mcrypt is deprecated, what is the alternative?



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








76















The mcrypt-extension is deprecated will be removed in PHP 7.2 according to the comment posted here. So I am looking for an alternative way to encrypt passwords.



Right now I am using something like



mcrypt_encrypt(MCRYPT_RIJNDAEL_128, md5($key, true), $string, MCRYPT_MODE_CBC, $iv)


I need your opinion for the best/strongest way to encrypt passwords, the encrypted password should of course supported by PHP 7.xx and should also be decryptable because my customers do want to have an option to 'recover' their passwords without generating a new one.










share|improve this question



















  • 7





    Why do you need to encrypt/decrypt passwords? Why not just hash them with password_hash and verify them with password_verify?

    – Don't Panic
    Dec 21 '16 at 21:36






  • 3





    "the encrypted password should also be decryptable" - why? doesn't sound too safe. Any special reason?

    – Funk Forty Niner
    Dec 21 '16 at 21:37







  • 15





    "because my customers do want to have option to 'recover' their passwords without generating a new one." - That isn't safe and they should be given the option to reset their passwords instead.

    – Funk Forty Niner
    Dec 21 '16 at 22:04







  • 2





    Do not encrypt passwords, when the attacker gets the DB he will also get the encryption key. Iterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use functions such as password_hash, PBKDF2, Bcrypt and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force.

    – zaph
    Mar 8 '17 at 16:32






  • 1





    From the php manual -> This function has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged. Alternative is sodium -> php.net/manual/en/book.sodium.php

    – MarcoZen
    Jul 19 '18 at 6:09


















76















The mcrypt-extension is deprecated will be removed in PHP 7.2 according to the comment posted here. So I am looking for an alternative way to encrypt passwords.



Right now I am using something like



mcrypt_encrypt(MCRYPT_RIJNDAEL_128, md5($key, true), $string, MCRYPT_MODE_CBC, $iv)


I need your opinion for the best/strongest way to encrypt passwords, the encrypted password should of course supported by PHP 7.xx and should also be decryptable because my customers do want to have an option to 'recover' their passwords without generating a new one.










share|improve this question



















  • 7





    Why do you need to encrypt/decrypt passwords? Why not just hash them with password_hash and verify them with password_verify?

    – Don't Panic
    Dec 21 '16 at 21:36






  • 3





    "the encrypted password should also be decryptable" - why? doesn't sound too safe. Any special reason?

    – Funk Forty Niner
    Dec 21 '16 at 21:37







  • 15





    "because my customers do want to have option to 'recover' their passwords without generating a new one." - That isn't safe and they should be given the option to reset their passwords instead.

    – Funk Forty Niner
    Dec 21 '16 at 22:04







  • 2





    Do not encrypt passwords, when the attacker gets the DB he will also get the encryption key. Iterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use functions such as password_hash, PBKDF2, Bcrypt and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force.

    – zaph
    Mar 8 '17 at 16:32






  • 1





    From the php manual -> This function has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged. Alternative is sodium -> php.net/manual/en/book.sodium.php

    – MarcoZen
    Jul 19 '18 at 6:09














76












76








76


18






The mcrypt-extension is deprecated will be removed in PHP 7.2 according to the comment posted here. So I am looking for an alternative way to encrypt passwords.



Right now I am using something like



mcrypt_encrypt(MCRYPT_RIJNDAEL_128, md5($key, true), $string, MCRYPT_MODE_CBC, $iv)


I need your opinion for the best/strongest way to encrypt passwords, the encrypted password should of course supported by PHP 7.xx and should also be decryptable because my customers do want to have an option to 'recover' their passwords without generating a new one.










share|improve this question
















The mcrypt-extension is deprecated will be removed in PHP 7.2 according to the comment posted here. So I am looking for an alternative way to encrypt passwords.



Right now I am using something like



mcrypt_encrypt(MCRYPT_RIJNDAEL_128, md5($key, true), $string, MCRYPT_MODE_CBC, $iv)


I need your opinion for the best/strongest way to encrypt passwords, the encrypted password should of course supported by PHP 7.xx and should also be decryptable because my customers do want to have an option to 'recover' their passwords without generating a new one.







php encryption passwords php-7 mcrypt






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 5 '18 at 11:06









kenorb

71.1k30414421




71.1k30414421










asked Dec 21 '16 at 21:34









PietPiet

6591920




6591920







  • 7





    Why do you need to encrypt/decrypt passwords? Why not just hash them with password_hash and verify them with password_verify?

    – Don't Panic
    Dec 21 '16 at 21:36






  • 3





    "the encrypted password should also be decryptable" - why? doesn't sound too safe. Any special reason?

    – Funk Forty Niner
    Dec 21 '16 at 21:37







  • 15





    "because my customers do want to have option to 'recover' their passwords without generating a new one." - That isn't safe and they should be given the option to reset their passwords instead.

    – Funk Forty Niner
    Dec 21 '16 at 22:04







  • 2





    Do not encrypt passwords, when the attacker gets the DB he will also get the encryption key. Iterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use functions such as password_hash, PBKDF2, Bcrypt and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force.

    – zaph
    Mar 8 '17 at 16:32






  • 1





    From the php manual -> This function has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged. Alternative is sodium -> php.net/manual/en/book.sodium.php

    – MarcoZen
    Jul 19 '18 at 6:09













  • 7





    Why do you need to encrypt/decrypt passwords? Why not just hash them with password_hash and verify them with password_verify?

    – Don't Panic
    Dec 21 '16 at 21:36






  • 3





    "the encrypted password should also be decryptable" - why? doesn't sound too safe. Any special reason?

    – Funk Forty Niner
    Dec 21 '16 at 21:37







  • 15





    "because my customers do want to have option to 'recover' their passwords without generating a new one." - That isn't safe and they should be given the option to reset their passwords instead.

    – Funk Forty Niner
    Dec 21 '16 at 22:04







  • 2





    Do not encrypt passwords, when the attacker gets the DB he will also get the encryption key. Iterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use functions such as password_hash, PBKDF2, Bcrypt and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force.

    – zaph
    Mar 8 '17 at 16:32






  • 1





    From the php manual -> This function has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged. Alternative is sodium -> php.net/manual/en/book.sodium.php

    – MarcoZen
    Jul 19 '18 at 6:09








7




7





Why do you need to encrypt/decrypt passwords? Why not just hash them with password_hash and verify them with password_verify?

– Don't Panic
Dec 21 '16 at 21:36





Why do you need to encrypt/decrypt passwords? Why not just hash them with password_hash and verify them with password_verify?

– Don't Panic
Dec 21 '16 at 21:36




3




3





"the encrypted password should also be decryptable" - why? doesn't sound too safe. Any special reason?

– Funk Forty Niner
Dec 21 '16 at 21:37






"the encrypted password should also be decryptable" - why? doesn't sound too safe. Any special reason?

– Funk Forty Niner
Dec 21 '16 at 21:37





15




15





"because my customers do want to have option to 'recover' their passwords without generating a new one." - That isn't safe and they should be given the option to reset their passwords instead.

– Funk Forty Niner
Dec 21 '16 at 22:04






"because my customers do want to have option to 'recover' their passwords without generating a new one." - That isn't safe and they should be given the option to reset their passwords instead.

– Funk Forty Niner
Dec 21 '16 at 22:04





2




2





Do not encrypt passwords, when the attacker gets the DB he will also get the encryption key. Iterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use functions such as password_hash, PBKDF2, Bcrypt and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force.

– zaph
Mar 8 '17 at 16:32





Do not encrypt passwords, when the attacker gets the DB he will also get the encryption key. Iterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use functions such as password_hash, PBKDF2, Bcrypt and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force.

– zaph
Mar 8 '17 at 16:32




1




1





From the php manual -> This function has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged. Alternative is sodium -> php.net/manual/en/book.sodium.php

– MarcoZen
Jul 19 '18 at 6:09






From the php manual -> This function has been DEPRECATED as of PHP 7.1.0. Relying on this function is highly discouraged. Alternative is sodium -> php.net/manual/en/book.sodium.php

– MarcoZen
Jul 19 '18 at 6:09













10 Answers
10






active

oldest

votes


















37














It's best practice to hash passwords so they are not decryptable. This makes things slightly more difficult for attackers that may have gained access to your database or files.



If you must encrypt your data and have it decryptable, a guide to secure encryption/decryption is available at https://paragonie.com/white-paper/2015-secure-php-data-encryption. To summarize that link:



  • Use Libsodium - A PHP extension

  • If you can't use Libsodium, use defuse/php-encryption - Straight PHP code

  • If you can't use Libsodium or defuse/php-encryption, use OpenSSL - A lot of servers will already have this installed. If not, it can be compiled with --with-openssl[=DIR]





share|improve this answer


















  • 1





    I will take a look at those options, thanks for the answer and thanks everyone for the reply's!

    – Piet
    Dec 22 '16 at 7:34






  • 1





    Should first try openssl because it is very common, where libsodium isn't. Raw php shouldn't be used unless all native extension are out if question

    – JSON
    Mar 23 '17 at 17:19











  • even though openssl is very common, it seems that php 7 will be using libsodium for its core cryptography securityintelligence.com/news/…

    – shadi
    Mar 24 '17 at 8:31












  • What abt old data which is already encrypted in PHP 5.3??

    – Niranjan N Raju
    Nov 24 '17 at 10:41






  • 1





    Note there is a library called Sodium-compat (github.com/paragonie/sodium_compat) which works in PHP >= 5.2.4

    – RaelB
    Apr 30 '18 at 17:24



















18














As suggested by @rqLizard, you can use openssl_encrypt/openssl_decrypt PHP functions instead which provides a much
better alternative to implement AES (The Advanced Encryption Standard) also known as Rijndael encryption.



As per the following Scott's comment at php.net:




If you're writing code to encrypt/encrypt data in 2015, you should use openssl_encrypt() and openssl_decrypt(). The underlying library (libmcrypt) has been abandoned since 2007, and performs far worse than OpenSSL (which leverages AES-NI on modern processors and is cache-timing safe).



Also, MCRYPT_RIJNDAEL_256 is not AES-256, it's a different variant of the Rijndael block cipher. If you want AES-256 in mcrypt, you have to use MCRYPT_RIJNDAEL_128 with a 32-byte key. OpenSSL makes it more obvious which mode you are using (i.e. aes-128-cbc vs aes-256-ctr).



OpenSSL also uses PKCS7 padding with CBC mode rather than mcrypt's NULL byte padding. Thus, mcrypt is more likely to make your code vulnerable to padding oracle attacks than OpenSSL.



Finally, if you are not authenticating your ciphertexts (Encrypt Then MAC), you're doing it wrong.




Further reading:




  • Using Encryption and Authentication Correctly (for PHP developers).


  • If You're Typing the Word MCRYPT Into Your PHP Code, You're Doing It Wrong.

Code examples



Example #1




AES Authenticated Encryption in GCM mode example for PHP 7.1+




<?php
//$key should have been previously generated in a cryptographically safe way, like openssl_random_pseudo_bytes
$plaintext = "message to be encrypted";
$cipher = "aes-128-gcm";
if (in_array($cipher, openssl_get_cipher_methods()))

$ivlen = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
//store $cipher, $iv, and $tag for decryption later
$original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
echo $original_plaintext."n";

?>


Example #2




AES Authenticated Encryption example for PHP 5.6+




<?php
//$key previously generated safely, ie: openssl_random_pseudo_bytes
$plaintext = "message to be encrypted";
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = openssl_random_pseudo_bytes($ivlen);
$ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
$ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );

//decrypt later....
$c = base64_decode($ciphertext);
$ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
$iv = substr($c, 0, $ivlen);
$hmac = substr($c, $ivlen, $sha2len=32);
$ciphertext_raw = substr($c, $ivlen+$sha2len);
$original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
$calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
if (hash_equals($hmac, $calcmac))//PHP 5.6+ timing attack safe comparison

echo $original_plaintext."n";

?>


Example #3



Based on above examples, I've changed the following code which aims at encrypting user's session id:



class Session 

/**
* Encrypts the session ID and returns it as a base 64 encoded string.
*
* @param $session_id
* @return string
*/
public function encrypt($session_id)
// Get the MD5 hash salt as a key.
$key = $this->_getSalt();
// For an easy iv, MD5 the salt again.
$iv = $this->_getIv();
// Encrypt the session ID.
$encrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $session_id, MCRYPT_MODE_CBC, $iv);
// Base 64 encode the encrypted session ID.
$encryptedSessionId = base64_encode($encrypt);
// Return it.
return $encryptedSessionId;


