Skip to content

Instantly share code, notes, and snippets.

@Lukas238

Lukas238/sfmc_ampscript_output.png

Last active August 8, 2024 13:33
Show Gist options
  • Save Lukas238/4bc11ff93603fa393aebbf036c1aff14 to your computer and use it in GitHub Desktop.
Save Lukas238/4bc11ff93603fa393aebbf036c1aff14 to your computer and use it in GitHub Desktop.
Download ZIP
SFMC DecryptSymmetric in PHP
Raw
sfmc_decryptsymmetric.php
<?php
/**
* SFMC DecryptSymmetric() PHP script
* by Lucas Dasso
* Gist: https://gist.github.com/Lukas238/4bc11ff93603fa393aebbf036c1aff14
*
*
* This is a PHP script that is able to decrypt encrypted strings by
* 'EncryptSymmetric()' SFMC function, using AES encryption algorithm
* in CBC mode with no padding ('AES;mode=cbc;padding=none').
*
*
* https://developer.salesforce.com/docs/marketing/marketing-cloud-ampscript/references/mc-ampscript-encryption/mc-ampscript-reference-encryption-encrypt-symmetric.html
* https://www.browserling.com/tools/random-hex
* https://salesforce.stackexchange.com/questions/157734/encryptsymmetric-ampscript-aes
*
*/
function buildKey($password, $salt)
{
return hash_pbkdf2("sha1", $password, hex2bin($salt), 1000, 32, true);
}
function decryptAES($data, $password, $salt, $initVector)
{
$key = buildKey($password, $salt);
$result = openssl_decrypt(base64_decode($data), 'aes-256-cbc', $key, OPENSSL_RAW_DATA, hex2bin($initVector));
return rtrim($result, "\0");
}
// Decrypt the string
$decryptedString = decryptAES($encryptedString, $password, $salt, $initVector);
echo $decryptedString; // Print the decrypted string
?>
Raw
sfmc_decryptsymmetric_online.php
<?php
function buildKey($password, $salt)
{
return hash_pbkdf2("sha1", $password, hex2bin($salt), 1000, 32, true);
}
function decryptAES($data, $password, $salt, $initVector)
{
$key = buildKey($password, $salt);
$result = openssl_decrypt(base64_decode($data), 'aes-256-cbc', $key, OPENSSL_RAW_DATA, hex2bin($initVector));
return rtrim($result, "\0");
}
$feedback = [];
if($_SERVER['REQUEST_METHOD'] == 'POST' ){
if (!empty($_POST["hash"]) && !empty($_POST["password"]) && !empty($_POST["iv"]) && !empty($_POST["salt"])) {
$encryptedString = $_POST['hash'];
$password = $_POST['password'];
$initVector = $_POST['iv'];
$salt = $_POST['salt'];
$errors = [];
if (!ctype_xdigit($initVector)) {
$errors[] = '<div class="alert alert-warning mt-4">The initialization vector must be an hexadecimal string.</div>';
}
if (!ctype_xdigit($salt)) {
$errors[] = '<div class="alert alert-warning mt-4">The salt must be an hexadecimal string.</div>';
}
if (!empty($errors)) {
$feedback = $errors;
} else {
// Decrypt the string
$decryptedString = decryptAES($encryptedString, $password, $salt, $initVector);
if ($decryptedString) {
$feedback[] = '<div class="alert alert-success mt-4">Decrypted String: <code>' . htmlspecialchars($decryptedString) . '</code></div>';
} else {
$feedback[] = '<div class="alert alert-danger mt-4">Failed to decrypt the string.</div>';
}
}
} else {
$feedback[] = '<div class="alert alert-warning mt-4">Please fill in all the fields.</div>';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Salesforce Marketing Cloud DecryptSymmetric() online</title>
<link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/highlightjs/[email protected]/build/styles/default.min.css">
<script src="https://cdn.jsdelivr.net/gh/highlightjs/[email protected]/build/highlight.min.js"></script>
</head>
<body>
<div class="container mt-4">
<h1>SFMC DecryptSymmetric() in PHP</h1>
<div class="card my-5">
<div class="card-body">
<div class="row">
<div class="col border-end">
<form method="post" action="">
<div class="mb-3">
<label for="hash" class="form-label">Encrypted String:</label>
<input type="text" id="hash" name="hash" class="form-control" value="<?php echo $encryptedString ?? ''; ?>">
