0
A client uses AES-256-CBC encryption on a PHP system using openssl_encrypt and I need to perform the same operation on a system using C#.
However, the key it reports has only 12 characters and in C# it is not allowed to enter a key with less than 16 characters. Consulting on the internet I saw that the amount of characters required is 16 characters due to the number of bytes for the key of this encryption method.
In the current system, the method works more or less like this:
function crypto($str)
{
$key = "123456789012";
$iv = "1234567890123456";
$method = 'AES-256-CBC';
return base64_encode(openssl_encrypt($str, $method, $key, true, $iv));
}
My question is: how does the openssl_encrypt function do to complete the amount of bytes required for this encryption method getting a smaller key?
Being clear that this is creating a weaker key than expected, it’s worth.
– epx