/**
* Decrypts a base 64 encoded encrypted session ID back to its original form.
*
* @param $encryptedSessionId
* @return string
*/
public function decrypt($encryptedSessionId)
// Get the MD5 hash salt as a key.
$key = $this->_getSalt();
// For an easy iv, MD5 the salt again.
$iv = $this->_getIv();
// Decode the encrypted session ID from base 64.
$decoded = base64_decode($encryptedSessionId);
// Decrypt the string.
$decryptedSessionId = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $decoded, MCRYPT_MODE_CBC, $iv);
// Trim the whitespace from the end.
$session_id = rtrim($decryptedSessionId, "");
// Return it.
return $session_id;


public function _getIv()
return md5($this->_getSalt());


public function _getSalt()
return md5($this->drupal->drupalGetHashSalt());





into:



class Session 

const SESS_CIPHER = 'aes-128-cbc';

/**
* Encrypts the session ID and returns it as a base 64 encoded string.
*
* @param $session_id
* @return string
*/
public function encrypt($session_id)
// Get the MD5 hash salt as a key.
$key = $this->_getSalt();
// For an easy iv, MD5 the salt again.
$iv = $this->_getIv();
// Encrypt the session ID.
$ciphertext = openssl_encrypt($session_id, self::SESS_CIPHER, $key, $options=OPENSSL_RAW_DATA, $iv);
// Base 64 encode the encrypted session ID.
$encryptedSessionId = base64_encode($ciphertext);
// Return it.
return $encryptedSessionId;


/**
* Decrypts a base 64 encoded encrypted session ID back to its original form.
*
* @param $encryptedSessionId
* @return string
*/
public function decrypt($encryptedSessionId)
// Get the Drupal hash salt as a key.
$key = $this->_getSalt();
// Get the iv.
$iv = $this->_getIv();
// Decode the encrypted session ID from base 64.
$decoded = base64_decode($encryptedSessionId, TRUE);
// Decrypt the string.
$decryptedSessionId = openssl_decrypt($decoded, self::SESS_CIPHER, $key, $options=OPENSSL_RAW_DATA, $iv);
// Trim the whitespace from the end.
$session_id = rtrim($decryptedSessionId, '');
// Return it.
return $session_id;


public function _getIv()
$ivlen = openssl_cipher_iv_length(self::SESS_CIPHER);
return substr(md5($this->_getSalt()), 0, $ivlen);


public function _getSalt()
return $this->drupal->drupalGetHashSalt();





To clarify, above change is not a true conversion since the two encryption uses a different block size and a different encrypted data. Additionally, the default padding is different, MCRYPT_RIJNDAEL only supports non-standard null padding. @zaph




Additional notes (from the @zaph's comments):




  • Rijndael 128 (MCRYPT_RIJNDAEL_128) is equivalent to AES, however Rijndael 256 (MCRYPT_RIJNDAEL_256) is not AES-256 as the 256 specifies a block size of 256-bits, whereas AES has only one block size: 128-bits. So basically Rijndael with a block size of 256-bits (MCRYPT_RIJNDAEL_256) has been mistakenly named due to the choices by the mcrypt developers. @zaph

  • Rijndael with a block size of 256 may be less secure than with a block size of 128-bits because the latter has had much more reviews and uses. Secondly, interoperability is hindered in that while AES is generally available, where Rijndael with a block size of 256-bits is not.


  • Encryption with different block sizes for Rijndael produces different encrypted data.



    For example, MCRYPT_RIJNDAEL_256 (not equivalent to AES-256) defines a different variant of the Rijndael block cipher with size of 256-bits and a key size based on the passed in key, where aes-256-cbc is Rijndael with a block size of 128-bits with a key size of 256-bits. Therefore they're using different block sizes which produces entirely different encrypted data as mcrypt uses the number to specify the block size, where OpenSSL used the number to specify the key size (AES only has one block size of 128-bits). So basically AES is Rijndael with a block size of 128-bits and key sizes of 128, 192 and 256 bits. Therefore it's better to use AES, which is called Rijndael 128 in OpenSSL.







share|improve this answer




















  • 1





    In general using Rijndael with a block size of 256-bits is a mistake due to the choices by the mcrypt developers. Further Rijndael with a block size of 256 may be less secure that with a block size of 128-bits because the latter has had much more review and use. Additionally interoperability is hindered in that while AES is generally available Rijndael with a block size of 256-bits is not.

    – zaph
    Jan 5 '18 at 21:26



















4














You can use phpseclib pollyfill package. You can not use open ssl or libsodium for encrypt/decrypt with rijndael 256.
Another issue, you don't need replacement any code.






share|improve this answer


















  • 1





    This was super helpful thanks. Had to remove the php-mcrypt extension, and then this works like a charm.

    – DannyB
    Mar 24 at 15:08


















2














Pure-PHP implementation of Rijndael exists with phpseclib available as composer package and works on PHP 7.3 (tested by me).



There's a page on the phpseclib docs, which generates sample code after you input the basic variables (cipher, mode, key size, bit size). It outputs the following for Rijndael, ECB, 256, 256:



a code with mycrypt



$decoded = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, ENCRYPT_KEY, $term, MCRYPT_MODE_ECB);


works like this with the library



$rijndael = new phpseclibCryptRijndael(phpseclibCryptRijndael::MODE_ECB);
$rijndael->setKey(ENCRYPT_KEY);
$rijndael->setKeyLength(256);
$rijndael->disablePadding();
$rijndael->setBlockLength(256);

$decoded = $rijndael->decrypt($term);


* $term was base64_decoded






share|improve this answer






























    1














    As pointed out, you should not be storing your users' passwords in a format that is decryptable. Reversable encryption provides an easy route for hackers to find out your users' passwords, which extends to putting your users' accounts at other sites at risk should they use the same password there.



    PHP provides a pair of powerful functions for random-salted, one-way hash encryption — password_hash() and password_verify(). Because the hash is automatically random-salted, there is no way for hackers to utilize precompiled tables of password hashes to reverse-engineer the password. Set the PASSWORD_DEFAULT option and future versions of PHP will automatically use stronger algorithms to generate password hashes without you having to update your code.






    share|improve this answer






























      1














      You should use openssl_encrypt() function.






      share|improve this answer

























      • Are the openssl encrypt in php 7 have the "heartbleed" ?

        – TheCrazyProfessor
        Apr 10 '17 at 16:23







      • 13





        why should the OP use openssl_encrypt? Give some details and background

        – Martin
        Apr 10 '17 at 17:30


















      1














      You should use OpenSSL over mcrypt as it's actively developed and maintained. It provides better security, maintainability and portability. Secondly it performs AES encryption/decryption much faster. It uses PKCS7 padding by default, but you can specify OPENSSL_ZERO_PADDING if you need it. To use with a 32-byte binary key, you can specify aes-256-cbc which is much obvious than MCRYPT_RIJNDAEL_128.



      Here is the code example using Mcrypt:




      Unauthenticated AES-256-CBC encryption library written in Mcrypt with PKCS7 padding.




      /**
      * This library is unsafe because it does not MAC after encrypting
      */
      class UnsafeMcryptAES

      const CIPHER = MCRYPT_RIJNDAEL_128;

      public static function encrypt($message, $key)

      if (mb_strlen($key, '8bit') !== 32)
      throw new Exception("Needs a 256-bit key!");

      $ivsize = mcrypt_get_iv_size(self::CIPHER);
      $iv = mcrypt_create_iv($ivsize, MCRYPT_DEV_URANDOM);

      // Add PKCS7 Padding
      $block = mcrypt_get_block_size(self::CIPHER);
      $pad = $block - (mb_strlen($message, '8bit') % $block, '8bit');
      $message .= str_repeat(chr($pad), $pad);

      $ciphertext = mcrypt_encrypt(
      MCRYPT_RIJNDAEL_128,
      $key,
      $message,
      MCRYPT_MODE_CBC,
      $iv
      );

      return $iv . $ciphertext;


      public static function decrypt($message, $key)
      $pad > $block)
      // Padding error!
      return false;

      return mb_substr($plaintext, 0, $len - $pad, '8bit');




      And here is the version written using OpenSSL:



      /**
      * This library is unsafe because it does not MAC after encrypting
      */
      class UnsafeOpensslAES

      const METHOD = 'aes-256-cbc';

      public static function encrypt($message, $key)

      if (mb_strlen($key, '8bit') !== 32)
      throw new Exception("Needs a 256-bit key!");

      $ivsize = openssl_cipher_iv_length(self::METHOD);
      $iv = openssl_random_pseudo_bytes($ivsize);

      $ciphertext = openssl_encrypt(
      $message,
      self::METHOD,
      $key,
      OPENSSL_RAW_DATA,
      $iv
      );

      return $iv . $ciphertext;


      public static function decrypt($message, $key)

      if (mb_strlen($key, '8bit') !== 32)
      throw new Exception("Needs a 256-bit key!");

      $ivsize = openssl_cipher_iv_length(self::METHOD);
      $iv = mb_substr($message, 0, $ivsize, '8bit');
      $ciphertext = mb_substr($message, $ivsize, null, '8bit');

      return openssl_decrypt(
      $ciphertext,
      self::METHOD,
      $key,
      OPENSSL_RAW_DATA,
      $iv
      );




      Source: If You're Typing the Word MCRYPT Into Your PHP Code, You're Doing It Wrong.






      share|improve this answer






























        0














        I was able to translate my Crypto object



        • Get a copy of php with mcrypt to decrypt the old data. I went to http://php.net/get/php-7.1.12.tar.gz/from/a/mirror, compiled it, then added the ext/mcrypt extension (configure;make;make install). I think I had to add the extenstion=mcrypt.so line to the php.ini as well. A series of scripts to build intermediate versions of the data with all data unencrypted.



        • Build a public and private key for openssl



          openssl genrsa -des3 -out pkey.pem 2048
          (set a password)
          openssl rsa -in pkey.pem -out pkey-pub.pem -outform PEM -pubout



        • To Encrypt (using public key) use openssl_seal. From what I've read, openssl_encrypt using an RSA key is limited to 11 bytes less than the key length (See http://php.net/manual/en/function.openssl-public-encrypt.php comment by Thomas Horsten)



          $pubKey = openssl_get_publickey(file_get_contents('./pkey-pub.pem'));
          openssl_seal($pwd, $sealed, $ekeys, [ $pubKey ]);
          $encryptedPassword = base64_encode($sealed);
          $key = base64_encode($ekeys[0]);


        You could probably store the raw binary.




        • To Decrypt (using private key)



          $passphrase="passphrase here";
          $privKey = openssl_get_privatekey(file_get_contents('./pkey.pem'), $passphrase);
          // I base64_decode() from my db columns
          openssl_open($encryptedPassword, $plain, $key, $privKey);
          echo "<h3>Password=$plain</h3>";


        P.S. You can't encrypt the empty string ("")



        P.P.S. This is for a password database not for user validation.






        share|improve this answer
































          0














          As detailed by other answers here, the best solution I found is using OpenSSL. It is built into PHP and you don't need any external library. Here are simple examples:



          To encrypt:



          function encrypt($key, $payload) 
          $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
          $encrypted = openssl_encrypt($payload, 'aes-256-cbc', $key, 0, $iv);
          return base64_encode($encrypted . '::' . $iv);



          To decrypt:



          function decrypt($key, $garble) 
          list($encrypted_data, $iv) = explode('::', base64_decode($garble), 2);
          return openssl_decrypt($encrypted_data, 'aes-256-cbc', $key, 0, $iv);



          Reference link: https://www.shift8web.ca/2017/04/how-to-encrypt-and-execute-your-php-code-with-mcrypt/






          share|improve this answer






























            -4














            Just use @ before each mcrypt for example:



            @mcrypt_module_open,
            @mcrypt_get_block_size,
            @mcrypt_generic_init
            @mcrypt_generic
            @mcrypt_generic_deinit


            It will remove function mcrypt_module_open depriciated error and will work.






            share|improve this answer

























            • Does not work in 7.2.x or newer, mcrypt was removed.

              – Stone Cold
              Nov 3 '18 at 19:37











            • This will only hide the error/notice and not going to work with php7.2.x versions. It is removed.

              – Ravi
              Dec 19 '18 at 10:09











            Your Answer






            StackExchange.ifUsing("editor", function ()
            StackExchange.using("externalEditor", function ()
            StackExchange.using("snippets", function ()
            StackExchange.snippets.init();
            );
            );
            , "code-snippets");

            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "1"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f41272257%2fmcrypt-is-deprecated-what-is-the-alternative%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            10 Answers
            10






            active

            oldest

            votes








            10 Answers
            10






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            37














            It's best practice to hash passwords so they are not decryptable. This makes things slightly more difficult for attackers that may have gained access to your database or files.



            If you must encrypt your data and have it decryptable, a guide to secure encryption/decryption is available at https://paragonie.com/white-paper/2015-secure-php-data-encryption. To summarize that link:



            • Use Libsodium - A PHP extension

            • If you can't use Libsodium, use defuse/php-encryption - Straight PHP code

            • If you can't use Libsodium or defuse/php-encryption, use OpenSSL - A lot of servers will already have this installed. If not, it can be compiled with --with-openssl[=DIR]





            share|improve this answer


















            • 1





              I will take a look at those options, thanks for the answer and thanks everyone for the reply's!

