skip to Main Content

I was using “mcrypt-*” for decoding the response in previous PHP 5.6 version but now in PHP 7.2 version as it is deprecated I am using openSSL method. But it is not working properly hopefully I am missing something.

$value="###lllljG5ZOibDGtlL gcQLAtTQUnCJ/bE2glWsL1WKVPdC22c9GtGe/Npx9Uv9IYaszOAVXB4T9s7Hsss/2XpZ9oisx5M4jeV7RK2S/JrBt2E4GEcDGwuJs6NhkKV8hdOcU tmkJLxO3OJ OgVbqrT6a4v5RE7w eP zvQwZyAR5cYCKUYomou9mL/pvfLbe RrBe5ZnMQmUrD6cwUxEE/inikMvIb4K7HI fVPid N B3iPnIYQna6/v9W5A0kslBj6BBDjVXJabwmCSDVxbArm0GDNseWoQAEa4BMxYitqP6cVTxL5Kri8xbAKCW5/unnYnudkHQjNJWW7LuiwDxsBqwQv8D/R/Ff/joFW6q0 muI16/CfIoFnYAyAJWNlKCX9";

    $value = urldecode($value);
    $value = str_replace(" ", "+", $value);

    $abc = triple_decrypt($value);
    print_r($abc);

PHP 5.6 working fine

function triple_decrypt($input){
    $key = "thisis87658748639testkey";
    $input = base64_decode($input);
    $td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
    $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
    mcrypt_generic_init($td, $key, $iv);
    $pwd = trim(mdecrypt_generic($td, $input), "x00..x0F");
    mcrypt_generic_end($td);
    return $pwd;
}

PHP 7.2

function triple_decrypt($input){
    $key = "thisis87658748639testkey";
    $cipher = "des-ede3";
    $ivlen = openssl_cipher_iv_length($cipher);
    $iv = openssl_random_pseudo_bytes($ivlen);
    $pwd = openssl_decrypt($input, $cipher, $key, $options=0, $iv);
    return $pwd;
}

2

Answers


  1. You can do using openssl()

    function encryptIt($q) {
    
     $cryptKey  = 'YourProjectname'; //any string
    
     $encryptionMethod = "AES-256-CBC"; 
     $secretHash = "25c6c7rr35b9979b151f0205cd13b0vv"; // any hash
    
    //To encrypt
     $qEncoded = openssl_encrypt($q, $encryptionMethod, $secretHash);
    
     return $qEncoded;
    
    }
    
    function decryptIt($q) {
    
     $cryptKey = 'YourProjectname'; //any string
     $encryptionMethod = "AES-256-CBC"; 
     $secretHash = "25c6c7rr35b9979b151f0205cd13b0vv"; // any hash
    
    
    //To Decrypt
     $qDecoded = openssl_decrypt($q, $encryptionMethod, $secretHash);
    
     return $qDecoded;
    
    }
    
    $encryptedstring = encryptIt('TEST');
    echo "<br/>";
    echo decryptIt($encryptedstring); 
    
    Login or Signup to reply.
  2. openssl uses PKCS7-padding and mcrypt Zero-padding [0][1][2]. To decrypt the ciphertext with openssl, openssl‘s padding must be disabled and mcrypt‘s Zero-padding bytes must be removed:

    function triple_decrypt($input){
        $key = "thisis87658748639testkey";
        $cipher = "des-ede3";
        $decrypted = openssl_decrypt($input, $cipher, $key, $options=OPENSSL_ZERO_PADDING); // Disable openssl's PKCS7-padding
        $unpadded = trim($decrypted, "x00..x0F");                                         // Remove mcrypt's Zero-padding bytes
        return $unpadded;
    }
    

    However, note the following with regard to a reimplementation of encryption and decryption: ECB is an insecure mode [3]. Instead, CBC or even better GCM should be used [4][5]. Instead of Triple-DES the modern and faster todays standard AES is recommended [6]. Zero-padding is unreliable, PKCS7-padding should be applied instead.


    Furthermore, the mcrypt code is to some extent inconsistent:

    • The ECB mode doesn’t use an IV (this is also the reason why openssl_cipher_iv_length returns 0 in the openssl code [7]). mcrypt_generic_init ignores the IV in case of the ECB mode [8], so it’s not used in the mcrypt code and therefore not needed in the openssl code.
    • And if a mode would be used that requires an IV, then the following would have to be considered: The IV is always needed for encryption and decryption. Therefore, a random IV is generated (and used) during encryption and then passed on to the recipient together with the ciphertext, where it’s used for decryption. Since the IV isn’t secret, it’s usually prefixed to the ciphertext. The generation of a random IV during decryption therefore makes no sense.
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search