I've found a few answers to Encrypt in PHP, and Decrypt in C#, but as yet have been unable to reverse the process...
The background is I want to:
In C#: AES encrypt a file's contents. Upload the data (likely via http via POST) to a server.
In PHP: Receive and save the file.
And in PHP (at a later date): Decrypt the file.
I specifically want to encrypt it outside of using SSL/TLS (though I might have to do this as well), as I need to know the file remains encrypted (and decryptable!) when stored on the server.
To encrypt in C# I'm using:
Rijndael RijndaelAlg = Rijndael.Create();
RijndaelAlg.KeySize = 128;
RijndaelAlg.Mode = CipherMode.CBC;
CryptoStream cStream = new CryptoStream(fStream, RijndaelAlg.CreateEncryptor(Key, IV),
CryptoStreamMode.Read);
and to decrypt in PHP:
mcrypt_cbc(MCRYPT_RIJNDAEL_128, $key, $buffer, MCRYPT_DECRYPT, $iv);
Generally it only depends on selecting the right options on both sides:
Plaintext character format
how plaintext characters are encoded in the bit string
-
how to pad the plaintext to be an exact multiple of the block size
Key length
must be agreed if there is a choice
-
how to create the bit string to be used for the key
Mode
which mode of encryption to use
-
how we store the ciphertext
Please see here for a lot of information about these things. Especially the padding seems to be the root of most interoperability problems as PHP's mcrypt uses a NULL-padding by default and has no built-in support for any other padding mode, while e.g. .NET doesn't even provide an option to use a NULL-padding (as it may cause issues when encrypting binary data).
I know this was asked a while ago but I thought I'd post my solution for others. I wrote up a quick code example in PHP and C# that lets you encrypt/decrypt both ways. I had a few issues with getting the settings on both sides to work out. A difference in padding would let it decrypt one way but not the other
https://github.com/dchymko/.NET--PHP-encryption
hope that helps some people.
Are you using the same mode with both? I.e. are you using CBC with both (and not ECB). If you don't understand what I just said then drop a comment and I'll explain in detail, as it has fairly major security repercussions.
I had a similar problem a few months ago - I had a project that had to use AES encryption and I had to make sure that the exact same algorithm is used between a C# and A C++ component. I ended up implementing a shared DLL library used by both based on the AES crypto wrapper from this codeplex article:
来源:https://stackoverflow.com/questions/4192658/how-can-i-encrypt-with-aes-in-c-sharp-so-i-can-decrypt-it-in-php