Hello,
I am trying to make use of crypto module. The scenario is the following:
-
Encrypt plaintext passwords on kamailio side using crypto_aes_encrypt function of crypto module
-
Decrypt them outside of kamailio using 3rd party tools, such as PHP openssl_decrypt
Crypto module parametrs are the following:
modparam("crypto", "salt", "")
modparam("crypto", "key_derivation", 0)
If encryption and decription are handled by kamailio, the initial password matches the decrypted string (initial
password -> encrypted string -> decrypted string)
For example:
sql_query("ds_dburl", "select secret from kamailio_sip_buddies where username='$au'", "secret");
$avp(secret_plain) = $dbr(secret=>[0,0]); //value: 'kamailio'
crypto_aes_encrypt("$avp(secret_plain)", "YUZySHVtdlVTYjI0TGJNd3JTeVV0MlRaRWFraFNBRlM=",
"$var(encrypted)"); //value: 'qfOqTMoJMgGAherGCqLRRQc4zTlqsEj3MEtcORurFf0='
crypto_aes_decrypt("$avp(secret_plain)", "YUZySHVtdlVTYjI0TGJNd3JTeVV0MlRaRWFraFNBRlM=",
"$var(decrypted)"); //value: 'kamailio'
But in case I try to decrypt the value of $var(encrypted)
using PHP openssl_decrypt or online tool like https://www.devglan.com/online-tools/aes-encryption-decryption,
I am getting the result 'kamailio' prepended by 16 random bytes, like:
6“¤›¿Ð+IÊ��\ñžïZkamailio
or
6�����+I\��Zkamailio
I
believe this 16 bytes are actually random initialization vector in some encoding.
Possibly
kamailio is trimming them from result here:
Moreover,
if secret was encrypted using crypto_aes_encrypt and random IV, you can use any IV while decrypting
and get 16 different bytes+result
Please advice if someone have used crypto module in similar way and what are the possible ways to acheive results consistency