Of Stack

How to deal with the incompatibility of openssl decryption mcrypt AES data after upgrading PHP7.1

  • 2021-10-16 01:21:12
  • OfStack

This is a topic that was created 374 days ago, and the information in it may have evolved or changed. 


$key = "01234567891234560123456789123456";
$iv = "0123456789123456";
// Original  mcrypt  Encryption 
$en_data = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, "0123456789123456", MCRYPT_MODE_CBC, $iv));
var_dump("mcrypt_encrypt:");
var_dump(bin2hex(base64_decode($en_data)));
var_dump($en_data);
$de_data = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, base64_decode($en_data), MCRYPT_MODE_CBC, $iv);
var_dump("mcrypt_decrypt:");
var_dump($de_data);
//OpenSSL  Encryption 
$en_data = base64_encode(openssl_encrypt("0123456789123456", "aes-128-cbc", $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv));
var_dump("openssl_encrypt:");
var_dump(bin2hex(base64_decode($en_data)));
var_dump($en_data);
$de_data = openssl_decrypt(base64_decode($en_data), "aes-128-cbc", $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
var_dump("openssl_decrypt:");
var_dump($de_data);
var_dump(openssl_error_string());

Output 


string 'mcrypt_encrypt:' (length=15)
string '098edde21e92cbc01078469509f877de' (length=32)
string 'CY7d4h6Sy8AQeEaVCfh33g==' (length=24)
string 'mcrypt_decrypt:' (length=15)
string '0123456789123456' (length=16)
string 'openssl_encrypt:' (length=16)
string '434b1b1eb39024f270672bcd16bfe7f9' (length=32)
string 'Q0sbHrOQJPJwZyvNFr/n+Q==' (length=24)
string 'openssl_decrypt:' (length=16)
string '0123456789123456' (length=16)
string 'error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length' (length=89)

What is currently being used is the PHP algorithm, which uses a 32-bit secret key and a 16-bit vector. However, in openssl, the result of this encryption is not 1, and 1 error is thrown

Unsure how to deal with mcrypt encrypted data, with openssl decryption, the length of the secret key can not be changed, the source code of libmcrypt can not understand how it is compatible with the long secret key

Postscript to Article 1 12:04:08 +08:00 2017-06-23

Problem resolved: 


$en_data = base64_encode(openssl_encrypt("0123456789123456", "aes-256-cbc", $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv)); 
var_dump($en_data); 
$de_data = openssl_decrypt(base64_decode($en_data), "aes-256-cbc", $key, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv); 
var_dump($de_data);

Simply replace it with aes-256-cbc, except for warnings

Summarize

Related articles: