Understanding the Weird Treatment of the OpenSSL AES-256-GCM Authentication Tag in PHP 7.1

When working with PHP 7.1 and using the OpenSSL AES-256-GCM encryption, you may have encountered a strange behavior with the authentication tag. Let’s explore this issue and understand why it happens.

The Encryption and Decryption Process

In PHP 7.1, you can successfully encrypt a string using the AES-256-GCM mode. The encryption process involves generating a random key and initialization vector (IV), and then using the openssl_encrypt function to encrypt the string.

To decrypt the encrypted string, you would use the openssl_decrypt function, providing the same key, IV, and authentication tag that were used during encryption.

The Weird Behavior

During testing, you may have discovered that even if you modify the authentication tag or remove part of it, the decryption process still succeeds. This behavior raises concerns about the security of the AES-256-GCM encryption in PHP 7.1.

The Explanation

According to the Wikipedia page on Galois/Counter Mode (GCM), the tag length (t) is a security parameter and can have various values, including 128, 120, 112, 104, or 96 bits. However, PHP’s openssl_decrypt function does not enforce any specific tag length, accepting any valid tag size.

This means that even if the tag length is not within the recommended range, the decryption process will still proceed without errors. As a result, the security of GCM encryption in PHP 7.1 can be compromised, as the tag becomes easily brute-forcible.

The Solution

To address this issue and ensure the security of your encryption, you should verify the tag length before passing it to the openssl_decrypt function. By checking that the tag length falls within the recommended range, you can prevent potential vulnerabilities.

Conclusion

The strange treatment of the OpenSSL AES-256-GCM authentication tag in PHP 7.1 can be concerning, but by understanding the issue and implementing proper tag length verification, you can enhance the security of your encryption. It’s important to stay informed about potential vulnerabilities and take appropriate measures to protect your data.

Leave a Reply

Your email address will not be published. Required fields are marked *