              – Piet
              Dec 22 '16 at 7:34






            • 1





              Should first try openssl because it is very common, where libsodium isn't. Raw php shouldn't be used unless all native extension are out if question

              – JSON
              Mar 23 '17 at 17:19











            • even though openssl is very common, it seems that php 7 will be using libsodium for its core cryptography securityintelligence.com/news/…

              – shadi
              Mar 24 '17 at 8:31












            • What abt old data which is already encrypted in PHP 5.3??

              – Niranjan N Raju
              Nov 24 '17 at 10:41






            • 1





              Note there is a library called Sodium-compat (github.com/paragonie/sodium_compat) which works in PHP >= 5.2.4

              – RaelB
              Apr 30 '18 at 17:24
















            37














            It's best practice to hash passwords so they are not decryptable. This makes things slightly more difficult for attackers that may have gained access to your database or files.



            If you must encrypt your data and have it decryptable, a guide to secure encryption/decryption is available at https://paragonie.com/white-paper/2015-secure-php-data-encryption. To summarize that link:



            • Use Libsodium - A PHP extension

            • If you can't use Libsodium, use defuse/php-encryption - Straight PHP code

            • If you can't use Libsodium or defuse/php-encryption, use OpenSSL - A lot of servers will already have this installed. If not, it can be compiled with --with-openssl[=DIR]





            share|improve this answer


















            • 1





              I will take a look at those options, thanks for the answer and thanks everyone for the reply's!

              – Piet
              Dec 22 '16 at 7:34






            • 1





              Should first try openssl because it is very common, where libsodium isn't. Raw php shouldn't be used unless all native extension are out if question

              – JSON
              Mar 23 '17 at 17:19











            • even though openssl is very common, it seems that php 7 will be using libsodium for its core cryptography securityintelligence.com/news/…

              – shadi
              Mar 24 '17 at 8:31












            • What abt old data which is already encrypted in PHP 5.3??

              – Niranjan N Raju
              Nov 24 '17 at 10:41






            • 1





              Note there is a library called Sodium-compat (github.com/paragonie/sodium_compat) which works in PHP >= 5.2.4

              – RaelB
              Apr 30 '18 at 17:24














            37












            37








            37







            It's best practice to hash passwords so they are not decryptable. This makes things slightly more difficult for attackers that may have gained access to your database or files.



            If you must encrypt your data and have it decryptable, a guide to secure encryption/decryption is available at https://paragonie.com/white-paper/2015-secure-php-data-encryption. To summarize that link:



            • Use Libsodium - A PHP extension

            • If you can't use Libsodium, use defuse/php-encryption - Straight PHP code

            • If you can't use Libsodium or defuse/php-encryption, use OpenSSL - A lot of servers will already have this installed. If not, it can be compiled with --with-openssl[=DIR]





            share|improve this answer













            It's best practice to hash passwords so they are not decryptable. This makes things slightly more difficult for attackers that may have gained access to your database or files.



            If you must encrypt your data and have it decryptable, a guide to secure encryption/decryption is available at https://paragonie.com/white-paper/2015-secure-php-data-encryption. To summarize that link:



            • Use Libsodium - A PHP extension

            • If you can't use Libsodium, use defuse/php-encryption - Straight PHP code

            • If you can't use Libsodium or defuse/php-encryption, use OpenSSL - A lot of servers will already have this installed. If not, it can be compiled with --with-openssl[=DIR]






            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Dec 21 '16 at 22:03









            PhilPhil

            1,088917




            1,088917







            • 1





              I will take a look at those options, thanks for the answer and thanks everyone for the reply's!

              – Piet
              Dec 22 '16 at 7:34






            • 1





              Should first try openssl because it is very common, where libsodium isn't. Raw php shouldn't be used unless all native extension are out if question

              – JSON
              Mar 23 '17 at 17:19











            • even though openssl is very common, it seems that php 7 will be using libsodium for its core cryptography securityintelligence.com/news/…

              – shadi
              Mar 24 '17 at 8:31












            • What abt old data which is already encrypted in PHP 5.3??

              – Niranjan N Raju
              Nov 24 '17 at 10:41






            • 1





              Note there is a library called Sodium-compat (github.com/paragonie/sodium_compat) which works in PHP >= 5.2.4

              – RaelB
              Apr 30 '18 at 17:24













            • 1





              I will take a look at those options, thanks for the answer and thanks everyone for the reply's!

              – Piet
              Dec 22 '16 at 7:34






            • 1





              Should first try openssl because it is very common, where libsodium isn't. Raw php shouldn't be used unless all native extension are out if question

              – JSON
              Mar 23 '17 at 17:19











            • even though openssl is very common, it seems that php 7 will be using libsodium for its core cryptography securityintelligence.com/news/…

              – shadi
              Mar 24 '17 at 8:31












            • What abt old data which is already encrypted in PHP 5.3??

              – Niranjan N Raju
              Nov 24 '17 at 10:41






            • 1





              Note there is a library called Sodium-compat (github.com/paragonie/sodium_compat) which works in PHP >= 5.2.4

              – RaelB
              Apr 30 '18 at 17:24








            1




            1





            I will take a look at those options, thanks for the answer and thanks everyone for the reply's!

            – Piet
            Dec 22 '16 at 7:34





            I will take a look at those options, thanks for the answer and thanks everyone for the reply's!

            – Piet
            Dec 22 '16 at 7:34




            1




            1





            Should first try openssl because it is very common, where libsodium isn't. Raw php shouldn't be used unless all native extension are out if question

            – JSON
            Mar 23 '17 at 17:19





            Should first try openssl because it is very common, where libsodium isn't. Raw php shouldn't be used unless all native extension are out if question

            – JSON
            Mar 23 '17 at 17:19













            even though openssl is very common, it seems that php 7 will be using libsodium for its core cryptography securityintelligence.com/news/…

            – shadi
            Mar 24 '17 at 8:31






            even though openssl is very common, it seems that php 7 will be using libsodium for its core cryptography securityintelligence.com/news/…

            – shadi
            Mar 24 '17 at 8:31














            What abt old data which is already encrypted in PHP 5.3??

            – Niranjan N Raju
            Nov 24 '17 at 10:41





            What abt old data which is already encrypted in PHP 5.3??

            – Niranjan N Raju
            Nov 24 '17 at 10:41




            1




            1





            Note there is a library called Sodium-compat (github.com/paragonie/sodium_compat) which works in PHP >= 5.2.4

            – RaelB
            Apr 30 '18 at 17:24






            Note there is a library called Sodium-compat (github.com/paragonie/sodium_compat) which works in PHP >= 5.2.4

            – RaelB
            Apr 30 '18 at 17:24














            18














            As suggested by @rqLizard, you can use openssl_encrypt/openssl_decrypt PHP functions instead which provides a much
            better alternative to implement AES (The Advanced Encryption Standard) also known as Rijndael encryption.



            As per the following Scott's comment at php.net:




            If you're writing code to encrypt/encrypt data in 2015, you should use openssl_encrypt() and openssl_decrypt(). The underlying library (libmcrypt) has been abandoned since 2007, and performs far worse than OpenSSL (which leverages AES-NI on modern processors and is cache-timing safe).



            Also, MCRYPT_RIJNDAEL_256 is not AES-256, it's a different variant of the Rijndael block cipher. If you want AES-256 in mcrypt, you have to use MCRYPT_RIJNDAEL_128 with a 32-byte key. OpenSSL makes it more obvious which mode you are using (i.e. aes-128-cbc vs aes-256-ctr).



            OpenSSL also uses PKCS7 padding with CBC mode rather than mcrypt's NULL byte padding. Thus, mcrypt is more likely to make your code vulnerable to padding oracle attacks than OpenSSL.



            Finally, if you are not authenticating your ciphertexts (Encrypt Then MAC), you're doing it wrong.




            Further reading:




            • Using Encryption and Authentication Correctly (for PHP developers).


            • If You're Typing the Word MCRYPT Into Your PHP Code, You're Doing It Wrong.

            Code examples



            Example #1




            AES Authenticated Encryption in GCM mode example for PHP 7.1+




            <?php
            //$key should have been previously generated in a cryptographically safe way, like openssl_random_pseudo_bytes
            $plaintext = "message to be encrypted";
            $cipher = "aes-128-gcm";
            if (in_array($cipher, openssl_get_cipher_methods()))

            $ivlen = openssl_cipher_iv_length($cipher);
            $iv = openssl_random_pseudo_bytes($ivlen);
            $ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
            //store $cipher, $iv, and $tag for decryption later
            $original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
            echo $original_plaintext."n";

            ?>


            Example #2




            AES Authenticated Encryption example for PHP 5.6+




            <?php
            //$key previously generated safely, ie: openssl_random_pseudo_bytes
            $plaintext = "message to be encrypted";
            $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
            $iv = openssl_random_pseudo_bytes($ivlen);
            $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
            $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
            $ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );

            //decrypt later....
            $c = base64_decode($ciphertext);
            $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
            $iv = substr($c, 0, $ivlen);
            $hmac = substr($c, $ivlen, $sha2len=32);
            $ciphertext_raw = substr($c, $ivlen+$sha2len);
            $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
            $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
            if (hash_equals($hmac, $calcmac))//PHP 5.6+ timing attack safe comparison

            echo $original_plaintext."n";

            ?>


            Example #3



            Based on above examples, I've changed the following code which aims at encrypting user's session id:



            class Session 

            /**
            * Encrypts the session ID and returns it as a base 64 encoded string.
            *
            * @param $session_id
            * @return string
            */
            public function encrypt($session_id)
            // Get the MD5 hash salt as a key.
            $key = $this->_getSalt();
            // For an easy iv, MD5 the salt again.
            $iv = $this->_getIv();
            // Encrypt the session ID.
            $encrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $session_id, MCRYPT_MODE_CBC, $iv);
            // Base 64 encode the encrypted session ID.
            $encryptedSessionId = base64_encode($encrypt);
            // Return it.
            return $encryptedSessionId;


            /**
            * Decrypts a base 64 encoded encrypted session ID back to its original form.
            *
            * @param $encryptedSessionId
            * @return string
            */
            public function decrypt($encryptedSessionId)
            // Get the MD5 hash salt as a key.
            $key = $this->_getSalt();
            // For an easy iv, MD5 the salt again.
            $iv = $this->_getIv();
            // Decode the encrypted session ID from base 64.
            $decoded = base64_decode($encryptedSessionId);
            // Decrypt the string.
            $decryptedSessionId = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $decoded, MCRYPT_MODE_CBC, $iv);
            // Trim the whitespace from the end.
            $session_id = rtrim($decryptedSessionId, "");
            // Return it.
            return $session_id;


            public function _getIv()
            return md5($this->_getSalt());


            public function _getSalt()
            return md5($this->drupal->drupalGetHashSalt());





            into:



            class Session 

            const SESS_CIPHER = 'aes-128-cbc';

            /**
            * Encrypts the session ID and returns it as a base 64 encoded string.
            *
            * @param $session_id
            * @return string
            */
            public function encrypt($session_id)
            // Get the MD5 hash salt as a key.
            $key = $this->_getSalt();
            // For an easy iv, MD5 the salt again.
            $iv = $this->_getIv();
            // Encrypt the session ID.
            $ciphertext = openssl_encrypt($session_id, self::SESS_CIPHER, $key, $options=OPENSSL_RAW_DATA, $iv);
            // Base 64 encode the encrypted session ID.
            $encryptedSessionId = base64_encode($ciphertext);
            // Return it.
            return $encryptedSessionId;


            /**
            * Decrypts a base 64 encoded encrypted session ID back to its original form.
            *
            * @param $encryptedSessionId
            * @return string
            */
            public function decrypt($encryptedSessionId)
            // Get the Drupal hash salt as a key.
            $key = $this->_getSalt();
            // Get the iv.
            $iv = $this->_getIv();
            // Decode the encrypted session ID from base 64.
            $decoded = base64_decode($encryptedSessionId, TRUE);
            // Decrypt the string.
            $decryptedSessionId = openssl_decrypt($decoded, self::SESS_CIPHER, $key, $options=OPENSSL_RAW_DATA, $iv);
            // Trim the whitespace from the end.
            $session_id = rtrim($decryptedSessionId, '');
            // Return it.
            return $session_id;


            public function _getIv()
            $ivlen = openssl_cipher_iv_length(self::SESS_CIPHER);
            return substr(md5($this->_getSalt()), 0, $ivlen);


            public function _getSalt()
            return $this->drupal->drupalGetHashSalt();





            To clarify, above change is not a true conversion since the two encryption uses a different block size and a different encrypted data. Additionally, the default padding is different, MCRYPT_RIJNDAEL only supports non-standard null padding. @zaph




            Additional notes (from the @zaph's comments):




            • Rijndael 128 (MCRYPT_RIJNDAEL_128) is equivalent to AES, however Rijndael 256 (MCRYPT_RIJNDAEL_256) is not AES-256 as the 256 specifies a block size of 256-bits, whereas AES has only one block size: 128-bits. So basically Rijndael with a block size of 256-bits (MCRYPT_RIJNDAEL_256) has been mistakenly named due to the choices by the mcrypt developers. @zaph

            • Rijndael with a block size of 256 may be less secure than with a block size of 128-bits because the latter has had much more reviews and uses. Secondly, interoperability is hindered in that while AES is generally available, where Rijndael with a block size of 256-bits is not.


