hash - Derive key and IV from string for AES encryption in CryptoJS and PHP -

how can generate key , iv each common string, may serve in encryption algorithm using aes in php?

example:

$key_string = derivate_in_valid_key("i love stackoverflow"); $iv_string = derivate__in_valid_iv("i love questions"); 

and in way can repeat derivation process in javascript also.

you can use pbkdf2 derive key , iv password. cryptojs , php both provide implementations thereof.

aes supports key sizes of 128, 192 , 256 bits, , block size of 128-bit. iv must same size block size modes such cbc.

single invocation of pbkdf2 generate key

the following code works generate iv. doing so, requires second random salt must sent alongside ciphertext.

javascript (demo):

var password = "test";  var iterations = 500; var keysize = 256; var salt = cryptojs.lib.wordarray.random(128/8);  console.log(salt.tostring(cryptojs.enc.base64));  var output = cryptojs.pbkdf2(password, salt, {     keysize: keysize/32,     iterations: iterations });  console.log(output.tostring(cryptojs.enc.base64)); 

example output:

 cgxedci5z4ju1ycmkrh6aw==   7g3+nuwtbooovetdylqmadgnqckiqcjzi3wnsprpabu= 

php:

$password = "test"; $expected = "7g3+nuwtbooovetdylqmadgnqckiqcjzi3wnsprpabu=";  $salt = 'cgxedci5z4ju1ycmkrh6aw=='; $hasher = "sha1"; // cryptojs uses sha1 default $iterations = 500; $outsize = 256;  $out = hash_pbkdf2($hasher, $password, base64_decode($salt), $iterations, $outsize/8, true);  echo "expected: ".$expected."\ngot:      ".base64_encode($out); 

output:

 expected: 7g3+nuwtbooovetdylqmadgnqckiqcjzi3wnsprpabu= got:      7g3+nuwtbooovetdylqmadgnqckiqcjzi3wnsprpabu= 

single invocation of pbkdf2 generate key and iv

the previous section bit clunky, because 1 needs generate 2 salts , 2 invocations of pbkdf2. pbkdf2 supports variable output, possible use 1 salt, request output of key size plus iv size , slice them off. following code that, 1 salt must sent alongside of ciphertext.

javascript (demo):

var password = "test";  var iterations = 1000; // sizes must multiple of 32 var keysize = 256; var ivsize = 128; var salt = cryptojs.lib.wordarray.random(128/8);  console.log(salt.tostring(cryptojs.enc.base64));  var output = cryptojs.pbkdf2(password, salt, {     keysize: (keysize+ivsize)/32,     iterations: iterations });  // underlying words arrays might have more content asked: remove insignificant words output.clamp();  // split key , iv var key = cryptojs.lib.wordarray.create(output.words.slice(0, keysize/32)); var iv = cryptojs.lib.wordarray.create(output.words.slice(keysize/32));  console.log(key.tostring(cryptojs.enc.base64)); console.log(iv.tostring(cryptojs.enc.base64)); 

example output:

 0iulef2tnccikgmdwvqx3q== qetc3zhug3jcdtockzu2ujwtnrmeggvf1dnubgnmyzg= l1ynlfe54+cvepp/pxshtg== 

php:

$password = "test"; $expectedkey = "qetc3zhug3jcdtockzu2ujwtnrmeggvf1dnubgnmyzg="; $expectediv = "l1ynlfe54+cvepp/pxshtg==";  $salt = '0iulef2tnccikgmdwvqx3q=='; $hasher = "sha1"; $iterations = 1000; $keysize = 256; $ivsize = 128;  $out = hash_pbkdf2($hasher, $password, base64_decode($salt), $iterations, ($keysize+$ivsize)/8, true);  // split key , iv $key = substr($out, 0, $keysize/8); $iv = substr($out, $keysize/8, $ivsize/8);  // print demonstration purposes echo "expected key: ".$expectedkey."\ngot:          ".base64_encode($key); echo "\nexpected iv: ".$expectediv."\ngot:         ".base64_encode($iv); 

output:

 expected key: qetc3zhug3jcdtockzu2ujwtnrmeggvf1dnubgnmyzg= got:          qetc3zhug3jcdtockzu2ujwtnrmeggvf1dnubgnmyzg= expected iv: l1ynlfe54+cvepp/pxshtg== got:         l1ynlfe54+cvepp/pxshtg== 

---

cryptojs uses sha1 default, use different hash function passing hash function hasher object property. should use higher iteration count.

i don't have php 5.5+ version available used pbkdf2 implementation here.