ezimuel/decrypt.php

## decrypt.php
<?php
/**
 * Decrypt a file generated with the command line:
 * openssl enc -aes-256-cbc -in file-to-encrypt -out encrypted-file -k password
 *
 * To decrypt:
 * php decrypt.php encrypted-file password decrypted-file
 *
 * NOTE: this script has been tested with OpenSSL v.1.1, for old version
 * please check if you need to use MD5 instead of SHA256 in EVP_BytesToKey()
 *
 * @author Enrico Zimuel (enrico@zimuel.it)
 */
if (count($argv) < 4) {
    printf("Usage: %s <file_to_decrypt> <key> <decrypted_file>\n", basename(__FILE__));
    exit(1);
}

$file = $argv[1];
if (!file_exists($file)) {
    throw new \Exception(sprintf("The file %s does not exist!", $file));
}
$secretKey = $argv[2];
$output = $argv[3];

$data = file_get_contents($file);
$salt = mb_substr($data, 8, 8, '8bit'); // Get the salt, skipping "Salted__" fixed header string

$genKeyData = EVP_BytesToKey($salt, $secretKey);

$key = mb_substr($genKeyData, 0, 32, '8bit');
$iv = mb_substr($genKeyData, 32, 16, '8bit');
$ciphertext = mb_substr($data, 16, null, '8bit');

$result = openssl_decrypt($ciphertext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
if (empty($result)) {
    printf("ERROR: %s\n",  openssl_error_string());
    exit(1);
}
file_put_contents($output, $result);
printf("Decryption ok! The output has been stored in %s\n", $output);

function EVP_BytesToKey($salt, $password) {
    $bytes = "";
    $last = "";

    // 32 bytes key + 16 bytes IV = 48 bytes.
    while(strlen($bytes) < 48) {
        $last = hash('sha256', $last . $password . $salt, true);
        $bytes.= $last;
    }
    return $bytes;
}
	<?php
	/**
	* Decrypt a file generated with the command line:
	* openssl enc -aes-256-cbc -in file-to-encrypt -out encrypted-file -k password
	*
	* To decrypt:
	* php decrypt.php encrypted-file password decrypted-file
	*
	* NOTE: this script has been tested with OpenSSL v.1.1, for old version
	* please check if you need to use MD5 instead of SHA256 in EVP_BytesToKey()
	*
	* @author Enrico Zimuel (enrico@zimuel.it)
	*/
	if (count($argv) < 4) {
	printf("Usage: %s <file_to_decrypt> <key> <decrypted_file>\n", basename(__FILE__));
	exit(1);
	}

	$file = $argv[1];
	if (!file_exists($file)) {
	throw new \Exception(sprintf("The file %s does not exist!", $file));
	}
	$secretKey = $argv[2];
	$output = $argv[3];

	$data = file_get_contents($file);
	$salt = mb_substr($data, 8, 8, '8bit'); // Get the salt, skipping "Salted__" fixed header string

	$genKeyData = EVP_BytesToKey($salt, $secretKey);

	$key = mb_substr($genKeyData, 0, 32, '8bit');
	$iv = mb_substr($genKeyData, 32, 16, '8bit');
	$ciphertext = mb_substr($data, 16, null, '8bit');

	$result = openssl_decrypt($ciphertext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
	if (empty($result)) {
	printf("ERROR: %s\n", openssl_error_string());
	exit(1);
	}
	file_put_contents($output, $result);
	printf("Decryption ok! The output has been stored in %s\n", $output);

	function EVP_BytesToKey($salt, $password) {
	$bytes = "";
	$last = "";

	// 32 bytes key + 16 bytes IV = 48 bytes.
	while(strlen($bytes) < 48) {
	$last = hash('sha256', $last . $password . $salt, true);
	$bytes.= $last;
	}
	return $bytes;
	}