</div>
<div class="mb-3">
<label for="password" class="form-label">Password:</label>
<input type="text" id="password" name="password" class="form-control" value="<?php echo $password ?? ''; ?>">
</div>
<div class="mb-3">
<label for="salt" class="form-label">Salt:</label>
<input type="text" id="salt" name="salt" class="form-control" value="<?php echo $salt ?? ''; ?>">
</div>
<div class="mb-3">
<label for="iv" class="form-label">Initialization Vector:</label>
<input type="text" id="iv" name="iv" class="form-control" value="<?php echo $initVector ?? ''; ?>">
</div>
<button type="submit" name="submit" class="btn btn-primary">Decrypt String</button>
<a href="" class="btn btn-secondary">Reset</a>
<button type="button" class="btn btn-link" onclick="prefillForm()">Prefill form with example values</button>
<?php
if(!empty($feedback)){
echo join("\n", $feedback);
}
?>
</form>
</div>
<div class="col">
<h4>How to use</h4>
<p>Fill in the form with the required information and click the "Decrypt String" button. The decrypted string will be displayed along with the other information.</p>
<p>You can also click the "Prefill form with example values" button to automatically fill in the form with example values.</p>
<p>This PHP script expects a string encrypted by SFMC EncrypotSymmetric() function with the following configuration:</p>
<ul>
<li><label class="fw-bold">Encryption Type</label>: AES</li>
<li><label class="fw-bold">Encryption Mode</label>: CBC</li>
<li><label class="fw-bold">Encryption Padding</label>: None</li>
<li><label class="fw-bold">Password</label>: An user-defined password string, of any length.</li>
<li><label class="fw-bold">Salt</label>: An hexadecimal string of 128 bits, of 32 characters.</li>
<li><label class="fw-bold">Initializing Vector</label>: An hexadecimal string of 128 bits, of 32 characters.</li>
</ul>
</div>
</div>
</div>
</div>
<h2>PHP script</h2>
<pre><code class="language-php">&lt;?php
/**
* SFMC DecryptSymmetric() PHP script
* by Lucas Dasso <[email protected]>
* Gist: https://gist.github.com/Lukas238/4bc11ff93603fa393aebbf036c1aff14
*
*
* This is a PHP script that is able to decrypt encrypted strings by
* 'EncryptSymmetric()' SFMC function, using AES encryption algorithm
* in CBC mode with no padding ('AES;mode=cbc;padding=none').
*
*
* https://developer.salesforce.com/docs/marketing/marketing-cloud-ampscript/references/mc-ampscript-encryption/mc-ampscript-reference-encryption-encrypt-symmetric.html
* https://www.browserling.com/tools/random-hex
* https://salesforce.stackexchange.com/questions/157734/encryptsymmetric-ampscript-aes
*
*/
function buildKey($password, $salt)
{
return hash_pbkdf2("sha1", $password, hex2bin($salt), 1000, 32, true);
}
function decryptAES($data, $password, $salt, $initVector)
{
$key = buildKey($password, $salt);
$result = openssl_decrypt(base64_decode($data), 'aes-256-cbc', $key, OPENSSL_RAW_DATA, hex2bin($initVector));
return rtrim($result, "\0");
}
// Decrypt the string
$decryptedString = decryptAES($encryptedString, $password, $salt, $initVector);
echo $decryptedString; // Print the decrypted string
?&gt;
</code></pre>
<hr class="my-5" />
<h2>AMP Script Demo code</h2>
<p>The following AMPscript code is used to demonstrate the process of symmetric encryption and decryption using Salesforce Marketing Cloud's EncryptSymmetric and DecryptSymmetric functions. You can use this code in your SFMC email to encrypt your string.</p>
<h4>Output</h4>
<img src="sfmc_ampscript_output.png" alt="" width="640" class="border shadow mb-4">
<h4>AMP script code</h4>
<pre><code class="language-html">%%[
SET @ORG_STR = &quot;ABC123456&quot;
SET @ENC_TYPE = &quot;AES;mode=cbc;padding=none&quot;
SET @ENC_MODE = &quot;cbc&quot;