            • Encryption with different block sizes for Rijndael produces different encrypted data.



              For example, MCRYPT_RIJNDAEL_256 (not equivalent to AES-256) defines a different variant of the Rijndael block cipher with size of 256-bits and a key size based on the passed in key, where aes-256-cbc is Rijndael with a block size of 128-bits with a key size of 256-bits. Therefore they're using different block sizes which produces entirely different encrypted data as mcrypt uses the number to specify the block size, where OpenSSL used the number to specify the key size (AES only has one block size of 128-bits). So basically AES is Rijndael with a block size of 128-bits and key sizes of 128, 192 and 256 bits. Therefore it's better to use AES, which is called Rijndael 128 in OpenSSL.







            share|improve this answer




















            • 1





              In general using Rijndael with a block size of 256-bits is a mistake due to the choices by the mcrypt developers. Further Rijndael with a block size of 256 may be less secure that with a block size of 128-bits because the latter has had much more review and use. Additionally interoperability is hindered in that while AES is generally available Rijndael with a block size of 256-bits is not.

              – zaph
              Jan 5 '18 at 21:26
















            18














            As suggested by @rqLizard, you can use openssl_encrypt/openssl_decrypt PHP functions instead which provides a much
            better alternative to implement AES (The Advanced Encryption Standard) also known as Rijndael encryption.



            As per the following Scott's comment at php.net:




            If you're writing code to encrypt/encrypt data in 2015, you should use openssl_encrypt() and openssl_decrypt(). The underlying library (libmcrypt) has been abandoned since 2007, and performs far worse than OpenSSL (which leverages AES-NI on modern processors and is cache-timing safe).



            Also, MCRYPT_RIJNDAEL_256 is not AES-256, it's a different variant of the Rijndael block cipher. If you want AES-256 in mcrypt, you have to use MCRYPT_RIJNDAEL_128 with a 32-byte key. OpenSSL makes it more obvious which mode you are using (i.e. aes-128-cbc vs aes-256-ctr).



            OpenSSL also uses PKCS7 padding with CBC mode rather than mcrypt's NULL byte padding. Thus, mcrypt is more likely to make your code vulnerable to padding oracle attacks than OpenSSL.



            Finally, if you are not authenticating your ciphertexts (Encrypt Then MAC), you're doing it wrong.




            Further reading:




            • Using Encryption and Authentication Correctly (for PHP developers).


            • If You're Typing the Word MCRYPT Into Your PHP Code, You're Doing It Wrong.

            Code examples



            Example #1




            AES Authenticated Encryption in GCM mode example for PHP 7.1+




            <?php
            //$key should have been previously generated in a cryptographically safe way, like openssl_random_pseudo_bytes
            $plaintext = "message to be encrypted";
            $cipher = "aes-128-gcm";
            if (in_array($cipher, openssl_get_cipher_methods()))

            $ivlen = openssl_cipher_iv_length($cipher);
            $iv = openssl_random_pseudo_bytes($ivlen);
            $ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
            //store $cipher, $iv, and $tag for decryption later
            $original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
            echo $original_plaintext."n";

            ?>


            Example #2




            AES Authenticated Encryption example for PHP 5.6+




            <?php
            //$key previously generated safely, ie: openssl_random_pseudo_bytes
            $plaintext = "message to be encrypted";
            $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
            $iv = openssl_random_pseudo_bytes($ivlen);
            $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
            $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
            $ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );

            //decrypt later....
            $c = base64_decode($ciphertext);
            $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
            $iv = substr($c, 0, $ivlen);
            $hmac = substr($c, $ivlen, $sha2len=32);
            $ciphertext_raw = substr($c, $ivlen+$sha2len);
            $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
            $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
            if (hash_equals($hmac, $calcmac))//PHP 5.6+ timing attack safe comparison

            echo $original_plaintext."n";

            ?>


            Example #3



            Based on above examples, I've changed the following code which aims at encrypting user's session id:



            class Session 

            /**
            * Encrypts the session ID and returns it as a base 64 encoded string.
            *
            * @param $session_id
            * @return string
            */
            public function encrypt($session_id)
            // Get the MD5 hash salt as a key.
            $key = $this->_getSalt();
            // For an easy iv, MD5 the salt again.
            $iv = $this->_getIv();
            // Encrypt the session ID.
            $encrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $session_id, MCRYPT_MODE_CBC, $iv);
            // Base 64 encode the encrypted session ID.
            $encryptedSessionId = base64_encode($encrypt);
            // Return it.
            return $encryptedSessionId;


            /**
            * Decrypts a base 64 encoded encrypted session ID back to its original form.
            *
            * @param $encryptedSessionId
            * @return string
            */
            public function decrypt($encryptedSessionId)
            // Get the MD5 hash salt as a key.
            $key = $this->_getSalt();
            // For an easy iv, MD5 the salt again.
            $iv = $this->_getIv();
            // Decode the encrypted session ID from base 64.
            $decoded = base64_decode($encryptedSessionId);
            // Decrypt the string.
            $decryptedSessionId = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $decoded, MCRYPT_MODE_CBC, $iv);
            // Trim the whitespace from the end.
            $session_id = rtrim($decryptedSessionId, "");
            // Return it.
            return $session_id;


            public function _getIv()
            return md5($this->_getSalt());


            public function _getSalt()
            return md5($this->drupal->drupalGetHashSalt());





            into:



            class Session 

            const SESS_CIPHER = 'aes-128-cbc';

            /**
            * Encrypts the session ID and returns it as a base 64 encoded string.
            *
            * @param $session_id
            * @return string
            */
            public function encrypt($session_id)
            // Get the MD5 hash salt as a key.
            $key = $this->_getSalt();
            // For an easy iv, MD5 the salt again.
            $iv = $this->_getIv();
            // Encrypt the session ID.
            $ciphertext = openssl_encrypt($session_id, self::SESS_CIPHER, $key, $options=OPENSSL_RAW_DATA, $iv);
            // Base 64 encode the encrypted session ID.
            $encryptedSessionId = base64_encode($ciphertext);
            // Return it.
            return $encryptedSessionId;


            /**
            * Decrypts a base 64 encoded encrypted session ID back to its original form.
            *
            * @param $encryptedSessionId
            * @return string
            */
            public function decrypt($encryptedSessionId)
            // Get the Drupal hash salt as a key.
            $key = $this->_getSalt();
            // Get the iv.
            $iv = $this->_getIv();
            // Decode the encrypted session ID from base 64.
            $decoded = base64_decode($encryptedSessionId, TRUE);
            // Decrypt the string.
            $decryptedSessionId = openssl_decrypt($decoded, self::SESS_CIPHER, $key, $options=OPENSSL_RAW_DATA, $iv);
            // Trim the whitespace from the end.
            $session_id = rtrim($decryptedSessionId, '');
            // Return it.
            return $session_id;


            public function _getIv()
            $ivlen = openssl_cipher_iv_length(self::SESS_CIPHER);
            return substr(md5($this->_getSalt()), 0, $ivlen);


            public function _getSalt()
            return $this->drupal->drupalGetHashSalt();





            To clarify, above change is not a true conversion since the two encryption uses a different block size and a different encrypted data. Additionally, the default padding is different, MCRYPT_RIJNDAEL only supports non-standard null padding. @zaph




            Additional notes (from the @zaph's comments):




            • Rijndael 128 (MCRYPT_RIJNDAEL_128) is equivalent to AES, however Rijndael 256 (MCRYPT_RIJNDAEL_256) is not AES-256 as the 256 specifies a block size of 256-bits, whereas AES has only one block size: 128-bits. So basically Rijndael with a block size of 256-bits (MCRYPT_RIJNDAEL_256) has been mistakenly named due to the choices by the mcrypt developers. @zaph

            • Rijndael with a block size of 256 may be less secure than with a block size of 128-bits because the latter has had much more reviews and uses. Secondly, interoperability is hindered in that while AES is generally available, where Rijndael with a block size of 256-bits is not.


            • Encryption with different block sizes for Rijndael produces different encrypted data.



              For example, MCRYPT_RIJNDAEL_256 (not equivalent to AES-256) defines a different variant of the Rijndael block cipher with size of 256-bits and a key size based on the passed in key, where aes-256-cbc is Rijndael with a block size of 128-bits with a key size of 256-bits. Therefore they're using different block sizes which produces entirely different encrypted data as mcrypt uses the number to specify the block size, where OpenSSL used the number to specify the key size (AES only has one block size of 128-bits). So basically AES is Rijndael with a block size of 128-bits and key sizes of 128, 192 and 256 bits. Therefore it's better to use AES, which is called Rijndael 128 in OpenSSL.







            share|improve this answer




















            • 1





              In general using Rijndael with a block size of 256-bits is a mistake due to the choices by the mcrypt developers. Further Rijndael with a block size of 256 may be less secure that with a block size of 128-bits because the latter has had much more review and use. Additionally interoperability is hindered in that while AES is generally available Rijndael with a block size of 256-bits is not.

              – zaph
              Jan 5 '18 at 21:26














            18












            18








            18







            As suggested by @rqLizard, you can use openssl_encrypt/openssl_decrypt PHP functions instead which provides a much
            better alternative to implement AES (The Advanced Encryption Standard) also known as Rijndael encryption.



            As per the following Scott's comment at php.net:




            If you're writing code to encrypt/encrypt data in 2015, you should use openssl_encrypt() and openssl_decrypt(). The underlying library (libmcrypt) has been abandoned since 2007, and performs far worse than OpenSSL (which leverages AES-NI on modern processors and is cache-timing safe).



            Also, MCRYPT_RIJNDAEL_256 is not AES-256, it's a different variant of the Rijndael block cipher. If you want AES-256 in mcrypt, you have to use MCRYPT_RIJNDAEL_128 with a 32-byte key. OpenSSL makes it more obvious which mode you are using (i.e. aes-128-cbc vs aes-256-ctr).



            OpenSSL also uses PKCS7 padding with CBC mode rather than mcrypt's NULL byte padding. Thus, mcrypt is more likely to make your code vulnerable to padding oracle attacks than OpenSSL.



            Finally, if you are not authenticating your ciphertexts (Encrypt Then MAC), you're doing it wrong.




            Further reading:




            • Using Encryption and Authentication Correctly (for PHP developers).


            • If You're Typing the Word MCRYPT Into Your PHP Code, You're Doing It Wrong.

