0

I've been tasked with migrating the encryption code on a website that was running on PHP 5.x to 7.4, and it was using mcrypt which has now been removed. After some digging around I found out there are a few problems with this. The code with mcrypt:

 $secretKey = 'keyhere'; // 24-bytes long
 $string = "texttoencrypt";
 $encryption = MCRYPT_RIJNDAEL_256;
 $mode = MCRYPT_MODE_ECB;
 $enc_iv = mcrypt_create_iv(mcrypt_get_iv_size($encryption, $mode), MCRYPT_RAND);
 $enc_result = base64_encode(mcrypt_encrypt($encryption, $secretKey, $string, $mode, $enc_iv));

this gives a different result with openssl since MCRYPT_RIJNDAEL_256 isn't really aes-256-ecb from what I understood

$cipher = "aes-256-ecb";
if (in_array($cipher, openssl_get_cipher_methods()))
{
    $enc_result = base64_encode(openssl_encrypt($string, $cipher, $secretKey, OPENSSL_RAW_DATA, $enc_iv));
}

I assume the IV for the openssl call has to be a different size, and the block size for this cipher is not the same as for MCRYPT_RIJNDAEL_256 on mcrypt.

The main problem is there is already a lot of data stored that was encrypted with mcrypt, so I would need an openssl compatible way to decrypt that. Is this in any way possible or are the only options decrypting the data with mcrypt first or installing other compatible libraries? (the website is on a shared server so they would need to be moved to a VPS first to install extra packages).

hikari
  • 3,222
  • 30
  • 68
  • 1
    To my knowledge `openssl_encrypt` / `openssl_decrypt` does _not_ support Rijndael with a block size of 256 bit. But you can use other libraries, e.g. [_phpseclip_](https://github.com/phpseclib/phpseclib), which also runs with PHP 7.3 (and probably also with 7.4), see also [here](http://phpseclib.sourceforge.net/crypt/2.0/examples.html#rijndael,ecb,outer,k128,kr192,b256,key,padding,1.0,) and [here](https://stackoverflow.com/a/53937314/9014097). – Topaco Jun 11 '20 at 06:11

0 Answers0