I read elsewhere in StackExchange that it’s not possible to decrypt AES strings originating from AMPScript in PHP. Is this true? It seems that it should be possible with mcrypt.
Also, part two for this question… if AES isn’t possible, then should we go with DES or TripleDES? We need to be able to decrypt data generated in ExactTarget’s EncryptSymmetric() function in a clients’s PHP environment.
I had the same question and thanks to the great work of @Kolohe with the mcrypt example I found a solution with openssl_decrypt and DES encryption.
With the upgrade to php7 we replaced mcrypt with openssl. So mcrypt wasn’t a solution for us.
Because we pass the encrypted string as GET parameter it is wrapped with base64.
That’s the AMPScript:
%%[ set @email = 'firstname.lastname@example.org' set @email_code = Base64Encode(EncryptSymmetric(@email, "des;mode=ecb;padding=zeros", @null, 'ab12cd34')) Output(Concat(@email, '<br>')) Output(Concat(@email_code, '<br>')) ]%%
That’s the result from the AMPScript:
That’s the PHP part:
$crypted = 'TklMUTk4UjBhVlRWeXdDWHJCYk92Zz09'; $crypted = base64_decode($crypted); var_dump($crypted); $decrypted = openssl_decrypt($crypted, 'des-ecb', 'ab12cd34', OPENSSL_ZERO_PADDING, ''); var_dump($decrypted); $decrypted = trim($decrypted); var_dump($decrypted);
And the PHP result:
string(24) "NILQ98R0aVTVywCXrBbOvg==" string(16) "email@example.com" string(14) "firstname.lastname@example.org"
The decrypted string has 2 control charactes at the end. I don’t know why and in the end I wrapped it with a trim to solve the problem. It seems to work.