            Code examples



            Example #1




            AES Authenticated Encryption in GCM mode example for PHP 7.1+




            <?php
            //$key should have been previously generated in a cryptographically safe way, like openssl_random_pseudo_bytes
            $plaintext = "message to be encrypted";
            $cipher = "aes-128-gcm";
            if (in_array($cipher, openssl_get_cipher_methods()))

            $ivlen = openssl_cipher_iv_length($cipher);
            $iv = openssl_random_pseudo_bytes($ivlen);
            $ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
            //store $cipher, $iv, and $tag for decryption later
            $original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
            echo $original_plaintext."n";

            ?>


            Example #2




            AES Authenticated Encryption example for PHP 5.6+




            <?php
            //$key previously generated safely, ie: openssl_random_pseudo_bytes
            $plaintext = "message to be encrypted";
            $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
            $iv = openssl_random_pseudo_bytes($ivlen);
            $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
            $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
            $ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );

            //decrypt later....
            $c = base64_decode($ciphertext);
            $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
            $iv = substr($c, 0, $ivlen);
            $hmac = substr($c, $ivlen, $sha2len=32);
            $ciphertext_raw = substr($c, $ivlen+$sha2len);
            $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
            $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
            if (hash_equals($hmac, $calcmac))//PHP 5.6+ timing attack safe comparison

            echo $original_plaintext."n";

            ?>


            Example #3



            Based on above examples, I've changed the following code which aims at encrypting user's session id:



            class Session 

            /**
            * Encrypts the session ID and returns it as a base 64 encoded string.
            *
            * @param $session_id
            * @return string
            */
            public function encrypt($session_id)
            // Get the MD5 hash salt as a key.
            $key = $this->_getSalt();
            // For an easy iv, MD5 the salt again.
            $iv = $this->_getIv();
            // Encrypt the session ID.
            $encrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $session_id, MCRYPT_MODE_CBC, $iv);
            // Base 64 encode the encrypted session ID.
            $encryptedSessionId = base64_encode($encrypt);
            // Return it.
            return $encryptedSessionId;


            /**
            * Decrypts a base 64 encoded encrypted session ID back to its original form.
            *
            * @param $encryptedSessionId
            * @return string
            */
            public function decrypt($encryptedSessionId)
            // Get the MD5 hash salt as a key.
            $key = $this->_getSalt();
            // For an easy iv, MD5 the salt again.
            $iv = $this->_getIv();
            // Decode the encrypted session ID from base 64.
            $decoded = base64_decode($encryptedSessionId);
            // Decrypt the string.
            $decryptedSessionId = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $decoded, MCRYPT_MODE_CBC, $iv);
            // Trim the whitespace from the end.
            $session_id = rtrim($decryptedSessionId, "");
            // Return it.
            return $session_id;


            public function _getIv()
            return md5($this->_getSalt());


            public function _getSalt()
            return md5($this->drupal->drupalGetHashSalt());





            into:



            class Session 

            const SESS_CIPHER = 'aes-128-cbc';

            /**
            * Encrypts the session ID and returns it as a base 64 encoded string.
            *
            * @param $session_id
            * @return string
            */
            public function encrypt($session_id)
            // Get the MD5 hash salt as a key.
            $key = $this->_getSalt();
            // For an easy iv, MD5 the salt again.
            $iv = $this->_getIv();
            // Encrypt the session ID.
            $ciphertext = openssl_encrypt($session_id, self::SESS_CIPHER, $key, $options=OPENSSL_RAW_DATA, $iv);
            // Base 64 encode the encrypted session ID.
            $encryptedSessionId = base64_encode($ciphertext);
            // Return it.
            return $encryptedSessionId;


            /**
            * Decrypts a base 64 encoded encrypted session ID back to its original form.
            *
            * @param $encryptedSessionId
            * @return string
            */
            public function decrypt($encryptedSessionId)
            // Get the Drupal hash salt as a key.
            $key = $this->_getSalt();
            // Get the iv.
            $iv = $this->_getIv();
            // Decode the encrypted session ID from base 64.
            $decoded = base64_decode($encryptedSessionId, TRUE);
            // Decrypt the string.
            $decryptedSessionId = openssl_decrypt($decoded, self::SESS_CIPHER, $key, $options=OPENSSL_RAW_DATA, $iv);
            // Trim the whitespace from the end.
            $session_id = rtrim($decryptedSessionId, '');
            // Return it.
            return $session_id;


            public function _getIv()
            $ivlen = openssl_cipher_iv_length(self::SESS_CIPHER);
            return substr(md5($this->_getSalt()), 0, $ivlen);


            public function _getSalt()
            return $this->drupal->drupalGetHashSalt();





            To clarify, above change is not a true conversion since the two encryption uses a different block size and a different encrypted data. Additionally, the default padding is different, MCRYPT_RIJNDAEL only supports non-standard null padding. @zaph




            Additional notes (from the @zaph's comments):




            • Rijndael 128 (MCRYPT_RIJNDAEL_128) is equivalent to AES, however Rijndael 256 (MCRYPT_RIJNDAEL_256) is not AES-256 as the 256 specifies a block size of 256-bits, whereas AES has only one block size: 128-bits. So basically Rijndael with a block size of 256-bits (MCRYPT_RIJNDAEL_256) has been mistakenly named due to the choices by the mcrypt developers. @zaph

            • Rijndael with a block size of 256 may be less secure than with a block size of 128-bits because the latter has had much more reviews and uses. Secondly, interoperability is hindered in that while AES is generally available, where Rijndael with a block size of 256-bits is not.


            • Encryption with different block sizes for Rijndael produces different encrypted data.



              For example, MCRYPT_RIJNDAEL_256 (not equivalent to AES-256) defines a different variant of the Rijndael block cipher with size of 256-bits and a key size based on the passed in key, where aes-256-cbc is Rijndael with a block size of 128-bits with a key size of 256-bits. Therefore they're using different block sizes which produces entirely different encrypted data as mcrypt uses the number to specify the block size, where OpenSSL used the number to specify the key size (AES only has one block size of 128-bits). So basically AES is Rijndael with a block size of 128-bits and key sizes of 128, 192 and 256 bits. Therefore it's better to use AES, which is called Rijndael 128 in OpenSSL.







            share|improve this answer















            As suggested by @rqLizard, you can use openssl_encrypt/openssl_decrypt PHP functions instead which provides a much
            better alternative to implement AES (The Advanced Encryption Standard) also known as Rijndael encryption.



            As per the following Scott's comment at php.net:




            If you're writing code to encrypt/encrypt data in 2015, you should use openssl_encrypt() and openssl_decrypt(). The underlying library (libmcrypt) has been abandoned since 2007, and performs far worse than OpenSSL (which leverages AES-NI on modern processors and is cache-timing safe).



            Also, MCRYPT_RIJNDAEL_256 is not AES-256, it's a different variant of the Rijndael block cipher. If you want AES-256 in mcrypt, you have to use MCRYPT_RIJNDAEL_128 with a 32-byte key. OpenSSL makes it more obvious which mode you are using (i.e. aes-128-cbc vs aes-256-ctr).



            OpenSSL also uses PKCS7 padding with CBC mode rather than mcrypt's NULL byte padding. Thus, mcrypt is more likely to make your code vulnerable to padding oracle attacks than OpenSSL.



            Finally, if you are not authenticating your ciphertexts (Encrypt Then MAC), you're doing it wrong.




            Further reading:




            • Using Encryption and Authentication Correctly (for PHP developers).


            • If You're Typing the Word MCRYPT Into Your PHP Code, You're Doing It Wrong.

            Code examples



            Example #1




            AES Authenticated Encryption in GCM mode example for PHP 7.1+




            <?php
            //$key should have been previously generated in a cryptographically safe way, like openssl_random_pseudo_bytes
            $plaintext = "message to be encrypted";
            $cipher = "aes-128-gcm";
            if (in_array($cipher, openssl_get_cipher_methods()))

            $ivlen = openssl_cipher_iv_length($cipher);
            $iv = openssl_random_pseudo_bytes($ivlen);
            $ciphertext = openssl_encrypt($plaintext, $cipher, $key, $options=0, $iv, $tag);
            //store $cipher, $iv, and $tag for decryption later
            $original_plaintext = openssl_decrypt($ciphertext, $cipher, $key, $options=0, $iv, $tag);
            echo $original_plaintext."n";

            ?>


            Example #2




            AES Authenticated Encryption example for PHP 5.6+




            <?php
            //$key previously generated safely, ie: openssl_random_pseudo_bytes
            $plaintext = "message to be encrypted";
            $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
            $iv = openssl_random_pseudo_bytes($ivlen);
            $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
            $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
            $ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );

            //decrypt later....
            $c = base64_decode($ciphertext);
            $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
            $iv = substr($c, 0, $ivlen);
            $hmac = substr($c, $ivlen, $sha2len=32);
            $ciphertext_raw = substr($c, $ivlen+$sha2len);
            $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
            $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
            if (hash_equals($hmac, $calcmac))//PHP 5.6+ timing attack safe comparison

            echo $original_plaintext."n";

            ?>


            Example #3



            Based on above examples, I've changed the following code which aims at encrypting user's session id:



            class Session 

            /**
            * Encrypts the session ID and returns it as a base 64 encoded string.
            *
            * @param $session_id
            * @return string
            */
            public function encrypt($session_id)
            // Get the MD5 hash salt as a key.
            $key = $this->_getSalt();
            // For an easy iv, MD5 the salt again.
            $iv = $this->_getIv();
            // Encrypt the session ID.
            $encrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $session_id, MCRYPT_MODE_CBC, $iv);
            // Base 64 encode the encrypted session ID.
            $encryptedSessionId = base64_encode($encrypt);
            // Return it.
            return $encryptedSessionId;


            /**
            * Decrypts a base 64 encoded encrypted session ID back to its original form.
            *
            * @param $encryptedSessionId
            * @return string
            */
            public function decrypt($encryptedSessionId)
            // Get the MD5 hash salt as a key.
            $key = $this->_getSalt();
            // For an easy iv, MD5 the salt again.
            $iv = $this->_getIv();
            // Decode the encrypted session ID from base 64.
            $decoded = base64_decode($encryptedSessionId);
            // Decrypt the string.
            $decryptedSessionId = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $decoded, MCRYPT_MODE_CBC, $iv);
            // Trim the whitespace from the end.
            $session_id = rtrim($decryptedSessionId, "");
            // Return it.
            return $session_id;


            public function _getIv()
            return md5($this->_getSalt());


            public function _getSalt()
            return md5($this->drupal->drupalGetHashSalt());





            into:



            class Session 

            const SESS_CIPHER = 'aes-128-cbc';

            /**
            * Encrypts the session ID and returns it as a base 64 encoded string.
            *
            * @param $session_id
            * @return string
            */
            public function encrypt($session_id)
            // Get the MD5 hash salt as a key.
            $key = $this->_getSalt();
            // For an easy iv, MD5 the salt again.
            $iv = $this->_getIv();
            // Encrypt the session ID.
            $ciphertext = openssl_encrypt($session_id, self::SESS_CIPHER, $key, $options=OPENSSL_RAW_DATA, $iv);
            // Base 64 encode the encrypted session ID.
            $encryptedSessionId = base64_encode($ciphertext);
            // Return it.
            return $encryptedSessionId;


            /**
            * Decrypts a base 64 encoded encrypted session ID back to its original form.
            *
            * @param $encryptedSessionId
            * @return string
            */
            public function decrypt($encryptedSessionId)
            // Get the Drupal hash salt as a key.
            $key = $this->_getSalt();
            // Get the iv.
            $iv = $this->_getIv();
            // Decode the encrypted session ID from base 64.
            $decoded = base64_decode($encryptedSessionId, TRUE);
            // Decrypt the string.
            $decryptedSessionId = openssl_decrypt($decoded, self::SESS_CIPHER, $key, $options=OPENSSL_RAW_DATA, $iv);
            // Trim the whitespace from the end.
            $session_id = rtrim($decryptedSessionId, '');
            // Return it.
            return $session_id;


            public function _getIv()
            $ivlen = openssl_cipher_iv_length(self::SESS_CIPHER);
            return substr(md5($this->_getSalt()), 0, $ivlen);


            public function _getSalt()
            return $this->drupal->drupalGetHashSalt();





            To clarify, above change is not a true conversion since the two encryption uses a different block size and a different encrypted data. Additionally, the default padding is different, MCRYPT_RIJNDAEL only supports non-standard null padding. @zaph




            Additional notes (from the @zaph's comments):




            • Rijndael 128 (MCRYPT_RIJNDAEL_128) is equivalent to AES, however Rijndael 256 (MCRYPT_RIJNDAEL_256) is not AES-256 as the 256 specifies a block size of 256-bits, whereas AES has only one block size: 128-bits. So basically Rijndael with a block size of 256-bits (MCRYPT_RIJNDAEL_256) has been mistakenly named due to the choices by the mcrypt developers. @zaph

            • Rijndael with a block size of 256 may be less secure than with a block size of 128-bits because the latter has had much more reviews and uses. Secondly, interoperability is hindered in that while AES is generally available, where Rijndael with a block size of 256-bits is not.


            • Encryption with different block sizes for Rijndael produces different encrypted data.



              For example, MCRYPT_RIJNDAEL_256 (not equivalent to AES-256) defines a different variant of the Rijndael block cipher with size of 256-bits and a key size based on the passed in key, where aes-256-cbc is Rijndael with a block size of 128-bits with a key size of 256-bits. Therefore they're using different block sizes which produces entirely different encrypted data as mcrypt uses the number to specify the block size, where OpenSSL used the number to specify the key size (AES only has one block size of 128-bits). So basically AES is Rijndael with a block size of 128-bits and key sizes of 128, 192 and 256 bits. Therefore it's better to use AES, which is called Rijndael 128 in OpenSSL.








            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Jan 6 '18 at 0:12

























            answered Jan 5 '18 at 19:59









            kenorbkenorb

            71.1k30414421




            71.1k30414421







            • 1





              In general using Rijndael with a block size of 256-bits is a mistake due to the choices by the mcrypt developers. Further Rijndael with a block size of 256 may be less secure that with a block size of 128-bits because the latter has had much more review and use. Additionally interoperability is hindered in that while AES is generally available Rijndael with a block size of 256-bits is not.

              – zaph
              Jan 5 '18 at 21:26













            • 1





              In general using Rijndael with a block size of 256-bits is a mistake due to the choices by the mcrypt developers. Further Rijndael with a block size of 256 may be less secure that with a block size of 128-bits because the latter has had much more review and use. Additionally interoperability is hindered in that while AES is generally available Rijndael with a block size of 256-bits is not.

