I need to share some data between PHP and Python in a secure way, this is what i found on the internet, a library to encrypt/decrypt data working both in Python and PHP.


The passshare is a 32 bytes hexa – you can randomly create it by using this command: openssl rand -hex 32

In PHP:

function my_encrypt($data, $passphrase) {
    $secret_key = hex2bin($passphrase);
    $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
    $encrypted_64 = openssl_encrypt($data, 'aes-256-cbc', $secret_key, 0, $iv);
    $iv_64 = base64_encode($iv);
    $json = new stdClass();
    $json->iv = $iv_64;
    $json->data = $encrypted_64;
    return base64_encode(json_encode($json));
}

function my_decrypt($data, $passphrase) {
    $secret_key = hex2bin($passphrase);
    $json = json_decode(base64_decode($data));
    $iv = base64_decode($json->{'iv'});
    $encrypted_64 = $json->{'data'};
    $data_encrypted = base64_decode($encrypted_64);
    $decrypted = openssl_decrypt($data_encrypted, 'aes-256-cbc', $secret_key, OPENSSL_RAW_DATA, $iv);
    return $decrypted;
}

echo my_encrypt("Hello world","15b8753ae627d5579d5b1495305c87c4f2753778b8c97394a9a43aa3590ab82f");
echo my_decrypt("eyJpdiI6ICJrbVNsWnVKZXI5VHVQVVZoMkJNZjdRPT0iLCAiZGF0YSI6ICJuOGlyZE5zczc5elhPcnR2VERkbDVnPT0ifQ==","15b8753ae627d5579d5b1495305c87c4f2753778b8c97394a9a43aa3590ab82f");

In Python:

import binascii
from Crypto import Random
from Crypto.Cipher import AES
import base64,json
#import sslcrypto,hashlib
def my_encrypt(data, passphrase):
    """
         Encrypt using AES-256-CBC with random/shared iv
        'passphrase' must be in hex, generate with 'openssl rand -hex 32'
    """
    try:
        key = binascii.unhexlify(passphrase)
        pad = lambda s : s+chr(16-len(s)%16)*(16-len(s)%16)
        iv = Random.get_random_bytes(16)
        cipher = AES.new(key, AES.MODE_CBC, iv)
        encrypted_64 = base64.b64encode(cipher.encrypt(pad(data))).decode('ascii')
        iv_64 = base64.b64encode(iv).decode('ascii')
        json_data = {}
        json_data['iv'] = iv_64
        json_data['data'] = encrypted_64
        clean = base64.b64encode(json.dumps(json_data).encode('ascii'))
    except Exception as e:
        print("Cannot encrypt datas...")
        print(e)
        exit(1)
    return clean

def my_decrypt(data, passphrase):
    """
         Decrypt using AES-256-CBC with iv
        'passphrase' must be in hex, generate with 'openssl rand -hex 32'
        # https://stackoverflow.com/a/54166852/11061370
    """
    try:
        unpad = lambda s : s[:-s[-1]]
        key = binascii.unhexlify(passphrase)
        encrypted = json.loads(base64.b64decode(data).decode('ascii'))
        encrypted_data = base64.b64decode(encrypted['data'])
        iv = base64.b64decode(encrypted['iv'])
        cipher = AES.new(key, AES.MODE_CBC, iv)
        decrypted = cipher.decrypt(encrypted_data)
        clean = unpad(decrypted).decode('ascii').rstrip()
    except Exception as e:
        print("Cannot decrypt datas...")
        print(e)
        exit(1)
    return clean

print (my_encrypt("Hello","15b8753ae627d5579d5b1495305c87c4f2753778b8c97394a9a43aa3590ab82f"))