« MBS Xojo / Real Studi… | Home | Special offer for Jan… »

AES in Xojo and PHP

Today we had the question how to encrypt text in Xojo or PHP and get same results. As both PHP and MBS Plugin can use OpenSSL library to encrypt, we can use the same parameters for both.

In thise case we use AES 256bit with CBC encryption. This requires a key length of 32 bytes exactly, so we use SHA 256 to get from the key a 32 byte key from whatever we have a plain text key. Be aware that different text encoding can produce different keys. So best make sure the key is UTF-8 before hashing. For the initialization vector, we also use a hashed text and pick first 16 bytes. The number of bytes for IV is variable as different encryptions may use different IV lengths.

Here is the example code for Xojo: 

dim keyPlainText as string = "Hello"

dim ivPlainText as string = "test"

dim dataPlaintext as string = "Just a test message. äöü"


dim algorithm as string = "aes-256-cbc"



// init


dim c as CipherMBS = CipherMBS.CipherByName(algorithm)

dim ivLength as integer = c.IVLength


dim keyHash as string = SHA256MBS.Hash(keyPlainText)

dim ivHash as string = SHA256MBS.Hash(ivPlainText)

dim IV as string = leftb(ivHash, ivLength)


// encrypt


call c.EncryptInit keyHash, IV

dim EncryptedData as string = c.ProcessString(dataPlaintext) + c.FinalizeAsString


dim database64 as string = EncodeBase64(EncryptedData, 0)


MsgBox "Key: "+EncodeHex(keyHash)+EndOfLine+_

"IV: "+EncodeHex(IV)+EndOfLine+_

"Data: "+database64


// decrypt


call c.DecryptInit keyHash, IV

dim DecryptedData as string = c.ProcessString(EncryptedData) + c.FinalizeAsString


DecryptedData = DefineEncoding(DecryptedData, encodings.UTF8)


MsgBox DecryptedData 

and the same in PHP: 



// use of OpenSSL requires PHP 5.3


header('Content-Type: text/plain; charset=UTF-8');


$key "Hello";

$iv  "test";


$plaintext "Just a test message. äöü";


// encrypt with AES 256bit and CBC mode

$algorithm "aes-256-cbc";


// calculate IV/Key using hash functions


$ivLength openssl_cipher_iv_length($algorithm);


$keyHash hash("sha256"$keytrue);

$ivHash  hash("sha256"$ivtrue);



$ivHash substr($ivHash0$ivLength);


// encrypt


$data openssl_encrypt($plaintext$algorithm$keyHash0$ivHash);


echo "Key: " strToHex($keyHash) . "\n";

echo "IV: " strToHex($ivHash) . "\n";

echo "Data encrypted: " $data "\n";


// decrypt


$data openssl_decrypt($data$algorithm$keyHash0$ivHash);


echo "Data decrypted: " $data "\n";

// umlauts show only right if output is read as UTF-8


// helper function to show binary data as hex string

function strToHex($string)


    $hex '';

    for ($i 0$i strlen($string); $i++) {

        $hex .= dechex(ord($string[$i]));


    return $hex;




03 01 16 - 20:57
one comment

Thanks a lot for this solution. That helped me to make it in 10 Minutes. One little remark, You should switch the line in strToHex function of PHP to:

$hex .= substr(“0”.dechex(ord($string[$i])), -2, 2);

You will see the correct hex numbers then.
Bodo Hantschmann (URL) - 06 09 17 - 02:31

Remember personal info?

Emoticons / Textile

Hide email:

Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.