Recently we discussed how to encrypt something in PHP and then decrypt in Xojo. Check out the CipherMBS class in our plugin, which corresponds to openssl_encrypt/openssl_decrypt functions in PHP.

Here is a sample script in PHP to generate a random initial vector and a random key. Then encrypt some text with openssl using blowfish algorithm and CBC as block mode:

$cipher = 'bf-cbc';
$iv_size = openssl_cipher_iv_length($cipher);
$key_size = 20;
$iv = random_bytes($iv_size);
$key = random_bytes($key_size);

$encrypted = openssl_encrypt('Hello World. Just a test here!', $cipher, $key, OPENSSL_RAW_DATA, $iv);

print "iv: ".base64_encode($iv)."\n";
print "key: ".base64_encode($key)."\n";
print "encrypted: ".base64_encode($encrypted)."\n";

For such an encryption, you need to replicate on both sides the same settings:

• Identical key data. May need you to hash key first.
• Identical initial vector
• Identical setting for padding of data to match required block size.
• Identical handling for keys with too small size. e.g. fill up with zero bytes.

You can run the PHP script above and copy the values into the Xojo code below:

If everything works fine, the result in the unencrypted text as in the PHP script.