Brad's Weekend of Coding - Day 3 Summary

I started Victoria day with a "long sleep in", by that I mean I didn't get up until about 10:00am. I then proceeded to spend most of the day tunnelling away at AES encryption in PHP.

It was rather frustrating and not working quite the way I wanted. Several problems I ran into including:

  • Not saving the Initialisation Vector (IV), which (upon encrypting) generates a random series of bytes. The idea of this is that if you encrypt the same phrase multiple times, each time you will get different crypted values.  The problem however is that if you don't somehow save / remember the (IV) it will not decrypt properly.

  • Not saving the 'TAG'. I didn't even know what the 'TAG' was. Apparently, when encrypting, the 'TAG' is a self-check or 'finger print' of the encrypted string.  One the problems with many encryption algorithms (particularly based on 'XOR') is that when you decrypt you can't really be sure the decrypted message is correct (ie: if you use the wrong shared key, you just get another jumbled mess).  The 'TAG' solves this because if the decrypted message no longer matches the 'TAG' then decryption fails.  All this to say that the TAG needs to be saved in addition to the 'IV'.

  • Finally, I forgot to base64 encode the encrypted string. Why is this a problem? Well, the encrypted string is binary, meaning it can have all sorts of non-ascii charaters (like for example ascii character \0). So storing and saving it as a string or text file does not work., and the encrypted binary needs to be translated to a text only representation (ie: base64) first, and re-encoded into binary on decryption.

The Code

function aes_encrypt($msg,$password,$filename)
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
    $ivlen = openssl_cipher_iv_length($cipher);
    $iv = openssl_random_pseudo_bytes($ivlen);
    $ciphertext = openssl_encrypt($msg, $cipher, $password, $options=0, $iv, $t$
    //store $cipher, $iv, and $tag for decryption later

return base64_encode($ciphertext);

function aes_decrypt($cipherenc,$password,$iv,$tag)
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
    $ivlen = openssl_cipher_iv_length($cipher);
    $original_plaintext = openssl_decrypt($ciphertext, $cipher, $password, $opt$
    return $original_plaintext;

And that was my final day of coding. I finished the day with a game of Catan with the family. (I lost 3 times in a row)

If you liked this post please consider sharing via your favorite social networks!!

and ..if you like my blogging, video, audio, and programming - please consider becoming a patron and get exclusive access @


Popular posts from this blog

There's a bug in the keyboard driver...(dear liza)

Password Security Challenge - Last Pass & 1Password

What is Multi Factor Authentication (MFA / 2FA)?? and Why does it matter??

About the Book - Geek Wisdom

The Programmer's Dilemma

Despite of how it looks - I'm not part of a coup d'etat

Brad's Weekend of Coding - Day 1 - Summary

The Most Dangerous Software on the Internet!

Eco Cycle Planning Resources, Toastmasters & Unicorns

IT Security Myths & Legends