bit) using a block size of 16 bytes. Chilkat implements the AES encryption standard.
When you specify MCRYPT_RIJNDAEL_256 in PHP, you are *NOT* setting the encryption strength to 256-bits. You are setting the block size to 256 bits. This is NOT AES encryption. To properly produce 256-bit AES encryption in PHP, you must provide a 32-byte encryption key (which implicitly sets the encryption strength), but the block size must be set to MCRYPT_RIJNDAEL_128 (16 bytes).

Chilkat PHP Extension for Linux / Mac OS X Released

Posted on June 14, 2011 by admin

The Chilkat v9.2.0 PHP Extensions for Linux and Mac OS X were released today:

Chilkat PHP Extension Downloads

Chilkat PHP Extension Reference Documentation

Chilkat PHP Extension Examples

PHP Three-Key Triple-DES (3DES) Test Vector

Posted on May 22, 2008 by admin

This post provides PHP sample code for matching a test vector (known answer test).

3DES Settings:

ECB Mode
192-bit key (i.e. 3 8-bit keys)
ASCII Key Bytes: 1234567890123456ABCDEFGH
ASCII Text to Encrypt: The quick brown fox jumped over the lazy dog
Pads with zero bytes
Hexadecimalized Encrypted Result:
13d4d3549493d2870f93c3e0812a06de467e1f9c0bfb16c0
70ede5cabbd3ca62f217a7ae8d47f2c7bf62eb309323b58b

PHP Code:


<?php
	
	$cipher = mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_ECB, '');
	
	// The IV is ignored for ECB mode.
	$iv =  '12345678';
	
	$key192 = '1234567890123456ABCDEFGH';
	printf("key192: %s\n",bin2hex($key192));
	
	$cleartext = 'The quick brown fox jumped over the lazy dog';
	printf("clearText: %s\n\n",$cleartext);
		
	if (mcrypt_generic_init($cipher, $key192, $iv) != -1)
	{
		// PHP pads with NULL bytes if $cleartext is not a multiple of the block size..
		$cipherText = mcrypt_generic($cipher,$cleartext );
		mcrypt_generic_deinit($cipher);
		
		// Display the result in hex.
		printf("3DES encrypted:\n%s\n\n",bin2hex($cipherText));
	}
	
?>

3DES Code to match this test vector in other languages:
ASP: 3DES Test Vector
SQL Server: 3DES Test Vector
C#: 3DES Test Vector
C++: 3DES Test Vector
MFC: 3DES Test Vector
C: 3DES Test Vector
Delphi: 3DES Test Vector
Visual FoxPro: 3DES Test Vector
Java: 3DES Test Vector
Perl: 3DES Test Vector
PHP: 3DES Test Vector
Python: 3DES Test Vector
Ruby: 3DES Test Vector
VB.NET: 3DES Test Vector
Visual Basic: 3DES Test Vector
VBScript: 3DES Test Vector

Chilkat Tech Notes

Chilkat Software Tech Notes

Category Archives: PHP

PHP AES/Rijndael Encryption Confusion

Chilkat PHP Extension for Linux / Mac OS X Released

PHP Three-Key Triple-DES (3DES) Test Vector