There seem to be two issues: CryptoJS is not using your variable as the key. As @Miguel-F mentioned, when you pass in a string, “it’s treated as a passphrase and used to derive [the] actual key and IV”. Both are randomly generated, which is why your encrypted result keeps changing. But more importantly, this means … Read more
When a message is encrypted in this way: CryptoJS.AES.encrypt(“message”, “passphrase”) a password-based approach is used. For that CryptoJS generates a new salt and uses this salt in conjunction with the passphrase to derive the key and IV (I’ve recreated a derivation function for this question). After the ciphertext is produced a special OpenSSL formatter is … Read more
Disclaimer: Do not use encryption unless you understand encryption concepts including chaining mode, key derivation functions, IV and block size. And don’t roll your own security scheme but stick to an established one. Just throwing in encryption algorithms doesn’t mean an application has become any more secure. CryptoJS implements the same key derivation function as … Read more
The problem is that in the CryptoJS code a password is used to derive the key and the IV to be used for AES encryption, but mcrypt only uses the key to encrypt/decrypt. This information needs to be passed to php. Since you don’t want to transmit the password, you have to derive the key … Read more
I’ve required the same thing and i wrote a short library that works for CryptoJS 3.x and PHP with openssl support. Hope this helps, source plus example files here https://github.com/brainfoolong/cryptojs-aes-php PHP Lib /** * Decrypt data from a CryptoJS json encoding string * * @param mixed $passphrase * @param mixed $jsonString * @return mixed */ … Read more