Brad's Weekend of Coding - Day 3 Summary

I started Victoria day with a "long sleep in", by that I mean I didn't get up until about 10:00am. I then proceeded to spend most of the day tunnelling away at AES encryption in PHP.

It was rather frustrating and not working quite the way I wanted. Several problems I ran into including:

  • Not saving the Initialisation Vector (IV), which (upon encrypting) generates a random series of bytes. The idea of this is that if you encrypt the same phrase multiple times, each time you will get different crypted values.  The problem however is that if you don't somehow save / remember the (IV) it will not decrypt properly.

  • Not saving the 'TAG'. I didn't even know what the 'TAG' was. Apparently, when encrypting, the 'TAG' is a self-check or 'finger print' of the encrypted string.  One the problems with many encryption algorithms (particularly based on 'XOR') is that when you decrypt you can't really be sure the decrypted message is correct (ie: if you use the wrong shared key, you just get another jumbled mess).  The 'TAG' solves this because if the decrypted message no longer matches the 'TAG' then decryption fails.  All this to say that the TAG needs to be saved in addition to the 'IV'.

  • Finally, I forgot to base64 encode the encrypted string. Why is this a problem? Well, the encrypted string is binary, meaning it can have all sorts of non-ascii charaters (like for example ascii character \0). So storing and saving it as a string or text file does not work., and the encrypted binary needs to be translated to a text only representation (ie: base64) first, and re-encoded into binary on decryption.

The Code

function aes_encrypt($msg,$password,$filename)
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
    $ivlen = openssl_cipher_iv_length($cipher);
    $iv = openssl_random_pseudo_bytes($ivlen);
    $ciphertext = openssl_encrypt($msg, $cipher, $password, $options=0, $iv, $t$
    //store $cipher, $iv, and $tag for decryption later

return base64_encode($ciphertext);

function aes_decrypt($cipherenc,$password,$iv,$tag)
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))
    $ivlen = openssl_cipher_iv_length($cipher);
    $original_plaintext = openssl_decrypt($ciphertext, $cipher, $password, $opt$
    return $original_plaintext;

And that was my final day of coding. I finished the day with a game of Catan with the family. (I lost 3 times in a row)

If you liked this post please consider sharing via your favorite social networks!!

and ..if you like my blogging, video, audio, and programming - please consider becoming a patron and get exclusive access @


Popular posts from this blog

Programming Rant - Stop the Insanity!! - .NET 7 is not the successor to .NET 4.8

Despite of how it looks - I'm not part of a coup d'etat

Everything in Moderation...

Way back then...Apple ][

The Most Dangerous Software on the Internet!

Diabetes is not caused by eating too much sugar !!!

Windows Gadgets (Geek Wisdom Clock)

So I started a Podcast ! - The G33k Dream Team .

You should be able to do that...