I need to share some data between PHP and Python in a secure way, this is what i found on the internet, a library to encrypt/decrypt data working both in Python and PHP.
The passshare is a 32 bytes hexa – you can randomly create it by using this command: openssl rand -hex 32
In PHP:
function my_encrypt($data, $passphrase) {
$secret_key = hex2bin($passphrase);
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
$encrypted_64 = openssl_encrypt($data, 'aes-256-cbc', $secret_key, 0, $iv);
$iv_64 = base64_encode($iv);
$json = new stdClass();
$json->iv = $iv_64;
$json->data = $encrypted_64;
return base64_encode(json_encode($json));
}
function my_decrypt($data, $passphrase) {
$secret_key = hex2bin($passphrase);
$json = json_decode(base64_decode($data));
$iv = base64_decode($json->{'iv'});
$encrypted_64 = $json->{'data'};
$data_encrypted = base64_decode($encrypted_64);
$decrypted = openssl_decrypt($data_encrypted, 'aes-256-cbc', $secret_key, OPENSSL_RAW_DATA, $iv);
return $decrypted;
}
echo my_encrypt("Hello world","15b8753ae627d5579d5b1495305c87c4f2753778b8c97394a9a43aa3590ab82f");
echo my_decrypt("eyJpdiI6ICJrbVNsWnVKZXI5VHVQVVZoMkJNZjdRPT0iLCAiZGF0YSI6ICJuOGlyZE5zczc5elhPcnR2VERkbDVnPT0ifQ==","15b8753ae627d5579d5b1495305c87c4f2753778b8c97394a9a43aa3590ab82f");
In Python:
import binascii
from Crypto import Random
from Crypto.Cipher import AES
import base64,json
#import sslcrypto,hashlib
def my_encrypt(data, passphrase):
"""
Encrypt using AES-256-CBC with random/shared iv
'passphrase' must be in hex, generate with 'openssl rand -hex 32'
"""
try:
key = binascii.unhexlify(passphrase)
pad = lambda s : s+chr(16-len(s)%16)*(16-len(s)%16)
iv = Random.get_random_bytes(16)
cipher = AES.new(key, AES.MODE_CBC, iv)
encrypted_64 = base64.b64encode(cipher.encrypt(pad(data))).decode('ascii')
iv_64 = base64.b64encode(iv).decode('ascii')
json_data = {}
json_data['iv'] = iv_64
json_data['data'] = encrypted_64
clean = base64.b64encode(json.dumps(json_data).encode('ascii'))
except Exception as e:
print("Cannot encrypt datas...")
print(e)
exit(1)
return clean
def my_decrypt(data, passphrase):
"""
Decrypt using AES-256-CBC with iv
'passphrase' must be in hex, generate with 'openssl rand -hex 32'
# https://stackoverflow.com/a/54166852/11061370
"""
try:
unpad = lambda s : s[:-s[-1]]
key = binascii.unhexlify(passphrase)
encrypted = json.loads(base64.b64decode(data).decode('ascii'))
encrypted_data = base64.b64decode(encrypted['data'])
iv = base64.b64decode(encrypted['iv'])
cipher = AES.new(key, AES.MODE_CBC, iv)
decrypted = cipher.decrypt(encrypted_data)
clean = unpad(decrypted).decode('ascii').rstrip()
except Exception as e:
print("Cannot decrypt datas...")
print(e)
exit(1)
return clean
print (my_encrypt("Hello","15b8753ae627d5579d5b1495305c87c4f2753778b8c97394a9a43aa3590ab82f"))