Reputation: 6500
Equivalent Encryption for MCRYPT - To preserve client side code
I'm using the following code to perform encryption using mcrypt
<?PHP
define('SECURE_KEY','Somekey');
function encrypt($value){
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
return mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SECURE_KEY, $value, MCRYPT_MODE_ECB, $iv);
}
function decrypt($value){
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, SECURE_KEY, $value, MCRYPT_MODE_ECB, $iv));
}
$temp=encrypt("teststring");
printf($temp);
?>
The newer versions of php depreciates mcrypt,im looking for a replacement for the same that works with the same key and produces the same result,so that i dont need to change client side code.
Upvotes: 4
Views: 840
Answers (1)
Reputation: 34093
I'm the author of the RFC to deprecate then remove mcrypt from PHP.
What you should absolutely do is migrate your data to use the new Sodium extension instead. Learn how to get started with libsodium in PHP. The code examples are safe to use.
<?php
/**
* Wrap crypto_aead_*_encrypt() in a drop-dead-simple encryption interface
*
* @link https://paragonie.com/b/kIqqEWlp3VUOpRD7
* @param string $message
* @param string $key
* @return string
*/
function simpleEncrypt($message, $key)
{
$nonce = random_bytes(24); // NONCE = Number to be used ONCE, for each message
$encrypted = sodium_crypto_aead_xchacha20poly1305_ietf_encrypt(
$message,
$nonce,
$nonce,
$key
);
return $nonce . $encrypted;
}
/**
* Wrap crypto_aead_*_decrypt() in a drop-dead-simple decryption interface
*
* @link https://paragonie.com/b/kIqqEWlp3VUOpRD7
* @param string $message - Encrypted message
* @param string $key - Encryption key
* @return string
* @throws Exception
*/
function simpleDecrypt($message, $key)
{
$nonce = mb_substr($message, 0, 24, '8bit');
$ciphertext = mb_substr($message, 24, null, '8bit');
$plaintext = sodium_crypto_aead_xchacha20poly1305_ietf_decrypt(
$ciphertext,
$nonce,
$nonce,
$key
);
if (!is_string($plaintext)) {
throw new Exception('Invalid message');
}
return $plaintext;
}
$secretKey = random_bytes(32);
$message = 'Test message';
/* Encrypt the message: */
$ciphertext = simpleEncrypt($message, $secretKey);
/* Decrypt the message: */
try {
$decrypted = simpleDecrypt($ciphertext, $secretKey);
var_dump(hash_equals($decrypted, $message));
/* bool(true) */
} catch (Exception $ex) {
/* Someone is up to no good */
exit(255);
}
If you need a "transition" step between PHP 7.1 and older, and PHP 7.2 and newer, mcrypt_compat is a polyfill library created by the phpseclib developers to facilitate migrations between mcrypt and non-abandonware libraries (OpenSSL, Sodium).
Only use it for migrations. Don't rely on it to "just work" and be secure.
Upvotes: 5
Related Questions
- How to encrypt string without mcrypt library in php
- Alternative to mcrypt_encrypt?
- How to decrypt in PHP without mcrypt
- PHP: Encrypt and Decrypt with MCRYPT
- Encrypt/Decrypt using mcrypt
- Javascript implementation of AES compatible with PHP's mcrypt
- Two sided encryption php
- proper PHP mcrypt encryption methods?
- Alternatives to Mcrypt for encryption / decryption in PHP?
- Encryption using Crypto-js in Javascript, Decrypt in PHP with mcrypt?