              – zaph
              Jan 5 '18 at 21:26








            1




            1





            In general using Rijndael with a block size of 256-bits is a mistake due to the choices by the mcrypt developers. Further Rijndael with a block size of 256 may be less secure that with a block size of 128-bits because the latter has had much more review and use. Additionally interoperability is hindered in that while AES is generally available Rijndael with a block size of 256-bits is not.

            – zaph
            Jan 5 '18 at 21:26






            In general using Rijndael with a block size of 256-bits is a mistake due to the choices by the mcrypt developers. Further Rijndael with a block size of 256 may be less secure that with a block size of 128-bits because the latter has had much more review and use. Additionally interoperability is hindered in that while AES is generally available Rijndael with a block size of 256-bits is not.

            – zaph
            Jan 5 '18 at 21:26












            4














            You can use phpseclib pollyfill package. You can not use open ssl or libsodium for encrypt/decrypt with rijndael 256.
            Another issue, you don't need replacement any code.






            share|improve this answer


















            • 1





              This was super helpful thanks. Had to remove the php-mcrypt extension, and then this works like a charm.

              – DannyB
              Mar 24 at 15:08















            4














            You can use phpseclib pollyfill package. You can not use open ssl or libsodium for encrypt/decrypt with rijndael 256.
            Another issue, you don't need replacement any code.






            share|improve this answer


















            • 1





              This was super helpful thanks. Had to remove the php-mcrypt extension, and then this works like a charm.

              – DannyB
              Mar 24 at 15:08













            4












            4








            4







            You can use phpseclib pollyfill package. You can not use open ssl or libsodium for encrypt/decrypt with rijndael 256.
            Another issue, you don't need replacement any code.






            share|improve this answer













            You can use phpseclib pollyfill package. You can not use open ssl or libsodium for encrypt/decrypt with rijndael 256.
            Another issue, you don't need replacement any code.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Apr 6 '17 at 13:03









            Ahmet Erkan ÇELİKAhmet Erkan ÇELİK

            1,5101623




            1,5101623







            • 1





              This was super helpful thanks. Had to remove the php-mcrypt extension, and then this works like a charm.

              – DannyB
              Mar 24 at 15:08












            • 1





              This was super helpful thanks. Had to remove the php-mcrypt extension, and then this works like a charm.

              – DannyB
              Mar 24 at 15:08







            1




            1





            This was super helpful thanks. Had to remove the php-mcrypt extension, and then this works like a charm.

            – DannyB
            Mar 24 at 15:08





            This was super helpful thanks. Had to remove the php-mcrypt extension, and then this works like a charm.

            – DannyB
            Mar 24 at 15:08











            2














            Pure-PHP implementation of Rijndael exists with phpseclib available as composer package and works on PHP 7.3 (tested by me).



            There's a page on the phpseclib docs, which generates sample code after you input the basic variables (cipher, mode, key size, bit size). It outputs the following for Rijndael, ECB, 256, 256:



            a code with mycrypt



            $decoded = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, ENCRYPT_KEY, $term, MCRYPT_MODE_ECB);


            works like this with the library



            $rijndael = new phpseclibCryptRijndael(phpseclibCryptRijndael::MODE_ECB);
            $rijndael->setKey(ENCRYPT_KEY);
            $rijndael->setKeyLength(256);
            $rijndael->disablePadding();
            $rijndael->setBlockLength(256);

            $decoded = $rijndael->decrypt($term);


            * $term was base64_decoded






            share|improve this answer



























              2














              Pure-PHP implementation of Rijndael exists with phpseclib available as composer package and works on PHP 7.3 (tested by me).



              There's a page on the phpseclib docs, which generates sample code after you input the basic variables (cipher, mode, key size, bit size). It outputs the following for Rijndael, ECB, 256, 256:



              a code with mycrypt



              $decoded = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, ENCRYPT_KEY, $term, MCRYPT_MODE_ECB);


              works like this with the library



              $rijndael = new phpseclibCryptRijndael(phpseclibCryptRijndael::MODE_ECB);
              $rijndael->setKey(ENCRYPT_KEY);
              $rijndael->setKeyLength(256);
              $rijndael->disablePadding();
              $rijndael->setBlockLength(256);

              $decoded = $rijndael->decrypt($term);


              * $term was base64_decoded






              share|improve this answer

























                2












                2








                2







                Pure-PHP implementation of Rijndael exists with phpseclib available as composer package and works on PHP 7.3 (tested by me).



                There's a page on the phpseclib docs, which generates sample code after you input the basic variables (cipher, mode, key size, bit size). It outputs the following for Rijndael, ECB, 256, 256:



                a code with mycrypt



                $decoded = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, ENCRYPT_KEY, $term, MCRYPT_MODE_ECB);


                works like this with the library



                $rijndael = new phpseclibCryptRijndael(phpseclibCryptRijndael::MODE_ECB);
                $rijndael->setKey(ENCRYPT_KEY);
                $rijndael->setKeyLength(256);
                $rijndael->disablePadding();
                $rijndael->setBlockLength(256);

                $decoded = $rijndael->decrypt($term);


                * $term was base64_decoded






                share|improve this answer













                Pure-PHP implementation of Rijndael exists with phpseclib available as composer package and works on PHP 7.3 (tested by me).



                There's a page on the phpseclib docs, which generates sample code after you input the basic variables (cipher, mode, key size, bit size). It outputs the following for Rijndael, ECB, 256, 256:



                a code with mycrypt



                $decoded = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, ENCRYPT_KEY, $term, MCRYPT_MODE_ECB);


                works like this with the library



                $rijndael = new phpseclibCryptRijndael(phpseclibCryptRijndael::MODE_ECB);
                $rijndael->setKey(ENCRYPT_KEY);
                $rijndael->setKeyLength(256);
                $rijndael->disablePadding();
                $rijndael->setBlockLength(256);

                $decoded = $rijndael->decrypt($term);


                * $term was base64_decoded







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Dec 26 '18 at 21:23









                Pentium10Pentium10

                132k101360437




                132k101360437





















                    1














                    As pointed out, you should not be storing your users' passwords in a format that is decryptable. Reversable encryption provides an easy route for hackers to find out your users' passwords, which extends to putting your users' accounts at other sites at risk should they use the same password there.



                    PHP provides a pair of powerful functions for random-salted, one-way hash encryption — password_hash() and password_verify(). Because the hash is automatically random-salted, there is no way for hackers to utilize precompiled tables of password hashes to reverse-engineer the password. Set the PASSWORD_DEFAULT option and future versions of PHP will automatically use stronger algorithms to generate password hashes without you having to update your code.






                    share|improve this answer



























                      1














                      As pointed out, you should not be storing your users' passwords in a format that is decryptable. Reversable encryption provides an easy route for hackers to find out your users' passwords, which extends to putting your users' accounts at other sites at risk should they use the same password there.



                      PHP provides a pair of powerful functions for random-salted, one-way hash encryption — password_hash() and password_verify(). Because the hash is automatically random-salted, there is no way for hackers to utilize precompiled tables of password hashes to reverse-engineer the password. Set the PASSWORD_DEFAULT option and future versions of PHP will automatically use stronger algorithms to generate password hashes without you having to update your code.






                      share|improve this answer

























                        1












                        1








                        1







                        As pointed out, you should not be storing your users' passwords in a format that is decryptable. Reversable encryption provides an easy route for hackers to find out your users' passwords, which extends to putting your users' accounts at other sites at risk should they use the same password there.



                        PHP provides a pair of powerful functions for random-salted, one-way hash encryption — password_hash() and password_verify(). Because the hash is automatically random-salted, there is no way for hackers to utilize precompiled tables of password hashes to reverse-engineer the password. Set the PASSWORD_DEFAULT option and future versions of PHP will automatically use stronger algorithms to generate password hashes without you having to update your code.






                        share|improve this answer













                        As pointed out, you should not be storing your users' passwords in a format that is decryptable. Reversable encryption provides an easy route for hackers to find out your users' passwords, which extends to putting your users' accounts at other sites at risk should they use the same password there.



                        PHP provides a pair of powerful functions for random-salted, one-way hash encryption — password_hash() and password_verify(). Because the hash is automatically random-salted, there is no way for hackers to utilize precompiled tables of password hashes to reverse-engineer the password. Set the PASSWORD_DEFAULT option and future versions of PHP will automatically use stronger algorithms to generate password hashes without you having to update your code.







                        share|improve this answer












                        share|improve this answer



                        share|improve this answer










                        answered Mar 8 '17 at 15:37









                        Thoracius AppotiteThoracius Appotite

                        14216




                        14216





















                            1














                            You should use openssl_encrypt() function.






                            share|improve this answer

























                            • Are the openssl encrypt in php 7 have the "heartbleed" ?

                              – TheCrazyProfessor
                              Apr 10 '17 at 16:23







                            • 13





                              why should the OP use openssl_encrypt? Give some details and background

                              – Martin
                              Apr 10 '17 at 17:30















                            1














                            You should use openssl_encrypt() function.






                            share|improve this answer

























                            • Are the openssl encrypt in php 7 have the "heartbleed" ?

                              – TheCrazyProfessor
                              Apr 10 '17 at 16:23







                            • 13





                              why should the OP use openssl_encrypt? Give some details and background

                              – Martin
                              Apr 10 '17 at 17:30













                            1












                            1








                            1







                            You should use openssl_encrypt() function.






                            share|improve this answer















                            You should use openssl_encrypt() function.







                            share|improve this answer














                            share|improve this answer



                            share|improve this answer








                            edited Jan 3 '18 at 19:25









                            kenorb

                            71.1k30414421




                            71.1k30414421










                            answered Apr 6 '17 at 14:56









                            rqLizardrqLizard

                            1023




                            1023












                            • Are the openssl encrypt in php 7 have the "heartbleed" ?

                              – TheCrazyProfessor
                              Apr 10 '17 at 16:23







                            • 13





                              why should the OP use openssl_encrypt? Give some details and background

                              – Martin
                              Apr 10 '17 at 17:30

















                            • Are the openssl encrypt in php 7 have the "heartbleed" ?

                              – TheCrazyProfessor
                              Apr 10 '17 at 16:23







                            • 13





                              why should the OP use openssl_encrypt? Give some details and background

                              – Martin
                              Apr 10 '17 at 17:30
















                            Are the openssl encrypt in php 7 have the "heartbleed" ?

                            – TheCrazyProfessor
                            Apr 10 '17 at 16:23






                            Are the openssl encrypt in php 7 have the "heartbleed" ?

                            – TheCrazyProfessor
                            Apr 10 '17 at 16:23





                            13




                            13





                            why should the OP use openssl_encrypt? Give some details and background

                            – Martin
                            Apr 10 '17 at 17:30





                            why should the OP use openssl_encrypt? Give some details and background

                            – Martin
                            Apr 10 '17 at 17:30











                            1














                            You should use OpenSSL over mcrypt as it's actively developed and maintained. It provides better security, maintainability and portability. Secondly it performs AES encryption/decryption much faster. It uses PKCS7 padding by default, but you can specify OPENSSL_ZERO_PADDING if you need it. To use with a 32-byte binary key, you can specify aes-256-cbc which is much obvious than MCRYPT_RIJNDAEL_128.



                            Here is the code example using Mcrypt:




                            Unauthenticated AES-256-CBC encryption library written in Mcrypt with PKCS7 padding.




                            /**
                            * This library is unsafe because it does not MAC after encrypting
                            */
                            class UnsafeMcryptAES

                            const CIPHER = MCRYPT_RIJNDAEL_128;

                            public static function encrypt($message, $key)

                            if (mb_strlen($key, '8bit') !== 32)
                            throw new Exception("Needs a 256-bit key!");

                            $ivsize = mcrypt_get_iv_size(self::CIPHER);
                            $iv = mcrypt_create_iv($ivsize, MCRYPT_DEV_URANDOM);

                            // Add PKCS7 Padding
                            $block = mcrypt_get_block_size(self::CIPHER);
                            $pad = $block - (mb_strlen($message, '8bit') % $block, '8bit');
                            $message .= str_repeat(chr($pad), $pad);

                            $ciphertext = mcrypt_encrypt(
                            MCRYPT_RIJNDAEL_128,
                            $key,
                            $message,
                            MCRYPT_MODE_CBC,
                            $iv
                            );

                            return $iv . $ciphertext;


                            public static function decrypt($message, $key)
                            $pad > $block)
                            // Padding error!
                            return false;

                            return mb_substr($plaintext, 0, $len - $pad, '8bit');




                            And here is the version written using OpenSSL:



                            /**
                            * This library is unsafe because it does not MAC after encrypting
                            */
                            class UnsafeOpensslAES

                            const METHOD = 'aes-256-cbc';

                            public static function encrypt($message, $key)

                            if (mb_strlen($key, '8bit') !== 32)
                            throw new Exception("Needs a 256-bit key!");

                            $ivsize = openssl_cipher_iv_length(self::METHOD);
                            $iv = openssl_random_pseudo_bytes($ivsize);

                            $ciphertext = openssl_encrypt(
                            $message,
                            self::METHOD,
                            $key,
                            OPENSSL_RAW_DATA,
                            $iv
                            );

                            return $iv . $ciphertext;


                            public static function decrypt($message, $key)

                            if (mb_strlen($key, '8bit') !== 32)
                            throw new Exception("Needs a 256-bit key!");

                            $ivsize = openssl_cipher_iv_length(self::METHOD);
                            $iv = mb_substr($message, 0, $ivsize, '8bit');
                            $ciphertext = mb_substr($message, $ivsize, null, '8bit');

                            return openssl_decrypt(
                            $ciphertext,
                            self::METHOD,
                            $key,
                            OPENSSL_RAW_DATA,
                            $iv
                            );




                            Source: If You're Typing the Word MCRYPT Into Your PHP Code, You're Doing It Wrong.






