I was using “mcrypt-*” for decoding the response in previous PHP 5.6 version but now in PHP 7.2 version as it is deprecated I am using openSSL method. But it is not working properly hopefully I am missing something.
$value="###lllljG5ZOibDGtlL gcQLAtTQUnCJ/bE2glWsL1WKVPdC22c9GtGe/Npx9Uv9IYaszOAVXB4T9s7Hsss/2XpZ9oisx5M4jeV7RK2S/JrBt2E4GEcDGwuJs6NhkKV8hdOcU tmkJLxO3OJ OgVbqrT6a4v5RE7w eP zvQwZyAR5cYCKUYomou9mL/pvfLbe RrBe5ZnMQmUrD6cwUxEE/inikMvIb4K7HI fVPid N B3iPnIYQna6/v9W5A0kslBj6BBDjVXJabwmCSDVxbArm0GDNseWoQAEa4BMxYitqP6cVTxL5Kri8xbAKCW5/unnYnudkHQjNJWW7LuiwDxsBqwQv8D/R/Ff/joFW6q0 muI16/CfIoFnYAyAJWNlKCX9";
$value = urldecode($value);
$value = str_replace(" ", "+", $value);
$abc = triple_decrypt($value);
print_r($abc);
PHP 5.6 working fine
function triple_decrypt($input){
$key = "thisis87658748639testkey";
$input = base64_decode($input);
$td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$pwd = trim(mdecrypt_generic($td, $input), "x00..x0F");
mcrypt_generic_end($td);
return $pwd;
}
PHP 7.2
function triple_decrypt($input){
$key = "thisis87658748639testkey";
$cipher = "des-ede3";
$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$pwd = openssl_decrypt($input, $cipher, $key, $options=0, $iv);
return $pwd;
}
2
Answers
You can do using
openssl()
openssl uses PKCS7-padding and mcrypt Zero-padding [0][1][2]. To decrypt the ciphertext with openssl, openssl‘s padding must be disabled and mcrypt‘s Zero-padding bytes must be removed:
However, note the following with regard to a reimplementation of encryption and decryption: ECB is an insecure mode [3]. Instead, CBC or even better GCM should be used [4][5]. Instead of Triple-DES the modern and faster todays standard AES is recommended [6]. Zero-padding is unreliable, PKCS7-padding should be applied instead.
Furthermore, the mcrypt code is to some extent inconsistent:
openssl_cipher_iv_length
returns0
in the openssl code [7]).mcrypt_generic_init
ignores the IV in case of the ECB mode [8], so it’s not used in the mcrypt code and therefore not needed in the openssl code.