Featured image of post Cross-Service Data Verification Using AES Algorithm

Cross-Service Data Verification Using AES Algorithm

API Permission Verification

Recently while working on an advertising service that requires cross-application data transmission between backend services (PHP + Go), we chose symmetric encryption for implementation.

Common Pitfalls

Key Length

  • Errors may occur if using a 32-bit key (since documentation states valid lengths are 16, 24, 32)

    AES-128: Requires 16-byte key
    AES-192: Requires 24-byte key
    AES-256: Requires 32-byte key

  • Always match key length to the selected algorithm.

Padding Algorithm

  • Easily overlooked in PHP due to simple usage:
$text = "String to encrypt";
// Key length must match algorithm requirements
$key = "2bfbd593bb32b2b9";
// AES-128-ECB depends on chosen algorithm
openssl_encrypt($text, 'AES-128-ECB', $key);
  • The above produces base64-encoded output by default. For raw binary data:
openssl_encrypt($text, 'AES-128-ECB', $key, OPENSSL_RAW_DATA);
  • The fourth parameter can also specify custom padding.

Inter-Service Debugging Tips

  • Avoid direct debugging between two services initially.
  • First validate encryption/decryption using online tools, then proceed with inter-service testing.