                            share|improve this answer



























                              1














                              You should use OpenSSL over mcrypt as it's actively developed and maintained. It provides better security, maintainability and portability. Secondly it performs AES encryption/decryption much faster. It uses PKCS7 padding by default, but you can specify OPENSSL_ZERO_PADDING if you need it. To use with a 32-byte binary key, you can specify aes-256-cbc which is much obvious than MCRYPT_RIJNDAEL_128.



                              Here is the code example using Mcrypt:




                              Unauthenticated AES-256-CBC encryption library written in Mcrypt with PKCS7 padding.




                              /**
                              * This library is unsafe because it does not MAC after encrypting
                              */
                              class UnsafeMcryptAES

                              const CIPHER = MCRYPT_RIJNDAEL_128;

                              public static function encrypt($message, $key)

                              if (mb_strlen($key, '8bit') !== 32)
                              throw new Exception("Needs a 256-bit key!");

                              $ivsize = mcrypt_get_iv_size(self::CIPHER);
                              $iv = mcrypt_create_iv($ivsize, MCRYPT_DEV_URANDOM);

                              // Add PKCS7 Padding
                              $block = mcrypt_get_block_size(self::CIPHER);
                              $pad = $block - (mb_strlen($message, '8bit') % $block, '8bit');
                              $message .= str_repeat(chr($pad), $pad);

                              $ciphertext = mcrypt_encrypt(
                              MCRYPT_RIJNDAEL_128,
                              $key,
                              $message,
                              MCRYPT_MODE_CBC,
                              $iv
                              );

                              return $iv . $ciphertext;


                              public static function decrypt($message, $key)
                              $pad > $block)
                              // Padding error!
                              return false;

                              return mb_substr($plaintext, 0, $len - $pad, '8bit');




                              And here is the version written using OpenSSL:



                              /**
                              * This library is unsafe because it does not MAC after encrypting
                              */
                              class UnsafeOpensslAES

                              const METHOD = 'aes-256-cbc';

                              public static function encrypt($message, $key)

                              if (mb_strlen($key, '8bit') !== 32)
                              throw new Exception("Needs a 256-bit key!");

                              $ivsize = openssl_cipher_iv_length(self::METHOD);
                              $iv = openssl_random_pseudo_bytes($ivsize);

                              $ciphertext = openssl_encrypt(
                              $message,
                              self::METHOD,
                              $key,
                              OPENSSL_RAW_DATA,
                              $iv
                              );

                              return $iv . $ciphertext;


                              public static function decrypt($message, $key)

                              if (mb_strlen($key, '8bit') !== 32)
                              throw new Exception("Needs a 256-bit key!");

                              $ivsize = openssl_cipher_iv_length(self::METHOD);
                              $iv = mb_substr($message, 0, $ivsize, '8bit');
                              $ciphertext = mb_substr($message, $ivsize, null, '8bit');

                              return openssl_decrypt(
                              $ciphertext,
                              self::METHOD,
                              $key,
                              OPENSSL_RAW_DATA,
                              $iv
                              );




                              Source: If You're Typing the Word MCRYPT Into Your PHP Code, You're Doing It Wrong.






                              share|improve this answer

























                                1












                                1








                                1







                                You should use OpenSSL over mcrypt as it's actively developed and maintained. It provides better security, maintainability and portability. Secondly it performs AES encryption/decryption much faster. It uses PKCS7 padding by default, but you can specify OPENSSL_ZERO_PADDING if you need it. To use with a 32-byte binary key, you can specify aes-256-cbc which is much obvious than MCRYPT_RIJNDAEL_128.



                                Here is the code example using Mcrypt:




                                Unauthenticated AES-256-CBC encryption library written in Mcrypt with PKCS7 padding.




                                /**
                                * This library is unsafe because it does not MAC after encrypting
                                */
                                class UnsafeMcryptAES

                                const CIPHER = MCRYPT_RIJNDAEL_128;

                                public static function encrypt($message, $key)

                                if (mb_strlen($key, '8bit') !== 32)
                                throw new Exception("Needs a 256-bit key!");

                                $ivsize = mcrypt_get_iv_size(self::CIPHER);
                                $iv = mcrypt_create_iv($ivsize, MCRYPT_DEV_URANDOM);

                                // Add PKCS7 Padding
                                $block = mcrypt_get_block_size(self::CIPHER);
                                $pad = $block - (mb_strlen($message, '8bit') % $block, '8bit');
                                $message .= str_repeat(chr($pad), $pad);

                                $ciphertext = mcrypt_encrypt(
                                MCRYPT_RIJNDAEL_128,
                                $key,
                                $message,
                                MCRYPT_MODE_CBC,
                                $iv
                                );

                                return $iv . $ciphertext;


                                public static function decrypt($message, $key)
                                $pad > $block)
                                // Padding error!
                                return false;

                                return mb_substr($plaintext, 0, $len - $pad, '8bit');




                                And here is the version written using OpenSSL:



                                /**
                                * This library is unsafe because it does not MAC after encrypting
                                */
                                class UnsafeOpensslAES

                                const METHOD = 'aes-256-cbc';

                                public static function encrypt($message, $key)

                                if (mb_strlen($key, '8bit') !== 32)
                                throw new Exception("Needs a 256-bit key!");

                                $ivsize = openssl_cipher_iv_length(self::METHOD);
                                $iv = openssl_random_pseudo_bytes($ivsize);

                                $ciphertext = openssl_encrypt(
                                $message,
                                self::METHOD,
                                $key,
                                OPENSSL_RAW_DATA,
                                $iv
                                );

                                return $iv . $ciphertext;


                                public static function decrypt($message, $key)

                                if (mb_strlen($key, '8bit') !== 32)
                                throw new Exception("Needs a 256-bit key!");

                                $ivsize = openssl_cipher_iv_length(self::METHOD);
                                $iv = mb_substr($message, 0, $ivsize, '8bit');
                                $ciphertext = mb_substr($message, $ivsize, null, '8bit');

                                return openssl_decrypt(
                                $ciphertext,
                                self::METHOD,
                                $key,
                                OPENSSL_RAW_DATA,
                                $iv
                                );




                                Source: If You're Typing the Word MCRYPT Into Your PHP Code, You're Doing It Wrong.






                                share|improve this answer













                                You should use OpenSSL over mcrypt as it's actively developed and maintained. It provides better security, maintainability and portability. Secondly it performs AES encryption/decryption much faster. It uses PKCS7 padding by default, but you can specify OPENSSL_ZERO_PADDING if you need it. To use with a 32-byte binary key, you can specify aes-256-cbc which is much obvious than MCRYPT_RIJNDAEL_128.



                                Here is the code example using Mcrypt:




                                Unauthenticated AES-256-CBC encryption library written in Mcrypt with PKCS7 padding.




                                /**
                                * This library is unsafe because it does not MAC after encrypting
                                */
                                class UnsafeMcryptAES

                                const CIPHER = MCRYPT_RIJNDAEL_128;

                                public static function encrypt($message, $key)

                                if (mb_strlen($key, '8bit') !== 32)
                                throw new Exception("Needs a 256-bit key!");

                                $ivsize = mcrypt_get_iv_size(self::CIPHER);
                                $iv = mcrypt_create_iv($ivsize, MCRYPT_DEV_URANDOM);

                                // Add PKCS7 Padding
                                $block = mcrypt_get_block_size(self::CIPHER);
                                $pad = $block - (mb_strlen($message, '8bit') % $block, '8bit');
                                $message .= str_repeat(chr($pad), $pad);

                                $ciphertext = mcrypt_encrypt(
                                MCRYPT_RIJNDAEL_128,
                                $key,
                                $message,
                                MCRYPT_MODE_CBC,
                                $iv
                                );

                                return $iv . $ciphertext;


                                public static function decrypt($message, $key)
                                $pad > $block)
                                // Padding error!
                                return false;

                                return mb_substr($plaintext, 0, $len - $pad, '8bit');




                                And here is the version written using OpenSSL:



                                /**
                                * This library is unsafe because it does not MAC after encrypting
                                */
                                class UnsafeOpensslAES

                                const METHOD = 'aes-256-cbc';

                                public static function encrypt($message, $key)

                                if (mb_strlen($key, '8bit') !== 32)
                                throw new Exception("Needs a 256-bit key!");

                                $ivsize = openssl_cipher_iv_length(self::METHOD);
                                $iv = openssl_random_pseudo_bytes($ivsize);

                                $ciphertext = openssl_encrypt(
                                $message,
                                self::METHOD,
                                $key,
                                OPENSSL_RAW_DATA,
                                $iv
                                );

                                return $iv . $ciphertext;


                                public static function decrypt($message, $key)

                                if (mb_strlen($key, '8bit') !== 32)
                                throw new Exception("Needs a 256-bit key!");

                                $ivsize = openssl_cipher_iv_length(self::METHOD);
                                $iv = mb_substr($message, 0, $ivsize, '8bit');
                                $ciphertext = mb_substr($message, $ivsize, null, '8bit');

                                return openssl_decrypt(
                                $ciphertext,
                                self::METHOD,
                                $key,
                                OPENSSL_RAW_DATA,
                                $iv
                                );




                                Source: If You're Typing the Word MCRYPT Into Your PHP Code, You're Doing It Wrong.







                                share|improve this answer












                                share|improve this answer



                                share|improve this answer










                                answered Jan 5 '18 at 21:33









                                kenorbkenorb

                                71.1k30414421




                                71.1k30414421





















                                    0














                                    I was able to translate my Crypto object



                                    • Get a copy of php with mcrypt to decrypt the old data. I went to http://php.net/get/php-7.1.12.tar.gz/from/a/mirror, compiled it, then added the ext/mcrypt extension (configure;make;make install). I think I had to add the extenstion=mcrypt.so line to the php.ini as well. A series of scripts to build intermediate versions of the data with all data unencrypted.



                                    • Build a public and private key for openssl



                                      openssl genrsa -des3 -out pkey.pem 2048
                                      (set a password)
                                      openssl rsa -in pkey.pem -out pkey-pub.pem -outform PEM -pubout



                                    • To Encrypt (using public key) use openssl_seal. From what I've read, openssl_encrypt using an RSA key is limited to 11 bytes less than the key length (See http://php.net/manual/en/function.openssl-public-encrypt.php comment by Thomas Horsten)



                                      $pubKey = openssl_get_publickey(file_get_contents('./pkey-pub.pem'));
                                      openssl_seal($pwd, $sealed, $ekeys, [ $pubKey ]);
                                      $encryptedPassword = base64_encode($sealed);
                                      $key = base64_encode($ekeys[0]);


                                    You could probably store the raw binary.




                                    • To Decrypt (using private key)



                                      $passphrase="passphrase here";
                                      $privKey = openssl_get_privatekey(file_get_contents('./pkey.pem'), $passphrase);
                                      // I base64_decode() from my db columns
                                      openssl_open($encryptedPassword, $plain, $key, $privKey);
                                      echo "<h3>Password=$plain</h3>";


                                    P.S. You can't encrypt the empty string ("")



                                    P.P.S. This is for a password database not for user validation.






                                    share|improve this answer





























                                      0














                                      I was able to translate my Crypto object



                                      • Get a copy of php with mcrypt to decrypt the old data. I went to http://php.net/get/php-7.1.12.tar.gz/from/a/mirror, compiled it, then added the ext/mcrypt extension (configure;make;make install). I think I had to add the extenstion=mcrypt.so line to the php.ini as well. A series of scripts to build intermediate versions of the data with all data unencrypted.



