Decrypt a string encrypted by the EncryptSymmetric() AMPscript function using PHP

I read elsewhere in StackExchange that it’s not possible to decrypt AES strings originating from AMPScript in PHP. Is this true? It seems that it should be possible with mcrypt.

Also, part two for this question… if AES isn’t possible, then should we go with DES or TripleDES? We need to be able to decrypt data generated in ExactTarget’s EncryptSymmetric() function in a clients’s PHP environment.

Answer

I had the same question and thanks to the great work of @Kolohe with the mcrypt example I found a solution with openssl_decrypt and DES encryption.

With the upgrade to php7 we replaced mcrypt with openssl. So mcrypt wasn’t a solution for us.

Because we pass the encrypted string as GET parameter it is wrapped with base64.

That’s the AMPScript:

%%[
set @email = 'gone@world.com'
set @email_code = Base64Encode(EncryptSymmetric(@email, "des;mode=ecb;padding=zeros", @null, 'ab12cd34'))
Output(Concat(@email, '<br>'))
Output(Concat(@email_code, '<br>'))
]%%

That’s the result from the AMPScript:

gone@world.com
TklMUTk4UjBhVlRWeXdDWHJCYk92Zz09

That’s the PHP part:

$crypted = 'TklMUTk4UjBhVlRWeXdDWHJCYk92Zz09';
$crypted = base64_decode($crypted);
var_dump($crypted);
$decrypted = openssl_decrypt($crypted, 'des-ecb', 'ab12cd34', OPENSSL_ZERO_PADDING, '');
var_dump($decrypted);
$decrypted = trim($decrypted);
var_dump($decrypted);

And the PHP result:

string(24) "NILQ98R0aVTVywCXrBbOvg=="
string(16) "gone@world.com"
string(14) "gone@world.com"

The decrypted string has 2 control charactes at the end. I don’t know why and in the end I wrapped it with a trim to solve the problem. It seems to work.

Attribution
Source : Link , Question Author : James , Answer Author : fry2k

Leave a Comment