We are trying to decrypt a file we receive with the AS4 protocol and SOAP messages. We are able to decrypt the key using ‘openssl_private_decrypt’. But the decrypted key has a size of 256 bytes, and does not match the required size for the ‘openssl_decrypt’ key size:
$privateKey = '*hidden*';
$passPhrase="*hidden*";
$supplierCypherValue="ePsYNDRENhm/PJ1+3UT7V5U94/mP/wiPtILqBea869SnZh9olcVglJcOJZc7qexii4ewb00qopIW0HP8xYn4uQ7MNoh2fDfCQUd0hwGrIxcYQL3IBijccLJHKx0FmPIOLui3z4+sXLUz5sCBzQdzJWt2q3Uz/fkfXceVbqo5tn5jMwuayQ+uzQg86Uf+fhoGI891XFeVGQgemhPc9NigIlx/Z/W9+4B1QxM+Kd5mgOQHmNl6vF/n+q6g4TIvjZSQFuYPH7/Edb0e7eqDsEHrnfRtmTanw4YEDDALu3KECTI692i2W0f0TJRtXptwjMN9k5rA2i6rQWLyFny+6x74rQ==";
$base64DecodedCipherValue = base64_decode($supplierCypherValue);
$privateKey = openssl_pkey_get_private($privateKey, $passPhrase);
$decryptedKey = '';
openssl_private_decrypt($base64DecodedCipherValue,$decryptedKey, $privateKey, OPENSSL_NO_PADDING); // Output = true
// For further testing purposes, $decryptedKey bin output in hex format:
$decryptedKeyHex = '00853d1a77f1e400c602c26bd97aaaaa408c0dbb95d92ce85713d9418cfb51fab5fc956629e769d703330530ae7ce797919abc396846a5faa81e43769bf2dc3e9c19cb548aad34967d934c8d8ddffc1ac97002ca06c9caf32d5c2f5cab4e31c18276c3860c7f7f542fbd331586b227aaae63f4d0dd94bcd0089ffabf230381bc9d107fa8bb93679415b1a2d1c53d1100d1adf966271c6753ae91ccc29a84baa5b63c1e7c4bed07a23a18c366608a55806e9073485aef9c4a500f71ff8d9888dc92bd7b7f02108fda47e9af81bcc7074b46d87efa45c474be187f8ada412359a1630daf11ff9c3d85622715ec19537ed00289f124c334af49f7ef5e8f1f833be5';
$decryptedKey = hex2bin($decryptedKeyHex);
// Continue
$cipher="aes-128-gcm";
$binaryData="binary data";
$ivlen = openssl_cipher_iv_length($cipher);
$iv = substr($binaryData, 0, $ivlen);
$ciphertext_raw = substr($binaryData, $ivlen, -16);
$tag = substr($binaryData, -16);
$decryptedData = openssl_decrypt(
$ciphertext_raw,
$cipher,
$decryptedKey,
OPENSSL_RAW_DATA,
$iv,
$tag
);
if (empty($decryptedData)) {
var_dump(openssl_error_string());
throw new \Exception('Decription failed');
}
This outputs:
string(89) "error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length"
Exception : Decription failed
We tried several variations on the openssl_decrypt method. Changing IV or data still has the error that there is an invalid key length. The binary content should decrypt into a gzipped xml document.
You need to sign in to view this answers
Leave feedback about this