                                      • Build a public and private key for openssl



                                        openssl genrsa -des3 -out pkey.pem 2048
                                        (set a password)
                                        openssl rsa -in pkey.pem -out pkey-pub.pem -outform PEM -pubout



                                      • To Encrypt (using public key) use openssl_seal. From what I've read, openssl_encrypt using an RSA key is limited to 11 bytes less than the key length (See http://php.net/manual/en/function.openssl-public-encrypt.php comment by Thomas Horsten)



                                        $pubKey = openssl_get_publickey(file_get_contents('./pkey-pub.pem'));
                                        openssl_seal($pwd, $sealed, $ekeys, [ $pubKey ]);
                                        $encryptedPassword = base64_encode($sealed);
                                        $key = base64_encode($ekeys[0]);


                                      You could probably store the raw binary.




                                      • To Decrypt (using private key)



                                        $passphrase="passphrase here";
                                        $privKey = openssl_get_privatekey(file_get_contents('./pkey.pem'), $passphrase);
                                        // I base64_decode() from my db columns
                                        openssl_open($encryptedPassword, $plain, $key, $privKey);
                                        echo "<h3>Password=$plain</h3>";


                                      P.S. You can't encrypt the empty string ("")



                                      P.P.S. This is for a password database not for user validation.






                                      share|improve this answer



























                                        0












                                        0








                                        0







                                        I was able to translate my Crypto object



                                        • Get a copy of php with mcrypt to decrypt the old data. I went to http://php.net/get/php-7.1.12.tar.gz/from/a/mirror, compiled it, then added the ext/mcrypt extension (configure;make;make install). I think I had to add the extenstion=mcrypt.so line to the php.ini as well. A series of scripts to build intermediate versions of the data with all data unencrypted.



                                        • Build a public and private key for openssl



                                          openssl genrsa -des3 -out pkey.pem 2048
                                          (set a password)
                                          openssl rsa -in pkey.pem -out pkey-pub.pem -outform PEM -pubout



                                        • To Encrypt (using public key) use openssl_seal. From what I've read, openssl_encrypt using an RSA key is limited to 11 bytes less than the key length (See http://php.net/manual/en/function.openssl-public-encrypt.php comment by Thomas Horsten)



                                          $pubKey = openssl_get_publickey(file_get_contents('./pkey-pub.pem'));
                                          openssl_seal($pwd, $sealed, $ekeys, [ $pubKey ]);
                                          $encryptedPassword = base64_encode($sealed);
                                          $key = base64_encode($ekeys[0]);


                                        You could probably store the raw binary.




                                        • To Decrypt (using private key)



                                          $passphrase="passphrase here";
                                          $privKey = openssl_get_privatekey(file_get_contents('./pkey.pem'), $passphrase);
                                          // I base64_decode() from my db columns
                                          openssl_open($encryptedPassword, $plain, $key, $privKey);
                                          echo "<h3>Password=$plain</h3>";


                                        P.S. You can't encrypt the empty string ("")



                                        P.P.S. This is for a password database not for user validation.






                                        share|improve this answer















                                        I was able to translate my Crypto object



                                        • Get a copy of php with mcrypt to decrypt the old data. I went to http://php.net/get/php-7.1.12.tar.gz/from/a/mirror, compiled it, then added the ext/mcrypt extension (configure;make;make install). I think I had to add the extenstion=mcrypt.so line to the php.ini as well. A series of scripts to build intermediate versions of the data with all data unencrypted.



                                        • Build a public and private key for openssl



                                          openssl genrsa -des3 -out pkey.pem 2048
                                          (set a password)
                                          openssl rsa -in pkey.pem -out pkey-pub.pem -outform PEM -pubout



                                        • To Encrypt (using public key) use openssl_seal. From what I've read, openssl_encrypt using an RSA key is limited to 11 bytes less than the key length (See http://php.net/manual/en/function.openssl-public-encrypt.php comment by Thomas Horsten)



                                          $pubKey = openssl_get_publickey(file_get_contents('./pkey-pub.pem'));
                                          openssl_seal($pwd, $sealed, $ekeys, [ $pubKey ]);
                                          $encryptedPassword = base64_encode($sealed);
                                          $key = base64_encode($ekeys[0]);


                                        You could probably store the raw binary.




                                        • To Decrypt (using private key)



                                          $passphrase="passphrase here";
                                          $privKey = openssl_get_privatekey(file_get_contents('./pkey.pem'), $passphrase);
                                          // I base64_decode() from my db columns
                                          openssl_open($encryptedPassword, $plain, $key, $privKey);
                                          echo "<h3>Password=$plain</h3>";


                                        P.S. You can't encrypt the empty string ("")



                                        P.P.S. This is for a password database not for user validation.







                                        share|improve this answer














                                        share|improve this answer



                                        share|improve this answer








                                        edited Dec 28 '17 at 4:00

























                                        answered Dec 5 '17 at 5:39









                                        Joshua GoldsteinJoshua Goldstein

                                        364




                                        364





















                                            0














                                            As detailed by other answers here, the best solution I found is using OpenSSL. It is built into PHP and you don't need any external library. Here are simple examples:



                                            To encrypt:



                                            function encrypt($key, $payload) 
                                            $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
                                            $encrypted = openssl_encrypt($payload, 'aes-256-cbc', $key, 0, $iv);
                                            return base64_encode($encrypted . '::' . $iv);



                                            To decrypt:



                                            function decrypt($key, $garble) 
                                            list($encrypted_data, $iv) = explode('::', base64_decode($garble), 2);
                                            return openssl_decrypt($encrypted_data, 'aes-256-cbc', $key, 0, $iv);



                                            Reference link: https://www.shift8web.ca/2017/04/how-to-encrypt-and-execute-your-php-code-with-mcrypt/






                                            share|improve this answer



























                                              0














                                              As detailed by other answers here, the best solution I found is using OpenSSL. It is built into PHP and you don't need any external library. Here are simple examples:



                                              To encrypt:



                                              function encrypt($key, $payload) 
                                              $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
                                              $encrypted = openssl_encrypt($payload, 'aes-256-cbc', $key, 0, $iv);
                                              return base64_encode($encrypted . '::' . $iv);



                                              To decrypt:



                                              function decrypt($key, $garble) 
                                              list($encrypted_data, $iv) = explode('::', base64_decode($garble), 2);
                                              return openssl_decrypt($encrypted_data, 'aes-256-cbc', $key, 0, $iv);



                                              Reference link: https://www.shift8web.ca/2017/04/how-to-encrypt-and-execute-your-php-code-with-mcrypt/






                                              share|improve this answer

























                                                0












                                                0








                                                0







                                                As detailed by other answers here, the best solution I found is using OpenSSL. It is built into PHP and you don't need any external library. Here are simple examples:



                                                To encrypt:



                                                function encrypt($key, $payload) 
                                                $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
                                                $encrypted = openssl_encrypt($payload, 'aes-256-cbc', $key, 0, $iv);
                                                return base64_encode($encrypted . '::' . $iv);



                                                To decrypt:



                                                function decrypt($key, $garble) 
                                                list($encrypted_data, $iv) = explode('::', base64_decode($garble), 2);
                                                return openssl_decrypt($encrypted_data, 'aes-256-cbc', $key, 0, $iv);



                                                Reference link: https://www.shift8web.ca/2017/04/how-to-encrypt-and-execute-your-php-code-with-mcrypt/






                                                share|improve this answer













                                                As detailed by other answers here, the best solution I found is using OpenSSL. It is built into PHP and you don't need any external library. Here are simple examples:



                                                To encrypt:



                                                function encrypt($key, $payload) 
                                                $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
                                                $encrypted = openssl_encrypt($payload, 'aes-256-cbc', $key, 0, $iv);
                                                return base64_encode($encrypted . '::' . $iv);



                                                To decrypt:



                                                function decrypt($key, $garble) 
                                                list($encrypted_data, $iv) = explode('::', base64_decode($garble), 2);
                                                return openssl_decrypt($encrypted_data, 'aes-256-cbc', $key, 0, $iv);



                                                Reference link: https://www.shift8web.ca/2017/04/how-to-encrypt-and-execute-your-php-code-with-mcrypt/







                                                share|improve this answer












                                                share|improve this answer



                                                share|improve this answer










                                                answered yesterday









                                                Ariston CordeiroAriston Cordeiro

                                                315




                                                315





















                                                    -4














                                                    Just use @ before each mcrypt for example:



                                                    @mcrypt_module_open,
                                                    @mcrypt_get_block_size,
                                                    @mcrypt_generic_init
                                                    @mcrypt_generic
                                                    @mcrypt_generic_deinit


                                                    It will remove function mcrypt_module_open depriciated error and will work.






                                                    share|improve this answer

























                                                    • Does not work in 7.2.x or newer, mcrypt was removed.

                                                      – Stone Cold
                                                      Nov 3 '18 at 19:37











                                                    • This will only hide the error/notice and not going to work with php7.2.x versions. It is removed.

                                                      – Ravi
                                                      Dec 19 '18 at 10:09















                                                    -4














                                                    Just use @ before each mcrypt for example:



                                                    @mcrypt_module_open,
                                                    @mcrypt_get_block_size,
                                                    @mcrypt_generic_init
                                                    @mcrypt_generic
                                                    @mcrypt_generic_deinit


                                                    It will remove function mcrypt_module_open depriciated error and will work.






                                                    share|improve this answer

























                                                    • Does not work in 7.2.x or newer, mcrypt was removed.

                                                      – Stone Cold
                                                      Nov 3 '18 at 19:37











                                                    • This will only hide the error/notice and not going to work with php7.2.x versions. It is removed.

                                                      – Ravi
                                                      Dec 19 '18 at 10:09













                                                    -4












                                                    -4








                                                    -4







                                                    Just use @ before each mcrypt for example:



                                                    @mcrypt_module_open,
                                                    @mcrypt_get_block_size,
                                                    @mcrypt_generic_init
                                                    @mcrypt_generic
                                                    @mcrypt_generic_deinit


                                                    It will remove function mcrypt_module_open depriciated error and will work.






                                                    share|improve this answer















                                                    Just use @ before each mcrypt for example:



                                                    @mcrypt_module_open,
                                                    @mcrypt_get_block_size,
                                                    @mcrypt_generic_init
                                                    @mcrypt_generic
                                                    @mcrypt_generic_deinit


                                                    It will remove function mcrypt_module_open depriciated error and will work.







                                                    share|improve this answer














                                                    share|improve this answer



                                                    share|improve this answer








                                                    edited Sep 12 '18 at 5:32









                                                    Sinto

                                                    3,25892541




                                                    3,25892541










                                                    answered Sep 12 '18 at 5:11









                                                    rocky sharmarocky sharma

                                                    11




                                                    11












                                                    • Does not work in 7.2.x or newer, mcrypt was removed.

                                                      – Stone Cold
                                                      Nov 3 '18 at 19:37











                                                    • This will only hide the error/notice and not going to work with php7.2.x versions. It is removed.

                                                      – Ravi
                                                      Dec 19 '18 at 10:09

















                                                    • Does not work in 7.2.x or newer, mcrypt was removed.

                                                      – Stone Cold
                                                      Nov 3 '18 at 19:37











                                                    • This will only hide the error/notice and not going to work with php7.2.x versions. It is removed.

                                                      – Ravi
                                                      Dec 19 '18 at 10:09
















                                                    Does not work in 7.2.x or newer, mcrypt was removed.

                                                    – Stone Cold
                                                    Nov 3 '18 at 19:37





                                                    Does not work in 7.2.x or newer, mcrypt was removed.

                                                    – Stone Cold
                                                    Nov 3 '18 at 19:37













                                                    This will only hide the error/notice and not going to work with php7.2.x versions. It is removed.

                                                    – Ravi
                                                    Dec 19 '18 at 10:09





                                                    This will only hide the error/notice and not going to work with php7.2.x versions. It is removed.

                                                    – Ravi
                                                    Dec 19 '18 at 10:09

















                                                    draft saved

                                                    draft discarded
















































                                                    Thanks for contributing an answer to Stack Overflow!


                                                    • Please be sure to answer the question. Provide details and share your research!

                                                    But avoid


                                                    • Asking for help, clarification, or responding to other answers.

                                                    • Making statements based on opinion; back them up with references or personal experience.

                                                    To learn more, see our tips on writing great answers.




                                                    draft saved


                                                    draft discarded














                                                    StackExchange.ready(
                                                    function ()
                                                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f41272257%2fmcrypt-is-deprecated-what-is-the-alternative%23new-answer', 'question_page');

                                                    );

                                                    Post as a guest















                                                    Required, but never shown





















































                                                    Required, but never shown














                                                    Required, but never shown












                                                    Required, but never shown







                                                    Required, but never shown

































                                                    Required, but never shown














                                                    Required, but never shown












                                                    Required, but never shown







                                                    Required, but never shown







                                                    Popular posts from this blog

                                                    Top Tejano songwriter Luis Silva dead of heart attack at 64

                                                    政党

                                                    天津地下鉄3号線