Why does this AES encryption on an iPad and decryption in PHP fail?

Question

I have an iPad application that transmits encrypted information to a PHP-based website, but I\'m having difficulties in properly decrypting this information. I use the followin

Answer 1

please refere to this discussion for better usage AES encrypt/decrypt AES with CommonCrypto uses too much memory - Objective-C

Answer 2

Check the key that you're using. In PHP the MCRYPT_RIJNDAEL_128 _256 etc constants do not represent the key strength, but rather the block size being used.

To get 128-bit encryption with PHP you want to use a key that is 16 bytes long. For 256 you need 32 bytes and so on and so forth.

Both you PHP and C code look correct to me. Make sure the key is being used correctly in both cases.

As another thought. It looks like you're using PKCS#7 padding in C. I don't believe PHP is designed to work with that padding by default. If memory serves me, I believe the Mcrypt functions use null padding.

Lastly check your initialization vector in PHP. I noticed you're not using one in your C code which means you should not be accepting an $iv variable in PHP. That should be passed as NULL into the mcrypt functions (but this is highly discouraged).

What you should do instead is randomize an IV in your C code (where the data is being encrypted) and then send the IV along with the encrypted data. You can detect the size of the IV for the algorithm being used and split it off the front of the encrypted data to then use to populate your PHP side of things. This further secures your encryption for you.