I have following test.php script:
$AES_IV = "4epZqMl8BQukhip6WQjQHg==";
$AES_KEY = "zvKmer0cPiJdQQ1RPjQOCF/wURt+31UdingRoPj4+Yc=";
$guid = $_GET["guid"];
$encryptedGuid = urldecode($_GET["encryptedGuid"]);
$decryptedGuid = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, base64_decode($AES_KEY), base64_decode($encryptedGuid), MCRYPT_MODE_CBC, base64_decode($AES_IV));
echo "Guid is: ".$guid."</br>";
echo "Decrypted GUID is: ".$decryptedGuid."</br>";
if ($decryptedGuid === $guid)
{
echo "Guid and decrypted Guid are equals.";
}
else
{
echo "Guid and decrypted Guid are not equals.";
}
I call this script as follows:
http://localhost:8087/test/test.php?guid=08201E62-DFA5-8A50-ACFC-A811871804CD&encryptedGuid=ED40y72BJvzXmN0Aj9eb85VdIJKu6LUYQuYSWMPOhIQcm5SIquZAhRMmhsC7ax2e
Test.php script should display "Guid and decrypted Guid are equals." but it never occurs. I tried to check encoding of strings and $guid is ASCII and $encryptedGuid is UTF-8. Can you please help me how to solve this problem? I tried to convert ASCII to UTF-8 but I wasn't successful because result of e.g. iconv function was again ASCII. I think convert ASCII to UTF-8 can be solution but I am not sure if it is always true that $_GET returns ASCII.
Thank you very much for your help.
I had a similar issue and I was able to work it out thanks to Dennis' comment about padding.
After I decrypted my AES string and I noticed that one particular param in the URL wasn't quite right...
E.g. test=1&foo=bar
It looked fine. However, when I was trying to do a string comparison with the final value in the URL (bar) it would never be true.
if ($foo == 'bar')
So, I compared the strings using bin2hex there was some sort of repeated string added to the end of the param value (0505050505). What I didn't realise was that this was padding added to the string by the encryption.
For some reason rtrim didn't help me so what I did was added a useless param to the end of my URL before encryption (e.g. padding=1). This made sure that the last of my "important" params didn't have the padding added to the string.