SET @ENC_PWD = &quot;passwordpassword&quot;
SET @ENC_IV = &quot;52d64e46581f401614c62fe88e4ecac8&quot;
SET @ENC_SALT = &quot;3d31a0f21452ee1599185d1ac9d301f5&quot;
/* EncryptSymetric() */
SET @ENC_STR = EncryptSymmetric(@ORG_STR, /* String to encrypt */
@ENC_TYPE, /* Encryption algorithm */
@null, /* Password external key. Not used. */
@ENC_PWD, /* Password value */
@null, /* Salt external key. Not used. */
@ENC_SALT, /* Salt value */
@null, /* IV external key. Not used. */
@ENC_IV /* IV value */)
/* DecryptSymetric() */
Set @DEC_STR=DecryptSymmetric(@ENC_STR, /* String to decrypt */
@ENC_TYPE, /* Encryption algorithm */
@null, /* Password external key. Not used. */
@ENC_PWD, /* Password value */
@null, /* Salt external key. Not used. */
@ENC_SALT, /* Salt value */
@null, /* IV external key. Not used. */
@ENC_IV /* IV value */
)
]%%
&lt;h1&gt;SFMC AMPScript EncryptSymmetric Test&lt;/h1&gt;
&lt;ul&gt;
&lt;li&gt;&lt;label&gt;Original String:&lt;/label&gt; %%=v(@ORG_STR)=%%&lt;/li&gt;
&lt;li&gt;&lt;label&gt;Encodding type:&lt;/label&gt; %%=v(@ENC_TYPE)=%% &lt;/li&gt;
&lt;li&gt;&lt;label&gt;Encodding Mode:&lt;/label&gt; %%=v(@ENC_MODE)=%% &lt;/li&gt;
&lt;li&gt;&lt;label&gt;Encodding Password:&lt;/label&gt; %%=v(@ENC_PWD)=%% &lt;/li&gt;
&lt;li&gt;&lt;label&gt;Encodding Salt:&lt;/label&gt; %%=v(@ENC_SALT)=%% &lt;/li&gt;
&lt;li&gt;&lt;label&gt;Encodding IV:&lt;/label&gt; %%=v(@ENC_IV)=%% &lt;/li&gt;
&lt;li&gt;------------------------------------------&lt;/li&gt;
&lt;li&gt;&lt;label&gt;Encoded String:&lt;/label&gt; &apos;%%=v(@ENC_STR)=%%&apos;&lt;/li&gt;
&lt;li&gt;&lt;label&gt;Decoded String:&lt;/label&gt; &apos;%%=v(@DEC_STR)=%%&apos;&lt;/li&gt;
&lt;/ul&gt;
</code></pre>
<p>Here's a brief description of each part:</p>
<ul>
<li><label class="fw-bold">Variable Initialization</label>: The script starts by setting several variables, including the original string to be encrypted (@ORG_STR), the encryption type (@ENC_TYPE), password (@ENC_PWD), initialization vector (@ENC_IV), and salt (@ENC_SALT).</li>
<li><label class="fw-bold">Encryption</label>: The EncryptSymmetric function is called with these parameters to encrypt the original string. The encrypted string is stored in the @ENC_STR variable.
</li>
<li><label class="fw-bold">Decryption</label>: The DecryptSymmetric function is then called with the same parameters (plus the encrypted string) to decrypt the string back to its original form. The decrypted string is stored in the @DEC_STR variable.</li>
<li><label class="fw-bold">Output</label>: The script then outputs an HTML list with the original string, encryption parameters, encrypted string, and decrypted string.</li>
</ul>
<hr class="my-5" />
<h2>Additional resources</h2>
<ul>
<li><label>SFMC EncryptSymmetric() documentation</label>: <br/><a href="https://developer.salesforce.com/docs/marketing/marketing-cloud-ampscript/references/mc-ampscript-encryption/mc-ampscript-reference-encryption-encrypt-symmetric.html">https://developer.salesforce.com/docs/marketing/marketing-cloud-ampscript/references/mc-ampscript-encryption/mc-ampscript-reference-encryption-encrypt-symmetric.html</a></li>
<li><label>Ramdom Hex string generator</label>: <br/><a href="https://www.browserling.com/tools/random-hex">https://www.browserling.com/tools/random-hex</a></li>
</ul>
</div>
<script>
hljs.highlightAll();
function prefillForm() {
// Prefil the form inputs with predefined values
document.getElementById('hash').value = 'FSFthGJqGj0QogulhQiq2g==';
document.getElementById('password').value = 'passwordpassword';
document.getElementById('salt').value = '3d31a0f21452ee1599185d1ac9d301f5';
document.getElementById('iv').value = '52d64e46581f401614c62fe88e4ecac8';
return false;
}
</script>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment