Reputation: 3
Sagepay/Opayo PHP 7.4 integration without mcrypt
I use a PHP class to generate the crypt field for SagePay/Opayo but it uses mcrypt. My hosting company has now upgraded my webserver to PHP7.4 and mcrypt is no longer supported.
Ideally I'd like to just replace the following two functions with functions that don't use mcrypt (but do the same thing):
protected function encryptAndEncode($strIn) {
$strIn = $this->pkcs5_pad($strIn, 16);
return "@".bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->encryptPassword, $strIn, MCRYPT_MODE_CBC, $this->encryptPassword));
}
protected function decodeAndDecrypt($strIn) {
$strIn = substr($strIn, 1);
$strIn = pack('H*', $strIn);
return mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->encryptPassword, $strIn, MCRYPT_MODE_CBC, $this->encryptPassword);
}
*the encryptPassword is my SagePay/Opayo encryption password.
SagePay used to provide example code but they don't do that anymore. They say the crypt string must be encrypted using AES (block size 128-bit) in CBC mode with PKCS#5 padding. Use the provided encryption password as both the key and initialisation vector and encode the result in hex (making sure the letters are in upper case).
Prepend the ‘@’ sign to the beginning of the encoded result. To decrypt, ensure you remove the ‘@’ sign before using the same procedure in decryption mode.
I did find two similar posts on the forum (Sagepay integration without mcrypt and Sage Pay / Opayo Form integration - replacing mcrypt with openssl), both used openssl but the answer was specific to the code provided by the poster and I couldn't figure out how to modify it to suit my two functions.
If I try the existing code I get this error:
Fatal error: Uncaught Error: Call to undefined function mcrypt_encrypt()
I hope someone can help.
Thanks,
Upvotes: 0
Views: 220
Answers (1)
Reputation: 115
I've been using the following for my Sagepay form
protected function encryptAndEncode($strIn) {
$strIn = $this->pkcs5_pad($strIn, 16);
return $this->encryptAes($strIn, $this->encryptPassword);
}
protected function decodeAndDecrypt($strIn) {
$strIn = substr($strIn, 1);
return $this->decryptAes($strIn, $this->encryptPassword);
}
function encryptAes($string, $key) {
$cipher = 'AES-128-CBC';
$crypt = openssl_encrypt($string, $cipher, $key, OPENSSL_RAW_DATA, $key);
return "@" . strtoupper(bin2hex($crypt));
}
function decryptAes($string, $key) {
$cipher = 'AES-128-CBC';
$strIn = hex2bin(substr($string, 1));
return openssl_decrypt($strIn, $cipher, $key, OPENSSL_RAW_DATA, $key);
}
This can replace the following mcrypt functions
protected function encryptAndEncode($strIn) {
$strIn = $this->pkcs5_pad($strIn, 16);
return "@".bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->encryptPassword, $strIn, MCRYPT_MODE_CBC, $this->encryptPassword));
}
protected function decodeAndDecrypt($strIn) {
$strIn = substr($strIn, 1);
$strIn = pack('H*', $strIn);
return mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->encryptPassword, $strIn, MCRYPT_MODE_CBC, $this->encryptPassword);
}
Upvotes: 0
Related Questions
- Check if all characters are 'X'
- ways to check for invalid characters? oracle sql
- How to know if an attribute contains non letters characters in Oracle
- Oracle SQL Query to find the existence of characters in string
- Oracle query to find if a column in Table has any special character anywhere in its values
- find invalid characters in string
- Match characters in oracle sql where condition
- Check if string contains certain characters
- How do we check whether a column has any letters or not
- Oracle SQL query to see if characters are in a column